SSH connection without password between two Azure VMs

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP








up vote
0
down vote

favorite












SSH connection without password between two Azure VMs



I have two RHEL7 VMs running in the same resource group with the same subscription ID.
I have assigned DNS names to them;
master.eastus.cloudapp.azure.com and
node.eastus.cloudapp.azure.com



The ips are dynamically assigned by Azure



These VMs are setup for a manual installation of OpenShift which requires two VMs and will need to communicate with ssh, no password



Both VMs are on the same subnet:
subnet Virtual network/subnet: openshift-vm-vnet/default



I have set up two Network Interface Inbound rules for each vm-vnet/default



Master :: internal ip 10.0.0.3
name port protocol Source Destination Action
default -allow-ssh 22 TCP <Corp ip> Any Allow
node_vm 22 TCP 10.0.0.0/29 Any Allow


Node :: internal ip 10.0.0.4
name port protocol Source Destination Action
default -allow-ssh 22 TCP <Corp ip> Any Allow
master_vm 22 TCP 10.0.0.0/29 Any Allow


I am able to connect to both of the the VMs using the domains with windows 10 v 1 power shell.
ssh -v rhel7@avantiadev.eastus.cloudapp.azure.com



When connected to the VM in powershell, I am unable to connect to the other VM with the domain.
trying to connect to a domain from a windows 10 power shell connected to a VM instance times out



[rhel7@master ~]$ ssh -v rhel7@node.eastus.cloudapp.azure.com
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to node.eastus.cloudapp.azure.com [public ip] port 22.
debug1: connect to address [public ip] port 22: Connection timed out
ssh: connect to host node.eastus.cloudapp.azure.com port 22: Connection timed out


I am able to connect using the internal ip. 10.0.0.x



ssh-keygen has been run on both VMinstances:
ssh-keygen -t rsa -b 2048
(No password entered)



with keys created in ~/.ssh/id_rsa.pub on each VM.



When trying to copy the key from the master to the node
ssh-copy-id -i ~/.ssh/id_rsa.pub rhel7@node.eastus.cloudapp.azure.com



The connection times out.



using the internal ip address is successful.
ssh-copy-id -i ~/.ssh/id_rsa.pub 10.0.0.3 successfully transferred the id_rsa.pub key value to the server.



Logging in to the server >ssh 10.0.0.3 still requires a password



How do I configure two azure vms for ssh passwordless connections so they will be able to communicate as a part of the Openshift installation process?






ssh azure







share|improve this question



















  • 1




    I think your sshd_config file has a restriction on what IP range can connect to the VM. Plus within the same network, your VMs are working how it supposed to work. You should not need to go to WAN network in order to connect to a VM on the LAN network.
    – Praveen P
    Feb 8 at 20:05










  • When you say Logging in to the server >ssh 10.0.0.3 still requires a password are you running ssh 10.0.0.3? In that case is the public of the current machine on the authorized_keys file of the root on 10.0.0.3?
    – Praveen P
    Feb 8 at 20:10










  • Thanks Praveen. The sshd_config hasn't been modified. I don't see a setting that would restrict IPs. I'm ssh-ing to the master 10.0.0.4 from windows 10 with windows power shell. Once connected to the master I am ssh-ing to node 10.0.0.3 from the master. 'ssh 10.0.0.3'. 10.0.0.3 /home/rhel7/.ssh auhtorized_keys includes the ssh-rsa key for the rhel7 user of the master. known_hosts includes a entry for the master: 10.0.0.4 ecdsa-sha2-nistp256. I believe this will be an issue as the ip is dynamic.
    – Mike T
    Feb 9 at 20:38










  • 10.0.0.3 /etc/ssh does not include any authorized_key or known_host files /root does not have a .ssh dir or authorized_keys file.
    – Mike T
    Feb 9 at 20:38










  • Your config seems to be fine. When you say IP is dynamic, did you mean the 10.0.0.3 could be something else tomorrow?
    – Praveen P
    Feb 9 at 20:42















up vote
0
down vote

favorite












SSH connection without password between two Azure VMs



I have two RHEL7 VMs running in the same resource group with the same subscription ID.
I have assigned DNS names to them;
master.eastus.cloudapp.azure.com and
node.eastus.cloudapp.azure.com



