Search code examples
azuredcosazure-container-service

Azure DC/OS cluster. How to change SSH RSA public key

I'm new in Azure and DC/OS. I deployed a DC/OS cluster using the next document: https://learn.microsoft.com/en-us/azure/container-service/container-service-deployment. What should I do in case I want change SSH RSA public key which I used in deploying? I couldn't find a document with description such situation.

After deploying a DC/OS cluster I have a resource group which contains virtual machine with name like dcos-master-* . I can change public key for this virtual machine using azure web portal: resourcegroup->'dcos-master-* '->Reset password. But as I understand it's not enough. I see also that my resource group contains virtual machine scale sets like dcos-agent-private-* and dcos-agent-public-*. But I can't find how to reset passwords there.

Explain me please what should I do in such case?

Solution

  • What should I do in case I want change SSH RSA public key which I used in deploying?

    Sorry, I have not find how to change the public key of VMSS, I will do some search, if I get anything new, I'll keep you updated.

    As a workaround, we can add a new public key to VMSS, here is the script:

    $vmssName = "dcos-agent-private-EAF6BCA8-vmss0"
$vmssResourceGroup = "dcos"
$vmss = Get-AzureRmVmss -ResourceGroupName $vmssResourceGroup -VMScaleSetName $vmssName
Add-AzureRmVmssSshPublicKey -VirtualMachineScaleSet $VMSS -KeyData "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr1ftAx4QhtzAeqei9ukw32nrM8kmB6t2UVdBpuUjAeBAI3/cln/0vmekCt2OPJof5/mdaMTYoMleMsPxQWcm19fZviiMS0rkmLU9qwTeJf8+T8RWEUB75wRH5aDdrit1eYZ9bwJGL1LbkECKWoB02HZGLRH24Z5BLLXCkXjGI8LTLTTZobAnM4EC1QGMCsuMUl0mlhchaK0yQifx+GHOsbFuqe+E40akAzzh7tt+O4I/TjigrE4YHUJlmGNlY3grXFPE5oaszzb97/yyglt1cW2KucjAI4qm7ZTQ6wz5asW8IoN+jya4h2O4Au0ymNVgw1EQG1p8UJ2qByyxxJNMSw==" -Path "/home/admin/.ssh/authorized_keys"

    Here is the result:

    enter image description here

    By the way, if you don't want user can use your original public key to login VMSS instance, we can login this instance and delete the original public key in authorized_key.

    jason@dcos-agent-public-EAF6BCA8000001:~$ cd .ssh/
jason@dcos-agent-public-EAF6BCA8000001:~/.ssh$ ls
authorized_keys
jason@dcos-agent-public-EAF6BCA8000001:~/.ssh$ cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr1ftAx4QhtzAeqei9ukw32nrM8kmB6t2UVdBpuUjAeBAI3/cln/0vmekCt2OPJof5/mdaMTYoMleMsPxQWcm19fZviiMS0rkmLU9qwTeJf8+T8RWEUB75wRH5aDdrit1eYZ9bwJGL1LbkECKWoB02HZGLRH24Z5BLLXCkXjGI8LTLTTZobAnM4EC1QGMCsuMUl0mlhchaK0yQifx+GHOsbFuqe+E40akAzzh7tt+O4I/TjigrE4YHUJlmGNlY3grXFPE5oaszzb97/yyglt1cW2KucjAI4qm7ZTQ6wz5asW8IoN+jya4h2O4Au0ymNVgw1EQG1p8UJ2qByyxxJNMSw==

    Update:
    we can use this command to list public key.

    enter image description here enter image description here