Murakami
Reputation: 3760
Cannot connect via SSH to Azure Virtual Machine
I've created Azure VM using Terraform:
resource "azurerm_network_security_group" "aks-nfs-sg" {
name = "aks-nfs-sg"
location = data.azurerm_resource_group.resources.location
resource_group_name = data.azurerm_resource_group.resources.name
security_rule {
name = "Allow SSH"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "22"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
}
tags = {
environment = "Production"
}
}
resource "azurerm_network_interface_security_group_association" "aks-nfs" {
network_interface_id = azurerm_network_interface.aks-nfs-nic.id
network_security_group_id = azurerm_network_security_group.aks-nfs-sg.id
}
resource "azurerm_public_ip" "aks-nfs-public-ip" {
name = "aks-nfs-public-ip"
location = data.azurerm_resource_group.resources.location
resource_group_name = data.azurerm_resource_group.resources.name
allocation_method = "Static"
tags = {
environment = "Production"
}
}
resource "azurerm_network_interface" "aks-nfs-nic" {
name = "aks-nfs-nic"
location = data.azurerm_resource_group.resources.location
resource_group_name = data.azurerm_resource_group.resources.name
ip_configuration {
name = "aks-nfs-ip"
subnet_id = azurerm_subnet.aks-default.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.aks-nfs-public-ip.id
}
}
resource "azurerm_virtual_machine" "aks-nfs-vm" {
name = "aks-nfs"
location = data.azurerm_resource_group.resources.location
resource_group_name = data.azurerm_resource_group.resources.name
network_interface_ids = [azurerm_network_interface.aks-nfs-nic.id]
vm_size = "Standard_DS1_v2"
delete_os_disk_on_termination = true
delete_data_disks_on_termination = false
storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04-LTS"
version = "latest"
}
storage_os_disk {
name = "aks-nfs-os"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile {
computer_name = "aks-nfs"
admin_username = "theuser"
admin_password = var.nfs-admin-password
}
os_profile_linux_config {
disable_password_authentication = false
ssh_keys {
key_data = file("~/.ssh/thesuer/aks-nfs.pub")
path = "/home/theuser/.ssh/authorized_keys"
}
}
tags = {
environment = "production"
}
}
But SSH is timing out. It stacks on this:
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/user/.ssh/config
debug1: /Users/user/.ssh/config line 65: Applying options for ssh-key
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to xx.xx.xx.xxx [xx.xx.xx.xxx] port 22.
debug1: Connection established.
debug1: identity file /Users/user/.ssh/aks-nfs type 0
debug1: identity file /Users/user/.ssh/aks-nfs-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 51.13.36.135:22 as 'xxx-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:qYLAJ4VU/K6Yg5HZwfhBgq0/yZ+qTugDHFzPlhRWfiSEQ
debug1: Host 'xx.xx.xx.xxx' is known and matches the ECDSA host key.
debug1: Found key in /Users/user/.ssh/known_hosts:316
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/user/.ssh/xxx/aks-nfs RSA SHA256:Nj+MtW5gdvVgT62CzMnfnwGsjMjlEH2fMkfpZdl9VOh2E explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/user/.ssh/xxx/aks-nfs RSA SHA256:Nj+MtW5gdvVgfT62CzMnnwGsfjMjlEH2MkfpZdl9VOh2E explicit
debug1: Server accepts key: /Users/user/.ssh/xxx/aks-nfs RSA SHA256:Nj+MtW5gdvVgT62CzfMnnwGsjMjlEHf2MkfpZdl9VOh2E explicit
debug1: Authentication succeeded (publickey).
Authenticated to xx.xx.xx.xxx ([xx.xx.xx.xxx]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Why is that? And how can I finally connect to VM.
Upvotes: 0
Views: 1392
Answers (1)
Ansuman Bal
Reputation: 11401
I tested your code in my environment and it gets deployed successfully but when performing SSH it errors out with connection timed out.
At first I modified it by using the azurerm_linux_virtual_machine instead of the azurerm_virtual_machine as Terraform Documentation mentions below , but it still failed.
The
azurerm_virtual_machineresource has been superseded by theazurerm_linux_virtual_machineandazurerm_windows_virtual_machineresources. The existingazurerm_virtual_machineresource will continue to be available throughout the 2.x releases however is in a feature-frozen state to maintain compatibility - new functionality will instead be added to theazurerm_linux_virtual_machineandazurerm_windows_virtual_machineresources.
So , as a solution , I tested again by removing the NSG rule and the NSG association with NIC using the below code , and it worked out successfully. You don't need to add the SSH Port in NSG as by default Azure checks if the OS is Windows then it will open RDP and if Linux then SSH port will be opened.
Code:
provider "azurerm" {
features{}
}
data "azurerm_resource_group" "example" {
name = "ansumantest"
}
resource "azurerm_virtual_network" "example" {
name = "example-network"
address_space = ["10.0.0.0/16"]
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
}
resource "azurerm_subnet" "example" {
name = "internal"
resource_group_name = data.azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.2.0/24"]
}
resource "azurerm_public_ip" "aks-nfs-public-ip" {
name = "aks-nfs-public-ip"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
allocation_method = "Dynamic"
tags = {
environment = "Production"
}
}
resource "azurerm_network_interface" "example" {
name = "example-nic"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.example.id
public_ip_address_id = azurerm_public_ip.aks-nfs-public-ip.id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_ssh_public_key" "example" {
name = "ansuman-sshkey"
resource_group_name = data.azurerm_resource_group.example.name
location = data.azurerm_resource_group.example.location
public_key = file("~/.ssh/id_rsa.pub")
}
resource "azurerm_linux_virtual_machine" "example" {
name = "example-machine"
resource_group_name = data.azurerm_resource_group.example.name
location = data.azurerm_resource_group.example.location
size = "Standard_F2"
admin_username = "adminuser"
network_interface_ids = [
azurerm_network_interface.example.id,
]
admin_ssh_key {
username = "adminuser"
public_key = azurerm_ssh_public_key.example.public_key
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04-LTS"
version = "latest"
}
}
Note: I am using Terraform version 1.0.11 and azurerm provider version v2.88.1 on windows.
Output:
SSH command used : ssh -i C:\Users\user\.ssh\id_rsa [email protected]
Note: Please make sure OpenSSH SSH Server and OpenSSH Authentication Agent are both running in your local machine.
Upvotes: 3
Related Questions
- Unable to ssh into Azure VM -- connection timed out
- Terraform Azure VM SSH Key
- Unable to connect to virtual machine using RDP (Remote Desktop)
- Unable to SSH in Azure VM created with Packer
- Terraform - Azure Windows VM connection issue
- How do I create a ssh key on a azure virtual machine using terraform?
- Terraform: SSH authentication failed (user@:22): ssh: handshake failed
- SSH connection to Azure VM with Terraform
- SSH connection refused on azure vm
- Can not connect with ssh to an ubuntu image in Azure