SSH public key authentication with Linux Azure DSVM through R

0
votes

I'm trying to use the R AzureDSVM package to create a Linux DSVM through R. I am reading the guide https://raw.githubusercontent.com/Azure/AzureDSVM/master/vignettes/10Deploy.Rmd (Azure DSVM guide)

First the guide requests you create an Azure Active Directory application which will provide a "tenant ID", "client ID" and "user key", the guidelines described in http://htmlpreview.github.io/?https://github.com/Microsoft/AzureSMR/blob/master/inst/doc/Authentication.html (Azure SMR Auth guide)

As I understand it, this creates an app registered in Azure Active Directory, creates an "authentication key" for the app, which is the user key, and associates the app with a Resource Group. I've done this sucessfully.

The Azure DSVM guide then creates a VM with public key authentication in a similar way to what follows:

library(AzureSMR) 
library(AzureDSVM)   

TID <- "123abc"          # Tenant ID
CID <- "456def"          # Client ID
KEY <- "789ghi"          # User key

context <- createAzureContext(tenantID=TID, clientID=CID, authKey=KEY)

resourceGroup<-"myResouceGroup"
location<-"myAzureLocation"
vmUsername<-"myVmUsername"
size<-"Standard_D1_v2"
mrsVmPassword<-"myVmPassword"
hostname<-"myVmHostname"

ldsvm <- deployDSVM(context, 
                    resource.group = resourceGroup,
                    location       = location,
                    hostname       = hostname,
                    username       = vmUsername,
                    size           = size,
                    os = "Ubuntu",
                    pubkey         = PUBKEY)

The guide vaguely describes creating a public key (PUBKEY) from the users private key, which is sent to the VM to allow it to provide SSH authentication:

To get started we need to load our Azure credentials as well as the user’s ssh public key. Public keys on Linux are typically created on the users desktop/laptop machine and will be found within ~/.ssh/id_rsa.pub. It will be convenient to create a credentials file to contain this information. The contents of the credentials file will be something like the foloowing and we assume the user creates such a file in the current working directory, naming the file _credentials.R. Replace with the user’s username.

TID <- "72f9....db47"          # Tenant ID
CID <- "9c52....074a"          # Client ID
KEY <- "9Efb....4nwV....ASa8=" # User key

PUBKEY   <- readLines("~/.ssh/id_rsa.pub") # For Linux DSVM

My question:

Is this public key PUBKEY generated from the authentication/user key created by setting up the Azure Active Directory application in the Azure SMR Auth guide (the KEY variable in the above script)? If so, how? I've tried using the R sodium library pubkey(charToRaw(KEY)) to do this but I get "Invalid key, must be exactly 32 bytes".

If PUBKEY isn't generated from KEY, from what is it generated? And how does the package know how to authenticate with the private key to this public key?

2
razuresshazure-active-directoryazure-dsvm

2 Answers

2
votes

The AAD key is used for authenticating to AAD. The public/private keypair is separate and is used for authenticating to the VM. If you do not have a public key (in the file ~/.ssh/id_rsa.pub), you can create one using ssh-keygen on Linux.

SSH connections use the private key (in ~/.ssh/id_rsa) by default.

1
votes

A couple of things in addition to Paul Shealy's (correct) answer:

ssh-keygen is also installed on recent versions of Windows 10 Pro, along with ssh, scp and curl. Otherwise, you probably have the Putty ssh client installed, in which case you can use puttygen to save a public/private key pair.

AzureDSVM is rather old and depends on AzureSMR, which is no longer actively maintained. If you want to deploy a DSVM, I'd recommend using the AzureVM package, which is on CRAN and GitHub. This in turn builds on the AzureRMR package which provides a general framework for managing Azure resources.

library(AzureVM)
az <- AzureRMR::az_rm$new(tenant="youraadtenant", app="yourapp_id", password="password")
sub <- az$get_subscription("subscription_id")
rg <- sub$get_resource_group("rgname")

vm <- rg$create_vm(os="Ubuntu",
    username="yourname",
    passkey=readLines("~/.ssh/id_rsa.pub"),
    userauth_type="key")

Have a look at the AzureRMR and AzureVM vignettes for more information.

Disclaimer: I'm the author of AzureRMR and AzureVM.