我已按照以下步骤生成 pfx 文件并上传到 azure keyvault,我无法在创建时使用 terraform 将 pfx 文件中的 authorized_key 引用到我的 linux 框中,我做错了什么吗?
> openssl genrsa -out private.pem 2048
> openssl req -sha256 -new -key private.pem -out csr.pem
> openssl x509 -req -sha256 -days 365 -in csr.pem -signkey private.pem -out certificate.pem
> openssl pkcs12 -export -inkey private.pem -in certificate.pem -out certificate.pfx
答案 0 :(得分:0)
由于我没有找到任何可以使用 pfx 证书作为 SSH 密钥的东西,我尝试使用 OpelSSL 创建一个私钥并使用 PuttyGen 生成 authorized_key 并创建 Azure KeyVault Secrets,然后将公钥引用到 linux SSH_Key Data 中。而私钥用于通过堡垒访问。
Generate a private key using OpenSSL. (will use as Bastion host ssh private key from keyvault)
> openssl genrsa -out private.pem 2048
Open PuttyGen to Generate,
Authorized_Key (will be place in Linux box while creating., .ssh/authorized_keys)
data "azurerm_key_vault_secret" "example" {
name = "my-public-key"
key_vault_id = data.azurerm_key_vault.existing.id
}
module "testlinux" {
source = "../../modules/linux"
resource_group_name = azurerm_resource_group.main.name
vm_hostname = "vm-linux-01"
nb_instances = 1
nb_public_ip = 0
remote_port = "22"
admin_username = var.admin_username
vm_os_publisher = "OpenLogic"
vm_os_offer = "CentOS"
vm_os_sku = "7.5"
vm_size = "Standard_D2as_v4"
ssh_key = data.azurerm_key_vault_secret.example.value
vnet_subnet_id = data.azurerm_subnet.my-subnet-01.id
tags = var.tags
}