The ips are dynamically assigned by Azure



These VMs are setup for a manual installation of OpenShift which requires two VMs and will need to communicate with ssh, no password



Both VMs are on the same subnet:
subnet Virtual network/subnet: openshift-vm-vnet/default



I have set up two Network Interface Inbound rules for each vm-vnet/default



Master :: internal ip 10.0.0.3
name port protocol Source Destination Action
default -allow-ssh 22 TCP <Corp ip> Any Allow
node_vm 22 TCP 10.0.0.0/29 Any Allow


Node :: internal ip 10.0.0.4
name port protocol Source Destination Action
default -allow-ssh 22 TCP <Corp ip> Any Allow
master_vm 22 TCP 10.0.0.0/29 Any Allow


I am able to connect to both of the the VMs using the domains with windows 10 v 1 power shell.
ssh -v rhel7@avantiadev.eastus.cloudapp.azure.com



When connected to the VM in powershell, I am unable to connect to the other VM with the domain.
trying to connect to a domain from a windows 10 power shell connected to a VM instance times out



[rhel7@master ~]$ ssh -v rhel7@node.eastus.cloudapp.azure.com
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to node.eastus.cloudapp.azure.com [public ip] port 22.
debug1: connect to address [public ip] port 22: Connection timed out
ssh: connect to host node.eastus.cloudapp.azure.com port 22: Connection timed out


I am able to connect using the internal ip. 10.0.0.x



ssh-keygen has been run on both VMinstances:
ssh-keygen -t rsa -b 2048
(No password entered)



with keys created in ~/.ssh/id_rsa.pub on each VM.



When trying to copy the key from the master to the node
ssh-copy-id -i ~/.ssh/id_rsa.pub rhel7@node.eastus.cloudapp.azure.com



The connection times out.



using the internal ip address is successful.
ssh-copy-id -i ~/.ssh/id_rsa.pub 10.0.0.3 successfully transferred the id_rsa.pub key value to the server.



Logging in to the server >ssh 10.0.0.3 still requires a password



How do I configure two azure vms for ssh passwordless connections so they will be able to communicate as a part of the Openshift installation process?






ssh azure







share|improve this question



















  • 1




    I think your sshd_config file has a restriction on what IP range can connect to the VM. Plus within the same network, your VMs are working how it supposed to work. You should not need to go to WAN network in order to connect to a VM on the LAN network.
    – Praveen P
    Feb 8 at 20:05










  • When you say Logging in to the server >ssh 10.0.0.3 still requires a password are you running ssh 10.0.0.3? In that case is the public of the current machine on the authorized_keys file of the root on 10.0.0.3?
    – Praveen P
    Feb 8 at 20:10










  • Thanks Praveen. The sshd_config hasn't been modified. I don't see a setting that would restrict IPs. I'm ssh-ing to the master 10.0.0.4 from windows 10 with windows power shell. Once connected to the master I am ssh-ing to node 10.0.0.3 from the master. 'ssh 10.0.0.3'. 10.0.0.3 /home/rhel7/.ssh auhtorized_keys includes the ssh-rsa key for the rhel7 user of the master. known_hosts includes a entry for the master: 10.0.0.4 ecdsa-sha2-nistp256. I believe this will be an issue as the ip is dynamic.
    – Mike T
    Feb 9 at 20:38










  • 10.0.0.3 /etc/ssh does not include any authorized_key or known_host files /root does not have a .ssh dir or authorized_keys file.
    – Mike T
    Feb 9 at 20:38










  • Your config seems to be fine. When you say IP is dynamic, did you mean the 10.0.0.3 could be something else tomorrow?
    – Praveen P
    Feb 9 at 20:42













up vote
0
down vote

favorite









up vote
0
down vote

favorite











SSH connection without password between two Azure VMs



I have two RHEL7 VMs running in the same resource group with the same subscription ID.
I have assigned DNS names to them;
master.eastus.cloudapp.azure.com and
node.eastus.cloudapp.azure.com



The ips are dynamically assigned by Azure



These VMs are setup for a manual installation of OpenShift which requires two VMs and will need to communicate with ssh, no password



Both VMs are on the same subnet:
subnet Virtual network/subnet: openshift-vm-vnet/default



