Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Terraform Azure VM SSH Key

Tags:

terraform

terraform-provider-azure

I am new at Terraform and would like some help. I have successfully created a VM and can manually SSH into it with no problem. The issue is I am working with a team on a project and they can't do any changes to the Tf files without making Terraform delete all the resources and recreating them. I think this is because they have a different SSH Key from mines.

admin_ssh_key {
   username = "azureroot"
   public_key = file("~/.ssh/id_rsa.pub")}

Because the contents of my ssh key is different from my teammates, it will destroy the VM and recreate it using the key from the person who did the terraform apply. Is there any way to get around this? This has caused many issues because we have had multiple vms destroyed because of the keys were different.

like image 888
python-noob Avatar asked Oct 20 '25 02:10

python-noob

2 Answers

Maybe this will help someone who have the same issue with me.

You can generate new private key and public key using terraform configuration language. Here is the following example:

resource "tls_private_key" "example_ssh" {
    algorithm = "RSA"
    rsa_bits = 4096
}

resource "azurerm_linux_virtual_machine" "myterraformvm" {
    computer_name = "myvm"
    admin_username = "azureuser"
    disable_password_authentication = true

    admin_ssh_key {
        username = "azureuser"
        public_key = tls_private_key.example_ssh.public_key_openssh #The magic here
    }

    tags = {
        environment = "Terraform Demo"
    }
}
like image 149
Khanh Tran Avatar answered Oct 22 '25 04:10

Khanh Tran

The problem is due to the configuration of the VM. It seems like you use the resource azurerm_linux_virtual_machine and set the SSH key as:

admin_username      = "azureroot"
admin_ssh_key {
   username = "azureroot"
   public_key = file("~/.ssh/id_rsa.pub")
}

For the public key, you use the function file() to load the public key from your current machine with the path ~/.ssh/id_rsa.pub. So when you are in a different machine, maybe your teammate's, then the public key should be different from yours. And it makes the problem.

Here I have two suggestions for you. One is that use the static public key like this:

admin_username      = "azureroot"
admin_ssh_key {
   username = "azureroot"
   public_key = "xxxxxxxxx"
}

Then no matter where you execute the Terraform code, the public key will not cause the problem. And you can change the things as you want, for example, the NSG rules.

like image 21
Charles Xu Avatar answered Oct 22 '25 03:10

Charles Xu
Sign in to Comment

Related questions

Terraform AWS optional logging for S3 bucket
Restrict creation of resources to a particular AWS Provider Profile in Terraform
Where is the Terraform CLI configuration file (.terraformrc) located in mac OS?
Use current GIT information on Terraform resources
importing gcp resource into terraform fails even if the resource exists
Terraform azure provider gave me "features required field not set"
How to enable diagnostic logs on Virtual Machine Scale Set or Load Balancer created by AKS cluster resource in terraform?
How can I get the Instance ID of the EMR master instance in Terraform?
How can I rename a subnet in gcp?
Terraform - Create Snapshot of EBS and then convert Snapshot to EBS and attach to an EC2
Terraform - Create type constraints for type Map
Terraform conditional argument block
How can I reference the map variable in the terraform? <Azure>

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!