Problem :
We’re just getting started using Azure. We’ve deployed 2 Ubuntu 16.0.4 VMs. During the deployment steps we specified an admin account with a public SSH key. The admin account and public key are the same for all VMs
When setting up our SSH client (either Git Bash or the Azure Cloud Shell) we copy our private key into the id_rsa file. When we SSH to the VM we always specify the admin account, and the private key gets loaded from the id_rsa file automatically.
Is this a recommended approach? I would have thought that each user would generate their own key pair, and each user would have an account on the VM with their public key. That way users are authenticated using individual accounts and security, auditing applies to individual users.
On windows servers on premise, we use Active Directory and grant an active directory group the ability to log onto a server. We don’t create local accounts on each window server VM. Users authenticate to a VM with the same credentials they use when authenticating to the domain because the VMs are part of the domain.
Is there a way to do this with Linux VMs in Azure, where we wouldn’t have to provision local accounts on each VM?
Solution :
Is this a recommended approach? I would have thought that each user
would generate their own key pair, and each user would have an account
on the VM with their public key. That way users are authenticated
using individual accounts and security, auditing applies to individual
users.
You could create different ssh keys for your users.
ssh-keygen -t rsa -b 2048
Save the private key in your local and store public key in your user’s ~/.ssh/authorized_keys. More information please refer to this official document.
Is there a way to do this with Linux VMs in Azure, where we wouldn’t
have to provision local accounts on each VM?
Yes, it is possible. But by default, linux does not support AD Authentication, you need install the module, please refer to this link. If you want Azure AD user to login, this link maybe helpful.