I have set up two Network Interface Inbound rules for each vm-vnet/default



Master :: internal ip 10.0.0.3
name port protocol Source Destination Action
default -allow-ssh 22 TCP <Corp ip> Any Allow
node_vm 22 TCP 10.0.0.0/29 Any Allow


Node :: internal ip 10.0.0.4
name port protocol Source Destination Action
default -allow-ssh 22 TCP <Corp ip> Any Allow
master_vm 22 TCP 10.0.0.0/29 Any Allow


I am able to connect to both of the the VMs using the domains with windows 10 v 1 power shell.
ssh -v rhel7@avantiadev.eastus.cloudapp.azure.com



When connected to the VM in powershell, I am unable to connect to the other VM with the domain.
trying to connect to a domain from a windows 10 power shell connected to a VM instance times out



[rhel7@master ~]$ ssh -v rhel7@node.eastus.cloudapp.azure.com
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to node.eastus.cloudapp.azure.com [public ip] port 22.
debug1: connect to address [public ip] port 22: Connection timed out
ssh: connect to host node.eastus.cloudapp.azure.com port 22: Connection timed out


I am able to connect using the internal ip. 10.0.0.x



ssh-keygen has been run on both VMinstances:
ssh-keygen -t rsa -b 2048
(No password entered)



with keys created in ~/.ssh/id_rsa.pub on each VM.



When trying to copy the key from the master to the node
ssh-copy-id -i ~/.ssh/id_rsa.pub rhel7@node.eastus.cloudapp.azure.com



The connection times out.



using the internal ip address is successful.
ssh-copy-id -i ~/.ssh/id_rsa.pub 10.0.0.3 successfully transferred the id_rsa.pub key value to the server.



Logging in to the server >ssh 10.0.0.3 still requires a password



How do I configure two azure vms for ssh passwordless connections so they will be able to communicate as a part of the Openshift installation process?






ssh azure







share|improve this question















SSH connection without password between two Azure VMs



I have two RHEL7 VMs running in the same resource group with the same subscription ID.
I have assigned DNS names to them;
master.eastus.cloudapp.azure.com and
node.eastus.cloudapp.azure.com



The ips are dynamically assigned by Azure



These VMs are setup for a manual installation of OpenShift which requires two VMs and will need to communicate with ssh, no password



Both VMs are on the same subnet:
subnet Virtual network/subnet: openshift-vm-vnet/default



I have set up two Network Interface Inbound rules for each vm-vnet/default



Master :: internal ip 10.0.0.3
name port protocol Source Destination Action
default -allow-ssh 22 TCP <Corp ip> Any Allow
node_vm 22 TCP 10.0.0.0/29 Any Allow


Node :: internal ip 10.0.0.4
name port protocol Source Destination Action
default -allow-ssh 22 TCP <Corp ip> Any Allow
master_vm 22 TCP 10.0.0.0/29 Any Allow


I am able to connect to both of the the VMs using the domains with windows 10 v 1 power shell.
ssh -v rhel7@avantiadev.eastus.cloudapp.azure.com



When connected to the VM in powershell, I am unable to connect to the other VM with the domain.
trying to connect to a domain from a windows 10 power shell connected to a VM instance times out



[rhel7@master ~]$ ssh -v rhel7@node.eastus.cloudapp.azure.com
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to node.eastus.cloudapp.azure.com [public ip] port 22.
debug1: connect to address [public ip] port 22: Connection timed out
ssh: connect to host node.eastus.cloudapp.azure.com port 22: Connection timed out


I am able to connect using the internal ip. 10.0.0.x



ssh-keygen has been run on both VMinstances:
ssh-keygen -t rsa -b 2048
(No password entered)



with keys created in ~/.ssh/id_rsa.pub on each VM.



When trying to copy the key from the master to the node
ssh-copy-id -i ~/.ssh/id_rsa.pub rhel7@node.eastus.cloudapp.azure.com



The connection times out.



using the internal ip address is successful.
ssh-copy-id -i ~/.ssh/id_rsa.pub 10.0.0.3 successfully transferred the id_rsa.pub key value to the server.



