What's the best practice when assigning SSH keys to virtual machines? If I'm using Terraform to create VMs, how can I set up the SSH keys in that case?
5 Answers
Think about it this way: would you want all the locks in your city to be opened with just one key? Each VM should have its own unique SSH key. Consider using a secure method like Azure Bastion or Google Cloud IAP, which is akin to visiting a centralized place for access.
It’s best practice to use separate SSH keys for each VM based on your environment and application. If you join them to the Entra ID domain, that's even better for security. Personally, I've rarely faced issues with Entra ID logins.
Managing a separate key pair for every single machine can be a hassle, especially with automation. If you have on-prem machines, consider using an SSH CA with short-lived certificates for a more streamlined approach.
One solid approach is to install the SSH VM extension and configure the right RBAC for your resource group. That way, you can log in using your Entra account instead of juggling multiple keys.
I suggest using Azure Key Vault to manage your SSH keys securely. It's straightforward and makes handling keys much simpler. You can check out the Azure documentation on working with SSH keys for a detailed guide! [Learn More](https://learn.microsoft.com/en-us/azure/virtual-machines/ssh-keys-portal)
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures