Biznet GIO Cloud Connecting VM via SSH
Introduction Connecting to your newly created Virtual Machine (VM) via an SSH client is easy but you will need to make some configuration changes in Portal first. This document will guide you through the necessary processes to configure the VM. Once launched your VM will not be accessible via a SSH client. This is because BT Cloud Compute deploys a firewall between your VM and the Internet with deny rules as default. Prerequisites Your VM has been deployed on an isolated network (this is the standard network which is auto provisioned). Your isolated network has an external IP Address (an IP Address is automatically assigned to your default isolated network). Any additional isolated networks will not have a IP Address and one will need to be acquired separately. Your VM is running an appropriate Linux operating system. You are using a suitable SSH client such as PuTTY. For the purpose of this guide we will be showing PuTTY but other clients are available. Setting up an SSH key In order to access your Linux VM using SSH you first need to choose / create or add an SSH key to the VM. This is achieved when you create your VM. Once you have selected your VM size, operating system etc. you will be asked to configure and subscribe. On the Configuration and Subscribe screen,.bottom left hand corner you will see a section called SSH Key Pair. Within the SSH Key Pairs a number of options are available. You must therefore make a choice before completing the delivery of your VM. The different options are explained on the next pages of this document. Biznet GIO all right reserved 2 of 14
There are two options for connecting via SSH, using a user name and password combination or using an SSH key. If you intend to use the a user name and password combination select [No SSH Key]. You can now [Subscribe and Provision] your VM. To use an SSH Key you can choose to Generate a new SSH key, Upload a SSH key, or select a previously generated or uploaded key. Generate SSH Key Selecting [Generate SSH Key] will generate an RSA key. The key text should be copied to notepad and saved to a local file - this will be used later to set-up the SSH client. Biznet GIO all right reserved 3 of 14
Other software programs can be used to store the key. In this example we have used Microsoft Notepad Upload Key Upload key allows you to upload a key you have previously created outside of the Cloud Compute service. For the purpose of the document we have used PuTTY Key Generator. N.B Any keys generated should be compliant with your local legal requirements. Open PuTTY Key Generator, select File then Click [Load private key] Now select testkey.ppk who has been saved Biznet GIO all right reserved 4 of 14
And then follow the on screen will show next instruction Save the Private keys, ensuring you store the private key in a safe place. Next copy the Public key from the key generator and paste into the Cloud Compute portal. On the Cloud Compute Portal select [Upload SSH Key]. Provide your key with a name then paste the Public key in to the box provided. Select [Upload Key]. Biznet GIO all right reserved 5 of 14
You will then see confirmation that the key has been loaded. Select SSH Key If you have previously generated or saved an SSH key you can choose this key to re-use for a new VM. Biznet GIO all right reserved 6 of 14
Configuring your VM to accept an SSH request To access a provisioned VM using SSH please follow the instructions below. From the Home screen select [Managed Resources] followed by [Cloud]. From the Managed Resources tabs select the [Instances] tab From the he left hand menu select the VM that you wish to apply the firewall rules to. In this example we have selected a machine we had previously called GSC. Biznet GIO all right reserved 7 of 14
For your chosen VM select the [NICs] tab. This will show you the network attributes of your VM. In this example we can see the VM is connected to an Isolated network (and therefore could connect to the Internet). We therefore need to make a note of the Network ID as we will need this information in a minute This is the internal ID of the network used by your VM. It is unique to each network and will therefore help us identify which network we need to apply the firewall rule to. Select the [IP Address] tab. Displayed on the left hand navigation will be all the IP Addresses associated with your Account (Master User and Power User will see all). Remember every User will have an IP Address and every location you have deployed a VM will also have an IP Address so there may be many displayed. Scroll through the list of IP Addresses until you find the one with the [Associated Network ID] that matches the [Network ID] you dentified and noted earlier. Biznet GIO all right reserved 8 of 14
Now that you have identified the IP Address associated with the network your VM resides on select the [Firewall] tab. This tab allows you to create the firewall rules associated with your network. These are the Ingress rules for your network. Egress rules can be found on the Network tab (rather than IP address tab) but are not required to set up an SSH session. For the purposes of this guide we are going to demonstrate how to create a standard rule for TCP/IP traffic using port 22 (the default port used by SSH) - this will allow traffic through to the remote desktop on our virtual machine. [Source CIDR] Enter the source network of the devices you would like to have access to your virtual machine. In this example we want it available to everyone on the Internet so we enter 120.161.0.0/24 to increase security you can be more specific and lock it down to your own office / home network [Protocol] [Start Port] [End Port] Using the dropdown box select the required protocol. In this case we want the default TCP Enter 22. This is the first port in the range you wish the firewall to allow Enter 22. This is the last port in the range you wish the firewall to allow If ICMP is selected as a Protocol enter -1 in both the [Type] and the [Code] boxes that will appear. This will allow the Security & Network Appliance to respond to ICMP requests. Once the firewall ruleset has been entered click on the + button to add the rule, once the rule has been added, you see it displayed as follows: To remove a rule simply select the button against the corresponding rule. Biznet GIO all right reserved 9 of 14
Select the [Port Forwarding] tab. This will allow you to define which port on the VM you want to use. [Public Port] Enter the IP port incoming traffic will be arriving on. This should be within the range you specified in previously [Private Port] [Protocol] Enter the IP port that will be used by the virtual machine for this traffic. This could be a different port from that specified in the [Public Port] box, if so the port will be natted Specify the protocol used by the target server for this traffic type. This should match the settings previously defined [Virtual Machine] Select the target virtual machine from the drop down list Once the port forwarding rule has been entered click on the + button to add the rule, once the rule has been added you this will be listed as follows. To remove a rule simply select the button against he corresponding rule. Biznet GIO all right reserved 10 of 14
SSH (using PuTTY) to your VM Identify the IP Address of your VM. We saw how to do this earlier. For the purposes of this guide we will assume the IP Address is 123.123.123.13. Start the PuTTY client, then enter the IP address and the Port within the client. Biznet GIO all right reserved 11 of 14
Not Using an SSH Key If you chose No SSH Key when you created the VM, or do not intent to log in using SSH keys select [Auth] under the [SSH] Option. Enter the user name and password. Root is the default administrator user. Biznet GIO all right reserved 12 of 14
Using an SSH Key Select the file where you saved the Private SSH key previously. Save the profile. Biznet GIO all right reserved 13 of 14
Click open on the PuTTY client Enter the username. Root is the default administrator user. The session will be authenticated with the SSH key set-up in the PuTTY client. Biznet GIO all right reserved 14 of 14