您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

如何创建和使用适用于 Azure 中 Linux VM 的 SSH 公钥和私钥对How to create and use an SSH public and private key pair for Linux VMs in Azure

使用安全外壳 (SSH) 密钥对,可以在 Azure 上创建使用 SSH 密钥进行身份验证的虚拟机 (VM),从而无需密码即可登录。With a secure shell (SSH) key pair, you can create virtual machines (VMs) in Azure that use SSH keys for authentication, eliminating the need for passwords to log in. 本文介绍如何快速生成和使用适用于 Linux VM 的 SSH 协议版本 2 RSA 公钥和私钥文件对。This article shows you how to quickly generate and use an SSH protocol version 2 RSA public and private key file pair for Linux VMs. 可以使用 Azure Cloud Shell、macOS 或 Linux 主机或者适用于 Linux 的 Windows 子系统完成这些步骤。You can complete these steps with the Azure Cloud Shell, a macOS or Linux host, or the Windows Subsystem for Linux. 如需更详细的步骤和其他示例,请参阅创建 SSH 密钥对和证书的详细步骤For more detailed steps and additional examples, see detailed steps to create SSH key pairs and certificates.

创建 SSH 密钥对Create an SSH key pair

请使用 ssh-keygen 命令创建 SSH 公钥和私钥文件,这些文件默认在 ~/.ssh 目录中创建,但是可以在系统提示时指定其他位置和其他通行短语(用于访问私钥文件的密码)。Use the ssh-keygen command to create SSH public and private key files that are by default created in the ~/.ssh directory, but you can specify a different location and additional passphrase (a password to access the private key file) when prompted. 请通过 Bash 外壳程序运行以下命令,在出现提示时使用自己的信息进行回应。Run the following command from a Bash shell, answering the prompts with your own information.

ssh-keygen -t rsa -b 2048

使用 SSH 密钥对Use the SSH key pair

放置在 Azure 中 Linux VM 上的公钥默认存储在 ~/.ssh/id_rsa.pub 中,除非在创建该公钥时更改了位置。The public key that you place on your Linux VM in Azure is by default stored in ~/.ssh/id_rsa.pub, unless you changed the location when you created them. 如果使用 Azure CLI 2.0 创建 VM,请在将 az vm create--ssh-key-path 选项结合使用时指定该公钥的位置。If you use the Azure CLI 2.0 to create your VM, specify the location of this public key when you use the az vm create with the --ssh-key-path option. 如果复制和粘贴要在 Azure 门户或 Resource Manager 模板中使用的公钥文件的内容,请确保不复制额外的空格。If you copy and paste the contents of the public key file to use in the Azure portal or a Resource Manager template, make sure you don't copy any additional whitespace. 例如,如果使用 OS X,则可将公钥文件(默认为 ~/.ssh/id_rsa.pub)通过管道传送到 pbcopy,以便复制内容(也可通过其他 Linux 程序(例如 xclip)执行此类操作)。For example, if you use OS X, you can pipe the public key file (by default, ~/.ssh/id_rsa.pub) to pbcopy to copy the contents (there are other Linux programs that do the same thing, such as xclip).

如果不熟悉 SSH 公钥,则可通过运行 cat 来查看公钥(如下所示),注意需将 ~/.ssh/id_rsa.pub 替换成自己的公钥文件位置:If you're not familiar with SSH public keys, you can see your public key by running cat as follows, replacing ~/.ssh/id_rsa.pub with your own public key file location:

cat ~/.ssh/id_rsa.pub

请使用 Azure VM 上的公钥,通过 SSH 使用 VM 的 IP 地址或 DNS 名称连接到 VM(记住将下面的 azureusermyvm.westus.cloudapp.azure.com 替换为管理员用户名和完全限定域名或 IP 地址):With the public key on your Azure VM, SSH to your VM using the IP address or DNS name of your VM (remember to replace azureuser and myvm.westus.cloudapp.azure.com below with the admin username and the fully qualified domain name -- or IP address):

ssh azureuser@myvm.westus.cloudapp.azure.com

如果在创建密钥对时提供的是通行短语,则在登录过程中遇到提示时,请输入该通行短语。If you provided a passphrase when you created your key pair, enter the passphrase when prompted during the login process. (服务器添加到 ~/.ssh/known_hosts 文件夹。系统不会要求再次进行连接,除非更改了 Azure VM 上的公钥,或者从 ~/.ssh/known_hosts 中删除了服务器名称。)(The server is added to your ~/.ssh/known_hosts folder, and you won't be asked to connect again until the public key on your Azure VM changes or the server name is removed from ~/.ssh/known_hosts.)

后续步骤Next steps

使用 SSH 密钥创建的 VM 默认配置为禁用密码,使得强力猜测尝试代价相当高昂,因此也更为困难。VMs created using SSH keys are by default configured with passwords disabled, to make brute-forced guessing attempts vastly more expensive and therefore difficult. 本主题介绍如何创建一个简单的、可以快速使用的 SSH 密钥对。This topic describes creating a simple SSH key pair for quick usage. 如果在创建 SSH 密钥对方面需要更多帮助,或者需要其他的证书,请参阅创建 SSH 密钥对和证书的详细步骤If you need more assistance in creating your SSH key pair or require additional certificates, see Detailed steps to create SSH key pairs and certificates.

可以通过 Azure 门户、CLI 和模板创建使用 SSH 密钥对的 VM:You can create VMs that use your SSH key pair using the Azure portal, CLI, and templates: