When you deploy the Azure Container Service you need to provide SSH keys in order to access the master and agent nodes from the jumpbox, and in order to login to the jumpbox. This of course works fine for the jumpbox, however when you subsequently try and login to the master or agents you’ll quickly find a problem: you don’t have you ssh keys on the jumpbox.
While you might not want to do this in production, the quick and simple way is to generate an insecure SSH key that you’ll only using for test ACS clusters. Before you create your cluster generate the key:
ssh-keygen -t rsa -b 4096 -C "insecure@insecurekey.ca" -f ~/.ssh/insecure_rsa
Now get the public key to specify while creating your ACS deployment (copy the output of the following command):
cat ~/.ssh/insecure_rsa.pub
Deploy ACS. When it’s ready add your regular (secure) keys to the jumpbox, and copy your insecure keys over.
ssh-copy-id azureuser@JUMPBOX_IP_OR_DNS_NAME scp -i ~/.ssh/insecure_rsa ~/.ssh/insecure_* azureuser@JUMPBOX_IP_OR_DNS_NAME:/tmp ssh -i ~/.ssh/insecure_rsa azureuser@JUMPBOX_IP_OR_DNS_NAME "mv /tmp/insecure_rsa ~/.ssh/id_rsa && mv /tmp/insecure_rsa.pub ~/.ssh/id_rsa.pub"
And now you’re ready to login to your jumpbox:
ssh -i ~/.ssh/insecure_rsa azureuser@JUMPBOX_IP_OR_DNS_NAME
Once on your jumpbox you can easily SSH into the agents and master:
ssh 10.0.0.5
Lastly, I would recommend not allowing logins to your jumpbox using the insecure key. To do this you will first have to have a regular (secure) ssh key.
ssh -i ~/.ssh/id_rsa azureuser@JUMPBOX_IP_OR_DNS_NAME "sed -i -e \"1d\" ~/.ssh/authorized_keys"
Now you can login to your jumpbox as follows:
ssh azureuser@JUMPBOX_IP_OR_DNS_NAME
No comments yet.