配合使用 VMAccess 扩展和 Azure CLI 管理管理用户、SSH,并检查或修复 Linux VM 上的磁盘Manage administrative users, SSH, and check or repair disks on Linux VMs using the VMAccess Extension with the Azure CLI

概述Overview

Linux VM 上的磁盘显示错误。The disk on your Linux VM is showing errors. 不知道怎样重置 Linux VM 的 root 密码,或者不小心删除了 SSH 私钥。You somehow reset the root password for your Linux VM or accidentally deleted your SSH private key. 如果在数据中心的时代发生这种情况,则需要开车到那里,并打开 KVM 访问服务器控制台。If that happened back in the days of the datacenter, you would need to drive there and then open the KVM to get at the server console. 请将 Azure VMAccess 扩展想像成该 KVM 交换机,它允许访问控制台以重置 Linux 访问或执行磁盘级维护。Think of the Azure VMAccess extension as that KVM switch that allows you to access the console to reset access to Linux or perform disk level maintenance.

本文介绍:如何在 Azure VMAccess Extension 作为 Azure Resource Manager 虚拟机运行时,检查或修复磁盘、重置用户访问权限、管理行政性用户帐户,或更新 Linux 上的 SSH 配置。This article shows you how to use the Azure VMAccess Extension to check or repair a disk, reset user access, manage administrative user accounts, or update the SSH configuration on Linux when they are running as Azure Resource Manager virtual machines. 如果你需要管理经典虚拟机,可以按照经典 VM 文档中的说明进行操作。If you need to manage Classic virtual machines - you can follow the instructions found in the classic VM documentation.

备注

如果在安装 AAD 登录扩展后使用 VMAccess 扩展来重置 VM 的密码,则需要重新运行 AAD 登录扩展以重新启用计算机的 AAD 登录。If you use the VMAccess Extension to reset the password of your VM after installing the AAD Login Extension you will need to rerun the AAD Login Extension to re-enable AAD Login for your machine.

必备条件Prerequisites

操作系统Operating system

VM 访问扩展可以针对这些 Linux 分发运行:The VM Access extension can be run against these Linux distributions:

分发Distribution 版本Version
UbuntuUbuntu 16.04 LTS、14.04 LTS 和 12.04 LTS16.04 LTS, 14.04 LTS and 12.04 LTS
DebianDebian Debian 7.9+、8.2+Debian 7.9+, 8.2+
SuseSuse 11 和 1211 and 12
OpenSuseOpenSuse openSUSE Leap 42.2+openSUSE Leap 42.2+
CentOSCentOS CentOS 6.3+、7.0+CentOS 6.3+, 7.0+
CoreOSCoreOS 494.4.0+494.4.0+

使用 VMAccess 扩展的方法Ways to use the VMAccess Extension

可通过两种方法在 Linux VM 上使用 VMAccess 扩展:There are two ways that you can use the VMAccess Extension on your Linux VMs:

下面的示例使用 az vm user 命令。The following examples use az vm user commands. 若要执行这些步骤,需要安装最新的 Azure CLI,并使用 az login 登录到 Azure 帐户。To perform these steps, you need the latest Azure CLI installed and logged in to an Azure account using az login.

更新 SSH 密钥Update SSH key

以下示例更新名为 myVM 的 VM 上用户 azureuser 的 SSH 密钥:The following example updates the SSH key for the user azureuser on the VM named myVM:

az vm user update \
  --resource-group myResourceGroup \
  --name myVM \
  --username azureuser \
  --ssh-key-value ~/.ssh/id_rsa.pub

注意:az vm user update 命令将新公钥文本附加到 VM 上管理员用户的 ~/.ssh/authorized_keys 文件。NOTE: The az vm user update command appends the new public key text to the ~/.ssh/authorized_keys file for the admin user on the VM. 此操作不会替换或删除任何现有的 SSH 密钥。This does not replace or remove any existing SSH keys. 这不会删除在部署时设置的先前密钥或通过 VMAccess 扩展进行的后续更新。This will not remove prior keys set at deployment time or subsequent updates via the VMAccess Extension.

重置密码Reset password

以下示例重置名为 myVM 的 VM 上用户 azureuser 的密码:The following example resets the password for the user azureuser on the VM named myVM:

az vm user update \
  --resource-group myResourceGroup \
  --name myVM \
  --username azureuser \
  --password myNewPassword

重启 SSHRestart SSH

下面的示例将在名为 myVM 的 VM 上重启 SSH 守护程序,并将 SSH 配置重置为默认值:The following example restarts the SSH daemon and resets the SSH configuration to default values on a VM named myVM:

az vm user reset-ssh \
  --resource-group myResourceGroup \
  --name myVM

创建管理员/sudo 用户Create an administrative/sudo user

以下示例创建名为 myNewUser、具有 sudo 权限的用户 。The following example creates a user named myNewUser with sudo permissions. 此帐户使用 SSH 密钥在名为 myVM 的 VM 上进行身份验证。The account uses an SSH key for authentication on the VM named myVM. 丢失或忘记当前凭据时,此方法有助于重新获取对 VM 的访问权限。This method is designed to help you regain access to a VM in the event that current credentials are lost or forgotten. 作为最佳做法,应限制具有 sudo 权限的帐户 。As a best practice, accounts with sudo permissions should be limited.

