I'm curious about best practices when it comes to assigning SSH keys to virtual machines (VMs). Specifically, if I'm using Terraform to create VMs, what would be the right way to configure SSH keys for those instances?
5 Answers
Managing a separate key pair for each VM can be overwhelming, especially in an automated setting. For cases where you also have on-prem machines, using SSH Certificate Authorities with short-lived certificates can be effective. If you do decide to follow the Entra ID route, it often simplifies login issues!
Using separate SSH keys for each VM based on their environment or application component is a good practice. This way, if the VMs are joined to the Entra ID domain, you can usually rely on that for logging in. I've found it's pretty rare to have issues with Entra IDs once everything is set up correctly.
Think about it this way: would you want all the locks in your city to be opened by the same key? Each host should ideally have its own key. You might also explore using authenticated tunnels like Bastion for better security.
It's definitely a good idea to have unique SSH keys for each VM, especially considering security risks. You could also look into using Azure Key Vault for better management. Here’s a helpful link: [learn.microsoft.com](https://learn.microsoft.com/en-us/azure/virtual-machines/ssh-keys-portal).
Instead of juggling multiple SSH keys, you might want to consider using the SSH VM extension and ensuring proper RBAC settings for the resource group. This way, you can log in using your Entra account without managing a ton of keys.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures