Notes

Setting up a sudo User with SSH key access an Azure Virtual Machine (Ubuntu)

Edit on GitHub

DevOps
2 minutes
  • You can create a new user from the Support + troubleshooting > Reset password screen. By default, it’ll update the password for the given account. But if the given account does not exist, it’ll create one, add it to sudoers list (make sure it can run sudo commands) and then set the password for it too.
  • The ~/.ssh folder doesn’t exist when you create a new user. So you have to create it, and the authorized_keys file to add accepted keys that can connect to the server and set the right permissions for both
  • Setting permissions is important because SSH will not connect if the permissions are too open
  • authorized_keys is where you add the contents of the .pub file of your key pair.

Set the server up to accept SSH key for the user

Login to the Azure Virtual Machine with your password and create the required files and folders

 1# create the ~/.ssh folder and set perms
 2mkdir ~/.ssh
 3chmod 700 ~/.ssh
 4
 5# create the authorized_keys file and set perms
 6touch ~/.ssh/authorized_keys
 7chmod 600 ~/.ssh/authorized_keys
 8
 9# reload the SSH service for the changes to take effect
10sudo service ssh reload

Create an SSH key pair

On your local computer, generate an SSH key that you’ll use to connect to the remote Azure virtual machine

1cd
2ssh-keygen -t ed25519 -C "your_email@example.com"

Copy the key to the server

Copy the key you just created to the Azure Virtual Machine

1# MacOS may not include ssh-copy-id with OpenSSH
2# brew install ssh-copy-id
3
4ssh-copy-id -i ~/.ssh/id_ed2551 user@host
  • it’ll ask you for the password when you add the key. afterwards, once the key has been copied, it’ll just use the key to login
  • ssh-copy-id is part of OpenSSH, and i prefer this over manually copy/pasting the key using pbcopy, xclip or cat
  • if you don’t provide the -i to ssh-copy-id it adds all keys to the remote server
  • you don’t have to specify the .pub extension for the key, it only copies the public part by default

You can now do ssh user@host and it shall log you in without asking for the password