Logging in to the server >ssh 10.0.0.3 still requires a password



How do I configure two azure vms for ssh passwordless connections so they will be able to communicate as a part of the Openshift installation process?






ssh azure




ssh azure






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 8 at 23:32









Praveen P

1286




1286










asked Feb 8 at 19:41









Mike T

1




1







  • 1




    I think your sshd_config file has a restriction on what IP range can connect to the VM. Plus within the same network, your VMs are working how it supposed to work. You should not need to go to WAN network in order to connect to a VM on the LAN network.
    – Praveen P
    Feb 8 at 20:05










  • When you say Logging in to the server >ssh 10.0.0.3 still requires a password are you running ssh 10.0.0.3? In that case is the public of the current machine on the authorized_keys file of the root on 10.0.0.3?
    – Praveen P
    Feb 8 at 20:10










  • Thanks Praveen. The sshd_config hasn't been modified. I don't see a setting that would restrict IPs. I'm ssh-ing to the master 10.0.0.4 from windows 10 with windows power shell. Once connected to the master I am ssh-ing to node 10.0.0.3 from the master. 'ssh 10.0.0.3'. 10.0.0.3 /home/rhel7/.ssh auhtorized_keys includes the ssh-rsa key for the rhel7 user of the master. known_hosts includes a entry for the master: 10.0.0.4 ecdsa-sha2-nistp256. I believe this will be an issue as the ip is dynamic.
    – Mike T
    Feb 9 at 20:38










  • 10.0.0.3 /etc/ssh does not include any authorized_key or known_host files /root does not have a .ssh dir or authorized_keys file.
    – Mike T
    Feb 9 at 20:38










  • Your config seems to be fine. When you say IP is dynamic, did you mean the 10.0.0.3 could be something else tomorrow?
    – Praveen P
    Feb 9 at 20:42













  • 1




    I think your sshd_config file has a restriction on what IP range can connect to the VM. Plus within the same network, your VMs are working how it supposed to work. You should not need to go to WAN network in order to connect to a VM on the LAN network.
    – Praveen P
    Feb 8 at 20:05










  • When you say Logging in to the server >ssh 10.0.0.3 still requires a password are you running ssh 10.0.0.3? In that case is the public of the current machine on the authorized_keys file of the root on 10.0.0.3?
    – Praveen P
    Feb 8 at 20:10










  • Thanks Praveen. The sshd_config hasn't been modified. I don't see a setting that would restrict IPs. I'm ssh-ing to the master 10.0.0.4 from windows 10 with windows power shell. Once connected to the master I am ssh-ing to node 10.0.0.3 from the master. 'ssh 10.0.0.3'. 10.0.0.3 /home/rhel7/.ssh auhtorized_keys includes the ssh-rsa key for the rhel7 user of the master. known_hosts includes a entry for the master: 10.0.0.4 ecdsa-sha2-nistp256. I believe this will be an issue as the ip is dynamic.
    – Mike T
    Feb 9 at 20:38










  • 10.0.0.3 /etc/ssh does not include any authorized_key or known_host files /root does not have a .ssh dir or authorized_keys file.
    – Mike T
    Feb 9 at 20:38










  • Your config seems to be fine. When you say IP is dynamic, did you mean the 10.0.0.3 could be something else tomorrow?
    – Praveen P
    Feb 9 at 20:42








1




1




I think your sshd_config file has a restriction on what IP range can connect to the VM. Plus within the same network, your VMs are working how it supposed to work. You should not need to go to WAN network in order to connect to a VM on the LAN network.
– Praveen P
Feb 8 at 20:05




I think your sshd_config file has a restriction on what IP range can connect to the VM. Plus within the same network, your VMs are working how it supposed to work. You should not need to go to WAN network in order to connect to a VM on the LAN network.
– Praveen P
Feb 8 at 20:05












When you say Logging in to the server >ssh 10.0.0.3 still requires a password are you running ssh 10.0.0.3? In that case is the public of the current machine on the authorized_keys file of the root on 10.0.0.3?
– Praveen P
Feb 8 at 20:10




When you say Logging in to the server >ssh 10.0.0.3 still requires a password are you running ssh 10.0.0.3? In that case is the public of the current machine on the authorized_keys file of the root on 10.0.0.3?
– Praveen P
Feb 8 at 20:10












