So to reiterate what I have and what I want.

I have:

• a private key stored on my machine (that will be used in the future)
• a corresponding public key dev-mgmt-ssh-key stored in an existing Azure Key Vault kv-dev-mgmt (which I don’t want to be managed by Terraform, but only used by it)

I want:

• Terraform to read the public key that is stored in the Azure Key Vault
• Terraform to use that key while provisioning new VM(s)

Using Terraform to read a key that is stored in Azure Key Vault

We will be using the data functions to read an existing key,

# Get existing Key Vault
data "azurerm_key_vault" "kv" {
  name                = "kv-dev-mgmt"
  resource_group_name = "rg-master"
}

# Get existing Key
data "azurerm_key_vault_key" "ssh_key" {
  name         = "dev-mgmt-ssh-key"
  key_vault_id = data.azurerm_key_vault.kv.id
}

Step 1: we used azurerm_key_vault to access an Azure Key Vault resource by specifying the Resource Group and Key Vault names

Step 2: we used azurerm_key_vault_key to access our key by providing a Key Vault Id and the Key name

Now we have the key stored in ssh_key for future reference.

Providing an ssh public key to Azure Linux VM in Terraform

# Create a VM
resource "azurerm_linux_virtual_machine" "main" {
  name                            = .....
  resource_group_name             = .....
  location                        = .....
  size                            = .....
  admin_username                  = "adminuser"
  admin_ssh_key {
    username = "adminuser"
    public_key = data.azurerm_key_vault_key.ssh_key.public_key_openssh
  }
  disable_password_authentication = true

Note: I have reducted all the configuration lines that are irrelevant to the SSH section (like image type, networking, disk, etc.)

We are passing the public_key_openssh attribute of our ssh_key data source to the public_key property of the admin_ssh_key.

We also disable password authentication by setting the disable_password_authentication to true.

Error: decoding … for public key data

As a bonus, I initially tried to use the public_key_pem attribute of the ssh_key key data source, but that, while being able to pass Terraform validate step didn’t work when running apply and was failing with ‘Error: decoding “admin_ssh_key.0.public_key” for public key data” message.

The post How to use an SSH key stored in Azure Key Vault while building Azure Linux VMs using Terraform appeared first on ISbyR.

You will need to use ncat utility which is not available on OSx by default, and is not directly in homebrew, but you can get it by installing nmap (as nmap installation includes ncat utility with support of socks5)

Install nmap

brew install nmap

Connect to your target host

ssh -v -o 'ProxyCommand=ncat --proxy-type socks5 --proxy proxyhost:proxyport --proxy-auth proxyuser:proxypass %h %p' -p22 username@serverhost

That’s is, the only disadvantage is that you need to fill in your user:pass in the command itself. If you have any idea how to overcome it please let me know.

Reference https://stackoverflow.com/questions/34348720/osx-ssh-to-server-through-socks5-proxy

The post How to ssh from Mac via socks proxy appeared first on ISbyR.