Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Terraform Azure VM SSH Key

I am new at Terraform and would like some help. I have successfully created a VM and can manually SSH into it with no problem. The issue is I am working with a team on a project and they can't do any changes to the Tf files without making Terraform delete all the resources and recreating them. I think this is because they have a different SSH Key from mines.

admin_ssh_key {
   username = "azureroot"
   public_key = file("~/.ssh/id_rsa.pub")}

Because the contents of my ssh key is different from my teammates, it will destroy the VM and recreate it using the key from the person who did the terraform apply. Is there any way to get around this? This has caused many issues because we have had multiple vms destroyed because of the keys were different.

like image 888
python-noob Avatar asked Oct 20 '25 02:10

python-noob


2 Answers

Maybe this will help someone who have the same issue with me.

You can generate new private key and public key using terraform configuration language. Here is the following example:

resource "tls_private_key" "example_ssh" {
    algorithm = "RSA"
    rsa_bits = 4096
}

resource "azurerm_linux_virtual_machine" "myterraformvm" {
    computer_name = "myvm"
    admin_username = "azureuser"
    disable_password_authentication = true

    admin_ssh_key {
        username = "azureuser"
        public_key = tls_private_key.example_ssh.public_key_openssh #The magic here
    }

    tags = {
        environment = "Terraform Demo"
    }
}
like image 149
Khanh Tran Avatar answered Oct 22 '25 04:10

Khanh Tran


The problem is due to the configuration of the VM. It seems like you use the resource azurerm_linux_virtual_machine and set the SSH key as:

admin_username      = "azureroot"
admin_ssh_key {
   username = "azureroot"
   public_key = file("~/.ssh/id_rsa.pub")
}

For the public key, you use the function file() to load the public key from your current machine with the path ~/.ssh/id_rsa.pub. So when you are in a different machine, maybe your teammate's, then the public key should be different from yours. And it makes the problem.

Here I have two suggestions for you. One is that use the static public key like this:

admin_username      = "azureroot"
admin_ssh_key {
   username = "azureroot"
   public_key = "xxxxxxxxx"
}

Then no matter where you execute the Terraform code, the public key will not cause the problem. And you can change the things as you want, for example, the NSG rules.

like image 21
Charles Xu Avatar answered Oct 22 '25 03:10

Charles Xu