Setting up SSH Keys for Azure Container Service

When you deploy the Azure Container Service you need to provide SSH keys in order to access the master and agent nodes from the jumpbox, and in order to login to the jumpbox. This of course works fine for the jumpbox, however when you subsequently try and login to the master or agents you’ll quickly find a problem: you don’t have you ssh keys on the jumpbox.

While you might not want to do this in production, the quick and simple way is to generate an insecure SSH key that you’ll only using for test ACS clusters. Before you create your cluster generate the key:

ssh-keygen -t rsa -b 4096 -C "" -f ~/.ssh/insecure_rsa
Be sure to set a password for your key!

Now get the public key to specify while creating your ACS deployment (copy the output of the following command):

cat ~/.ssh/

Deploy ACS. When it’s ready add your regular (secure) keys to the jumpbox, and copy your insecure keys over.

ssh-copy-id azureuser@JUMPBOX_IP_OR_DNS_NAME
scp -i ~/.ssh/insecure_rsa  ~/.ssh/insecure_* azureuser@JUMPBOX_IP_OR_DNS_NAME:/tmp
ssh -i ~/.ssh/insecure_rsa azureuser@JUMPBOX_IP_OR_DNS_NAME "mv /tmp/insecure_rsa ~/.ssh/id_rsa && mv /tmp/ ~/.ssh/"

And now you’re ready to login to your jumpbox:

ssh -i ~/.ssh/insecure_rsa azureuser@JUMPBOX_IP_OR_DNS_NAME

Once on your jumpbox you can easily SSH into the agents and master:


Lastly, I would recommend not allowing logins to your jumpbox using the insecure key. To do this you will first have to have a regular (secure) ssh key.

Before you do this ensure that the above `ssh-copy-id` command succeeded and your secure key has been added to the jumpbox, or you will be unable to login to it!
ssh -i ~/.ssh/id_rsa azureuser@JUMPBOX_IP_OR_DNS_NAME "sed -i -e \"1d\" ~/.ssh/authorized_keys"

Now you can login to your jumpbox as follows:

ssh azureuser@JUMPBOX_IP_OR_DNS_NAME

, ,

No comments yet.

Leave a Reply

Proudly made in Canada