设置adminPassword无效;在Azure资源管理器中部署的Linux
我正在使用ARM模板来部署linux计算机。在我的Microsoft.Compute/virtualMachines部署中,我具有包括此属性(在the docs之后)
"osProfile": {
"computerName": "computer-name-here",
"adminUsername": "[parameters('AdminUserName')]",
"adminPassword": "password following rules here",
"linuxConfiguration": {
"disablePasswordAuthentication": false
}
"secrets": []
},
问题是使用该用户名和密码登录后,VM无法正常运行。
机器旋转时,ssh user@host失败,表示公钥身份验证失败。当我使用特殊标志强制要求输入密码时,结果相同。
当我检查VM的自动化脚本时,我看到我的属性通过了,但是adminPassword丢失了。我假设他们出于安全性考虑将其从控制台中删除,但是SSH客户端可以确保它看起来像是在忽略我配置的参数并启用了仅ssh密钥访问。
使用Azure可以登录用户名/密码吗?或者我错过了什么?
编辑:更多详细信息:
我的osProfile的生成方式是通过执行此操作的模板进行的:(请注意,我在用户名前添加了“密码”,以确保替换正确无误)
"authConfig-sshpublickey": {
"adminUsername": "[concat('pubkey-',parameters('AdminUserName'))]",
"adminPassword": "",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"path": "[concat('/home/', parameters('AdminUserName'),'/.ssh/authorized_keys')]",
"keyData": "[parameters('AdminCredential')]"
}
]
}
}
},
"authConfig-password": {
"adminUsername": "[concat('password-',parameters('AdminUserName'))]",
"linuxConfiguration": null,
"adminPassword": "[parameters('AdminCredential')]"
},
"authConfig": "[variables(concat('authConfig-',parameters('AdminAuthType')))]"
然后我将其设置在VM中,如下所示:
"osProfile": {
"computerName": "[concat(variables('namePrefixes').vm, '-', copyIndex())]",
"adminUsername": "[variables('authConfig').adminUsername]",
"adminPassword": "[variables('authConfig').adminPassword]",
"linuxConfiguration": "[variables('authConfig').linuxConfiguration]"
},
因为在运行时我使用的是AdminAuthType = password,所以要进行替换。
我运行模板,它正确设置了我的所有基础结构,然后进入Azure控制台,检查生成的VM的自动化脚本,然后看到:
"osProfile": {
"computerName": "[parameters('extra stuff here')]",
"adminUsername": "password-myuser",
"linuxConfiguration": {
"disablePasswordAuthentication": false
},
"secrets": []
},
因此,结论:
- 它是基于密码身份验证的替代
- 当我明确告诉我不要这样做时,它正在插入linuxConfiguration。
- adminPassword不会显示在自动化脚本中,但是正如之前所说,我不确定这是出于安全原因还是从未真正实现过。
1 个答案:
答案 0 :(得分:1)
确切的答案是,可以通过用户名/密码登录Azure。使用发布的模板,您可以忽略属性“ linuxConfiguration”和“ secrets”。简单的模板可以是这样:
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
没有属性“ linuxConfiguration”,因此将不会配置ssh密钥。以及下面的整个模板示例:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminUsername": {
"type": "string",
"metadata": {
"description": "User name for the Virtual Machine."
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Password for the Virtual Machine."
}
},
"dnsLabelPrefix": {
"type": "string",
"metadata": {
"description": "Unique DNS Name for the Public IP used to access the Virtual Machine."
}
},
"ubuntuOSVersion": {
"type": "string",
"defaultValue": "16.04.0-LTS",
"allowedValues": [
"12.04.5-LTS",
"14.04.5-LTS",
"15.10",
"16.04.0-LTS"
],
"metadata": {
"description": "The Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"storageAccountName": "[concat(uniquestring(resourceGroup().id), 'salinuxvm')]",
"imagePublisher": "Canonical",
"imageOffer": "UbuntuServer",
"nicName": "myVMNic",
"addressPrefix": "10.0.0.0/16",
"subnetName": "Subnet",
"subnetPrefix": "10.0.0.0/24",
"storageAccountType": "Standard_LRS",
"publicIPAddressName": "myPublicIP",
"publicIPAddressType": "Dynamic",
"vmName": "MyUbuntuVM",
"vmSize": "Standard_A1",
"virtualNetworkName": "MyVNET",
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2017-06-01",
"location": "[parameters('location')]",
"sku": {
"name": "[variables('storageAccountType')]"
},
"kind": "Storage",
"properties": {}
},
{
"apiVersion": "2017-04-01",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[parameters('location')]",
"properties": {
"publicIPAllocationMethod": "[variables('publicIPAddressType')]",
"dnsSettings": {
"domainNameLabel": "[parameters('dnsLabelPrefix')]"
}
}
},
{
"apiVersion": "2017-04-01",
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('virtualNetworkName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[variables('subnetPrefix')]"
}
}
]
}
},
{
"apiVersion": "2017-04-01",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]"
},
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
]
}
},
{
"apiVersion": "2017-03-30",
"type": "Microsoft.Compute/virtualMachines",
"name": "[variables('vmName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
"[resourceId('Microsoft.Network/networkInterfaces/', variables('nicName'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[variables('vmSize')]"
},
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"imageReference": {
"publisher": "[variables('imagePublisher')]",
"offer": "[variables('imageOffer')]",
"sku": "[parameters('ubuntuOSVersion')]",
"version": "latest"
},
"osDisk": {
"createOption": "FromImage"
},
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2016-01-01').primaryEndpoints.blob)]"
}
}
}
}
],
"outputs": {
"hostname": {
"type": "string",
"value": "[reference(variables('publicIPAddressName')).dnsSettings.fqdn]"
},
"sshCommand": {
"type": "string",
"value": "[concat('ssh ', parameters('adminUsername'), '@', reference(variables('publicIPAddressName')).dnsSettings.fqdn)]"
}
}
}
此外,将检查NSG规则是否允许流量。希望对您有帮助。
更新
使用密码创建虚拟机时,创建虚拟机后模板中密码的配置将如下所示,由于安全性,您无法看到密码:
如果使用公共ssh密钥创建VM,它将像这样:
您在用于创建VM的发布模板中设置了两种身份验证方式。请选择一个进行设置。如果您选择密码,请按照我上面发布的模板进行操作。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?