In this lab I learned how to create a Linux virtual machine in Azure. Prior to creating my Linux VM, I needed to decide an authentication method for SSH. I decided on creating an SSH keypair. Having a username and password for a VM leaves my machine vulnerable for brute-force attacks. The SSH key pair allows a more secure method of connection between myself and virtual machines.
1. First thing I did in Azure Cloud Shell was create an SSH-2 (SSH protocol 2) RSA public-private key pair.
a. ssh-keygen -t rsa -b 4096
2. Selected the Enter key to accept the default location. If the file had already existed, it would have been overwritten
3. You can view the contents of your RSA with the following command:
a. cat ~/.ssh/id_rsa.pub
4. If I had a Virtual machine already created. I would need to apply the SSH key while creating the new Linux VM, I would need to copy the contents of my public key to the Azure portal, OR supply the key using Azure CLI or Azure PowerShell.
a. ssh-copy-id -i ~/.ssh/id_rsa.pub azureuser@myserver
5. Next I created my Linux Virtual Using default lab settings
Resource Group: learn-70350999–2ab9–4c12–83d5–3d8b4169dea7
Server Name: test-web-eus-vm1
Location: West US 2
Availability options: No infrastructure redundancy required
Size: D2s v3
Administrator account: SSH public key
6. Next I navigated within Azure portal to Virtual machine> VM Name > Connect
7. Next I needed to connect to my Linux VM using the SSH key I created
a. ssh AzureUser@104.210.x.x
8. Now that I’m connected to my VM via SSH. I wanted to install Apache Web server
a. sudo apt-get update (updates local package index)
b. sudo apt-get install apache2 -y (Installs Apache)
c. sudo systemctl status apache2 — no-pager (checks service to see if Apache is running)
9.By default VM’s are locked down. In the VM Overview Port 80 is allowed within the Network Security Group but port 80 is block within the network Interface. I will need to open port 80 on the NIC to connect to the website
10. I went to Add inbound port rule > Basic
11.Entered the following in the required field and selected Add
12. Lastly, Type in the IP address of your web server in a browser. You should see this Apache splash page to ensure functionality.