如何从已有的虚拟机中clone一个相同的虚拟机?
what are the different ways to clone a VM in azure?
设置azure windows ssh远程连接
安装完成后,还需要 【启动并配置 OpenSSH 服务器】,一定要启动,并配置防火墙
若要启动并配置 OpenSSH 服务器来开启使用,请以管理员身份打开 PowerShell,然后运行以下命令来启动 sshd service:
# Start the sshd service
Start-Service sshd
# Get the status of sshd service
Get-Service sshd
# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'
# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}
在虚拟机上执行(一定要用管理员权限打开powershell 执行这个命令)New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Program Files\Git\bin\bash.exe" -PropertyType String -Force,这样每次远程登录进去的时候就不是进入 cmd ,而是进入的 git-bash。
以下为原始linux 的方式
[【转载】**ssh-copy-id**三步实现**SSH**无密码登录和**ssh**常用命令](<http://t.zoukankan.com/leozhanggg-p-11809925.html>)
但是在windows 自带的sshd 服务上确另有不同。
当使用的是windows 自带的sshd 服务的时候,相关的配置文件是放在 C:\ProgramData\ssh 目录下的:
(old way)如果按照教程中的方式来安装可能会创建不成功administrators_authorized_keys文件
# Make sure that the .ssh directory exists in your server's user account home folder
ssh user1@domain1@contoso.com mkdir C:\ProgramData\ssh\
# Use scp to copy the public key file generated previously on your client to the authorized_keys file on your server
scp C:\Users\username\.ssh\id_ed25519.pub user1@domain1@contoso.com:C:\ProgramData\ssh\administrators_authorized_keys
# Appropriately ACL the authorized_keys file on your server
ssh --% user1@domain1@contoso.com icacls.exe "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
(new way)所以我们可以选择在虚拟机(server)上直接操作:如下:
注意⚠️: 以后要新加 新的client 的公钥,都需要重新执行一遍图片里的6个步骤,添加完后,一定一定一定要再执行第六步(),否则所有的密钥免密登录都失效了。
以下和图片中的一样(一定要用Administrator 的权限进入到powershell)
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
Try the new cross-platform PowerShell https://aka.ms/pscore6
PS C:\Windows\system32> New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Program Files\Git\bin\bash.exe" -PropertyType String -Force
DefaultShell : C:\Program Files\Git\bin\bash.exe
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE
PSChildName : OpenSSH
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
PS C:\Windows\system32> Get-Service sshd
Status Name DisplayName
------ ---- -----------
Running sshd OpenSSH SSH Server
PS C:\Windows\system32> cd ../..
PS C:\> cd .\ProgramData\ssh\
PS C:\ProgramData\ssh> vim administrators_authorized_keys
vim : The term 'vim' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ vim administrators_authorized_keys
+ ~~~
+ CategoryInfo : ObjectNotFound: (vim:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\ProgramData\ssh> bash
MelaPoc at TEST-VM in /c/ProgramData/ssh
$ vim administrators_authorized_keys
MelaPoc at TEST-VM in /c/ProgramData/ssh
$ ls -lht
total 26K
-rw-r--r-- 1 MelaPoc 197121 564 Nov 2 12:04 administrators_authorized_keys
-rw-r--r-- 1 MelaPoc 197121 6 Nov 2 08:02 sshd.pid
-rw-r--r-- 1 MelaPoc 197121 110 Nov 2 06:19 ssh_host_ed25519_key.pub
-rw-r--r-- 1 MelaPoc 197121 419 Nov 2 06:19 ssh_host_ed25519_key
-rw-r--r-- 1 MelaPoc 197121 190 Nov 2 06:19 ssh_host_ecdsa_key.pub
-rw-r--r-- 1 MelaPoc 197121 525 Nov 2 06:19 ssh_host_ecdsa_key
-rw-r--r-- 1 MelaPoc 197121 618 Nov 2 06:19 ssh_host_dsa_key.pub
-rw-r--r-- 1 MelaPoc 197121 1.4K Nov 2 06:19 ssh_host_dsa_key
-rw-r--r-- 1 MelaPoc 197121 582 Nov 2 06:19 ssh_host_rsa_key.pub
-rw-r--r-- 1 MelaPoc 197121 2.6K Nov 2 06:19 ssh_host_rsa_key
drwxr-xr-x 1 MelaPoc 197121 0 Nov 2 06:19 logs
-rw-r--r-- 1 MelaPoc 197121 2.3K Nov 2 05:56 sshd_config
MelaPoc at TEST-VM in /c/ProgramData/ssh
$ exit
PS C:\ProgramData\ssh> icacls.exe "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
processed file: C:\ProgramData\ssh\administrators_authorized_keys
Successfully processed 1 files; Failed processing 0 files
PS C:\ProgramData\ssh>
// .ssh/config
Host azure
HostName 20.247.74.122
User YourUserName
#PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa
use bastion(堡垒机) to connect your VM
Bastion FAQ
Q: Why do I get "Your session has expired" error message before the Bastion session starts?
A: A session should be initiated only from the Azure portal. Sign in to the Azure portal and begin your session again. If you go to the URL directly from another browser session or tab, this error is expected. It helps ensure that your session is more secure and that the session can be accessed only through the Azure portal.
