您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

快速步骤:创建和使用适用于 Azure 中 Linux VM 的 SSH 公钥-私钥对Quick steps: Create and use an SSH public-private key pair for Linux VMs in Azure

使用安全外壳 (SSH) 密钥对,可以在 Azure 上创建使用 SSH 密钥进行身份验证的虚拟机 (VM),从而无需密码即可登录。With a secure shell (SSH) key pair, you can create virtual machines (VMs) in Azure that use SSH keys for authentication, eliminating the need for passwords to log in. 本文介绍如何快速生成和使用适用于 Linux VM 的 SSH 公钥-私钥文件对。This article shows you how to quickly generate and use an SSH public-private key file pair for Linux VMs. 可使用 Azure Cloud Shell、macOS 或 Linux 主机或者适用于 Linux 的 Windows 子系统以及其他支持 OpenSSH 的工具完成这些步骤。You can complete these steps with the Azure Cloud Shell, a macOS or Linux host, the Windows Subsystem for Linux, and other tools that support OpenSSH.

有关详细背景和示例,请参阅创建 SSH 密钥对的详细步骤For more background and examples, see detailed steps to create SSH key pairs.

有关在 Windows 计算机上生成和使用 SSH 密钥的其他方式,请参阅如何在 Azure 上将 SSH 密钥与 Windows 配合使用For additional ways to generate and use SSH keys on a Windows computer, see How to use SSH keys with Windows on Azure.

受支持的 SSH 密钥格式Supported SSH key formats

Azure 目前支持最小长度为 2048 位的 SSH 协议 2 (SSH-2) RSA 公钥-私钥对。Azure currently supports SSH protocol 2 (SSH-2) RSA public-private key pairs with a minimum length of 2048 bits. 不支持其他密钥格式(如 ED25519 和 ECDSA)。Other key formats such as ED25519 and ECDSA are not supported.

创建 SSH 密钥对Create an SSH key pair

使用 ssh-keygen 命令生成 ~/.ssh 目录中默认创建的 SSH 公钥和私钥文件。Use the ssh-keygen command to generate SSH public and private key files that are by default created in the ~/.ssh directory. 系统提示时,可指定不同的位置和其他通行短语(用于访问私钥文件的密码)。You can specify a different location and an additional passphrase (a password to access the private key file) when prompted. 如果当前位置存在 SSH 密钥对,这些文件将被覆盖。If an SSH key pair exists in the current location, those files are overwritten.

ssh-keygen -t rsa -b 2048

如果使用 Azure CLI 2.0 创建 VM,则可以选择通过运行具有 --generate-ssh-keys 选项的 az vm create 命令生成 SSH 公钥和私钥文件。If you use the Azure CLI 2.0 to create your VM, you can optionally generate SSH public and private key files by running the az vm create command with the --generate-ssh-keys option. 密钥存储在 ~/.ssh 目录中。The keys are stored in the ~/.ssh directory. 请注意,如果该位置已存在密钥,此命令选项不会覆盖这些密钥。Note that this command option does not overwrite keys if they already exist in that location.

部署 VM 时提供 SSH 公钥Provide SSH public key when deploying a VM

若要创建使用 SSH 密钥进行身份验证的 Linux VM,请在使用 Azure 门户、CLI、资源管理器模板或其他方法创建 VM 时指定 SSH 公钥:To create a Linux VM that uses SSH keys for authentication, specify your SSH public key when creating the VM using the Azure portal, CLI, Resource Manager templates, or other methods:

如果不熟悉 SSH 公钥的格式,则可通过运行 cat 来查看公钥(如下所示),注意需将 ~/.ssh/id_rsa.pub 替换成自己的公钥文件位置:If you're not familiar with the format of an SSH public key, you can see your public key by running cat as follows, replacing ~/.ssh/id_rsa.pub with your own public key file location:

cat ~/.ssh/id_rsa.pub

如果复制和粘贴要在 Azure 门户或 Resource Manager 模板中使用的公钥文件的内容,请确保不复制额外的空格。If you copy and paste the contents of the public key file to use in the Azure portal or a Resource Manager template, make sure you don't copy any additional whitespace. 例如,如果使用 macOS,则可将公钥文件(默认为 ~/.ssh/id_rsa.pub)通过管道传送到 pbcopy,以便复制内容(也可通过其他 Linux 程序执行此类操作,例如 xclip)。For example, if you use macOS, you can pipe the public key file (by default, ~/.ssh/id_rsa.pub) to pbcopy to copy the contents (there are other Linux programs that do the same thing, such as xclip).

放置在 Azure 中 Linux VM 上的公钥默认存储在 ~/.ssh/id_rsa.pub 中,除非在创建密钥时更改了位置。The public key that you place on your Linux VM in Azure is by default stored in ~/.ssh/id_rsa.pub, unless you changed the location when you created the keys. 如果借助现有公钥使用 Azure CLI 2.0 创建 VM,请通过运行具有 --ssh-key-value 选项的 az vm create 命令来指定此公钥的值或位置。If you use the Azure CLI 2.0 to create your VM with an existing public key, specify the value or location of this public key by running the az vm create command with the --ssh-key-value option.

通过 SSH 连接到 VMSSH to your VM

凭借部署在 Azure VM 上的公钥和本地系统上的私钥,使用 VM 的 IP 地址或 DNS 名称通过 SSH 连接到 VM。With the public key deployed on your Azure VM, and the private key on your local system, SSH to your VM using the IP address or DNS name of your VM. 将以下命令中的 azureuser 和 myvm.westus.cloudapp.azure.com 替换为管理员用户名和完全限定的域名(或 IP 地址):Replace azureuser and myvm.westus.cloudapp.azure.com in the following command with the administrator user name and the fully qualified domain name (or IP address):

ssh azureuser@myvm.westus.cloudapp.azure.com

如果在创建密钥对时提供的是通行短语,则在登录过程中遇到提示时,请输入该通行短语。If you provided a passphrase when you created your key pair, enter the passphrase when prompted during the login process. (服务器添加到 ~/.ssh/known_hosts 文件夹。系统不会要求再次进行连接,除非更改了 Azure VM 上的公钥,或者从 ~/.ssh/known_hosts 中删除了服务器名称。)(The server is added to your ~/.ssh/known_hosts folder, and you won't be asked to connect again until the public key on your Azure VM changes or the server name is removed from ~/.ssh/known_hosts.)

使用 SSH 密钥创建的 VM 默认配置为禁用密码,使得强力猜测尝试代价相当高昂,因此也更为困难。VMs created using SSH keys are by default configured with passwords disabled, to make brute-forced guessing attempts vastly more expensive and therefore difficult.

后续步骤Next steps

本文介绍如何创建一个简单的、可以快速使用的 SSH 密钥对。This article described creating a simple SSH key pair for quick usage.