Thanks Praveen. The sshd_config hasn't been modified. I don't see a setting that would restrict IPs. I'm ssh-ing to the master 10.0.0.4 from windows 10 with windows power shell. Once connected to the master I am ssh-ing to node 10.0.0.3 from the master. 'ssh 10.0.0.3'. 10.0.0.3 /home/rhel7/.ssh auhtorized_keys includes the ssh-rsa key for the rhel7 user of the master. known_hosts includes a entry for the master: 10.0.0.4 ecdsa-sha2-nistp256. I believe this will be an issue as the ip is dynamic.
– Mike T
Feb 9 at 20:38




Thanks Praveen. The sshd_config hasn't been modified. I don't see a setting that would restrict IPs. I'm ssh-ing to the master 10.0.0.4 from windows 10 with windows power shell. Once connected to the master I am ssh-ing to node 10.0.0.3 from the master. 'ssh 10.0.0.3'. 10.0.0.3 /home/rhel7/.ssh auhtorized_keys includes the ssh-rsa key for the rhel7 user of the master. known_hosts includes a entry for the master: 10.0.0.4 ecdsa-sha2-nistp256. I believe this will be an issue as the ip is dynamic.
– Mike T
Feb 9 at 20:38












10.0.0.3 /etc/ssh does not include any authorized_key or known_host files /root does not have a .ssh dir or authorized_keys file.
– Mike T
Feb 9 at 20:38




10.0.0.3 /etc/ssh does not include any authorized_key or known_host files /root does not have a .ssh dir or authorized_keys file.
– Mike T
Feb 9 at 20:38












Your config seems to be fine. When you say IP is dynamic, did you mean the 10.0.0.3 could be something else tomorrow?
– Praveen P
Feb 9 at 20:42





Your config seems to be fine. When you say IP is dynamic, did you mean the 10.0.0.3 could be something else tomorrow?
– Praveen P
Feb 9 at 20:42
















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1004331%2fssh-connection-without-password-between-two-azure-vms%23new-answer', 'question_page');

);

Post as a guest






















active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1004331%2fssh-connection-without-password-between-two-azure-vms%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

pylint3 and pip3 broken

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have tried sudo apt remove --purge on various packages. I get the same when I reinstall. I have also tried reinstall using aptitude. This does not work. My current workaround is to run pylint3 as root, which works, but is bad practice. pip3 $ pip3 Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pip/_vendor/__init__.py", line 33, in vendored __import__(vendored_name, globals(), locals(), level=0) ImportError: No module named 'pip._vendor.pkg_resources' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/bin/pip3", line 9, in <module> from pip import main File "/usr/lib/python3/dist-packages/pip/__init__.py", line 13, in <module> from pip.exceptions import InstallationError, CommandError, PipError File "/usr/lib/python3/dist-packages/pip/exceptions.py", line 6, ...
Read more

Missing snmpget and snmpwalk

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried to install it with: apt-get install net-snmp-utils but I have error message: Unable to locate package. I have also check what from SNMP is preinstalled and there is: libsnmp-base libsnmp30:amd64 snmp-mibs-downloader snmpd snmptrapd snmptrapfmt How can I install snmpget and snmpwalk ? snmp zabbix share | improve this question edited Jan 29 at 10:10 Yaron 8,552 7 18 38 asked Jan 29 at 9:51 Alfista 1 apt install snmp perhaps ? If named differently - apt cache snmp – fugitive Jan 29 at 10:00 add a comment  |  up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried...
Read more

How to enroll fingerprints to Ubuntu 17.10 with VFS491

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I decided to switch from Windows to Ubuntu 17.10, I meet it like 8 years ago and I didn't decided to switch until now (haha). Well, my actual device is an HP Probook 4540s with a Validity fingerprint sensor (VFS491). The fingerprint sensor worked fine on Windows but I can't get it to work in Ubuntu. The device is recognized as 138a:003d but is not detected as a fingerprint scanner by some apps like Fingerprint GUI. I want to use the fingerprint scanner to log in into my user account in Ubuntu but it doesn't supports fingerprints without special software and the drivers of the fingerprint scanner are available for Windows but not for any Linux distribution. I found something on GitHub (https://github.com/eekpie/libfprint) about the integration of the VFS491 in libfprint and I think it can help but I don't know what to do with it, so that's why I need the help of the community to do it since I am...
Read more