7.6. Creating SSH-Enabled Templates

To be able to connect to a virtual machine via SSH, you need to prepare a VM template (or a boot volume for Windows VMs) before creating a VM from it. The steps you need to perform to prepare the VM template differ depending on the guest operating system and are described in the sections below.

7.6.1. Creating SSH-Enabled Linux Templates

As all Linux guests have OpenSSH Server pre-installed by default, you only need to make sure a Linux template has cloud-init installed.

The easiest way to get a Linux template with cloud-init installed is to build one with the diskimage-builder tool. For more information, refer to Creating Linux Templates.

7.6.2. Creating SSH-Enabled Windows Templates

Windows guests have neither OpenSSH Server nor Cloudbase-Init pre-installed by default. You need to install and configure them manually as follows:

  1. Upload the Windows distribution ISO image. For example:

    # vinfra service compute image create windows10-image --os-distro win10 --file <path_to_image>
    

    where

    • windows10-image is the name of a new image.
    • win10 is the corresponding OS version. To list available distributions, run vinfra service compute show.
  2. Create a VM from the ISO image. For example:

    # vinfra service compute server create windows10-vm --flavor medium --network public \
    --volume source=blank,size=64,boot-index=0,type=disk \
    --volume source=image,id=windows10-image,size=5,boot-index=1,type=cdrom
    

    Note

    Round up the size of volumes to be created from images. E.g., if the OS distribution image is 4.9 GB, use size=5.

    where

    • windows10-vm is the name of a new VM,
    • the first volume is a blank virtual HDD,
    • the second volume is the OS distribution image windows10-image added to the compute cluster in step 1,
    • the boot-index parameter is used to specify the correct boot order.
  3. Log in into the VM and install the guest OS using the built-in VNC console.

  4. Create a new administrator account that will be used for SSH connections and log in with it.

    Important

    You will be able to log in with this account only using the key authentication method.

  5. Install and configure OpenSSH Server as follows:

    1. Run Windows PowerShell with administrator privileges and set the execution policy to unrestricted to be able to run scripts:

      > Set-ExecutionPolicy Unrestricted
      
    2. Download OpenSSH Server (for example, from the GitHub repository), extract the ZIP archive into the C:/Program Files directory, and install it by running:

      > & 'C:/Program Files/OpenSSH-Win64/install-sshd.ps1'
      
    3. Start the OpenSSH SSH Server service in the Control Panel > System and Security > Administrative Tools > Services and set its startup type to Automatic:

      ../_images/win_guests_ssh1.png
    4. Open TCP port 22 for the OpenSSH service in the Windows Firewall:

      > New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound \
      -Action Allow -DisplayName OpenSSH
      
    5. Open the C:\ProgramData\ssh\sshd_config file:

      > notepad 'C:\ProgramData\ssh\sshd_config'
      

      Comment out the following lines at the end of the file:

      #Match Group administrators
      #AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
      

      And save the changes.

    6. Create the .ssh directory in C:\Users\<current_user> and an empty authorized_keys file inside it:

      > cd C:\Users\<current_user>
      > mkdir .ssh
      > notepad .ssh\authorized_keys
      

      The created file will have the .txt extension. To remove it, run:

      > move .\.ssh\authorized_keys.txt .\.ssh\authorized_keys
      
    7. Modify the permissions for the created file to disable inheritance as follows:

      > icacls .ssh\authorized_keys /inheritance:r
      
  6. Download Cloudbase-Init (for example, from the official site) and lauch the installation:

    1. In the Configuration options window, enter the name of the current user in the Username field and deselect the checkbox Use metadata password:
    ../_images/win_guests_ssh2.png
    1. When the installation is complete, select the following checkboxes:
    ../_images/win_guests_ssh3.png
    1. Click Finish.

After the VM shuts down, you can either

  • delete it to make it boot volume available for creating new VMs from it or
  • convert the VM boot volume to a template (see the section “Creating Images from Volumes” in the Administrator’s Guide).