安全外壳 (SSH) 是一种网络协议,它为在不安全的网络上安全地运行网络服务提供加密。Secure Shell (SSH) is a network protocol that provides encryption for operating network services securely over an unsecured network. SSH 还提供命令行登录、执行远程命令以及安全传输文件等功能。SSH also provides a command-line sign in, executes remote commands, and securely transfer files. 它通常用于基于 UNIX 的系统,如 Linux®。It is commonly used in UNIX-based systems such as Linux®. SSH 取代了 Telnet 协议,后者在不安全的网络中不提供加密。SSH replaces the Telnet protocol, which does not provide encryption in an unsecured network.

Azure Active Directory (Azure AD) 为在 Azure 上运行的基于 Linux® 的系统提供了虚拟机 (VM) 扩展。Azure Active Directory (Azure AD) provides a Virtual Machine (VM) extension for Linux®-based systems running on Azure.

何时使用Use when

  • 使用需要远程登录的基于 Linux® 的 VMWorking with Linux®-based VMs that require remote sign in

  • 在基于 Linux® 的系统中执行远程命令Executing remote commands in Linux®-based systems

  • 在不安全的网络中安全传输文件Securely transfer files in an unsecured network

Azure AD 与 SSH 协议的关系图

SSH 与 Azure ADSSH with Azure AD

系统组件Components of system

  • 用户:启动 SSH 客户端以与 Linux® VM 建立连接,并提供用于身份验证的凭据。User: Starts SSH client to set up a connection with the Linux® VMs and provides credentials for authentication.

  • Web 浏览器:用户与之交互的组件。Web browser: The component that the user interacts with. 它与标识提供者 (Azure AD) 通信,以安全地对用户进行身份验证和授权。It communicates with the Identity Provider (Azure AD) to securely authenticate and authorize the user.

  • SSH 客户端:驱动连接设置过程。SSH Client: Drives the connection setup process.

  • Azure AD:使用设备流验证用户的身份,并向 Linux VM 颁发令牌。Azure AD: Authenticates the identity of the user using device flow, and issues token to the Linux VMs.

  • Linux VM:接受令牌并提供成功连接。Linux VM: Accepts token and provides successful connection.

通过 Azure AD 实现 SSHImplement SSH with Azure AD