az vm user update \
  --resource-group myResourceGroup \
  --name myVM \
  --username myNewUser \
  --ssh-key-value ~/.ssh/id_rsa.pub

删除用户Delete a user

以下示例将删除名为 myVM 的 VM 上名为 myNewUser 的用户:The following example deletes a user named myNewUser on the VM named myVM:

az vm user delete \
  --resource-group myResourceGroup \
  --name myVM \
  --username myNewUser

使用 JSON 文件和 VMAccess 扩展Use JSON files and the VMAccess Extension

以下示例使用原始 JSON 文件。The following examples use raw JSON files. 然后使用 az vm extension set 调用 JSON 文件。Use az vm extension set to then call your JSON files. 从 Azure 模板也可以调用这些 JSON 文件。These JSON files can also be called from Azure templates.

重置用户访问权限Reset user access

如果已失去 Linux VM 的 root 访问权限,可以启动 VMAccess 脚本更新用户的 SSH 密钥或密码。If you have lost access to root on your Linux VM, you can launch a VMAccess script to update a user's SSH key or password.

若要更新用户的 SSH 公钥,请创建名为 update_ssh_key.json 的文件并添加以下格式的设置。To update the SSH public key of a user, create a file named update_ssh_key.json and add settings in the following format. 用你自己的值替换 usernamessh_key 参数:Substitute your own values for the username and ssh_key parameters:

{
  "username":"azureuser",
  "ssh_key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZ3S7gGp3rcbKmG2Y4vGZFMuMZCwoUzZNGxxxxxx2XV2x9FfAhy8iGD+lF8UdjFX3t5ebMm6BnnMh8fHwkTRdOt3LDQq8o8ElTBrZaKPxZN2thMZnODs5Hlemb2UX0oRIGRcvWqsd4oJmxsXa/Si98Wa6RHWbc9QZhw80KAcOVhmndZAZAGR+Wq6yslNo5TMOr1/ZyQAook5C4FtcSGn3Y+WczaoGWIxG4ZaWk128g79VIeJcIQqOjPodHvQAhll7qDlItVvBfMOben3GyhYTm7k4YwlEdkONm4yV/UIW0la1rmyztSBQIm9sZmSq44XXgjVmDHNF8UfCZ1ToE4r2SdwTmZv00T2i5faeYnHzxiLPA3Enub7xxxxxxwFArnqad7MO1SY1kLemhX9eFjLWN4mJe56Fu4NiWJkR9APSZQrYeKaqru4KUC68QpVasNJHbuxPSf/PcjF3cjO1+X+4x6L1H5HTPuqUkyZGgDO4ynUHbko4dhlanALcriF7tIfQR9i2r2xOyv5gxJEW/zztGqWma/d4rBoPjnf6tO7rLFHXMt/DVTkAfn5wxxtLDwkn5FMyvThRmex3BDf0gujoI1y6cOWLe9Y5geNX0oj+MXg/W0cXAtzSFocstV1PoVqy883hNoeQZ3mIGB3Q0rIUm5d9MA2bMMt31m1g3Sin6EQ== azureuser@myVM"
}

结合以下参数执行 VMAccess 脚本:Execute the VMAccess script with:

az vm extension set \
  --resource-group myResourceGroup \
  --vm-name myVM \
  --name VMAccessForLinux \
  --publisher Microsoft.OSTCExtensions \
  --version 1.4 \
  --protected-settings update_ssh_key.json

若要重置用户密码,请创建名为 reset_user_password.json 的文件并添加以下格式的设置。To reset a user password, create a file named reset_user_password.json and add settings in the following format. 用你自己的值替换 usernamepassword 参数:Substitute your own values for the username and password parameters:

{
  "username":"azureuser",
  "password":"myNewPassword" 
}

结合以下参数执行 VMAccess 脚本:Execute the VMAccess script with:

az vm extension set \
  --resource-group myResourceGroup \
  --vm-name myVM \
  --name VMAccessForLinux \
  --publisher Microsoft.OSTCExtensions \
  --version 1.4 \
  --protected-settings reset_user_password.json

重启 SSHRestart SSH

若要重新启动 SSH 守护程序并将 SSH 配置重置为默认值,请创建名为 reset_sshd.json 的文件。To restart the SSH daemon and reset the SSH configuration to default values, create a file named reset_sshd.json. 添加以下内容:Add the following content:

{
  "reset_ssh": true
}

结合以下参数执行 VMAccess 脚本:Execute the VMAccess script with:

az vm extension set \
  --resource-group myResourceGroup \
  --vm-name myVM \
  --name VMAccessForLinux \
  --publisher Microsoft.OSTCExtensions \
  --version 1.4 \
  --protected-settings reset_sshd.json

管理管理用户Manage administrative users

若要创建具有 sudo 权限且使用 SSH 密钥进行身份验证的用户,请创建名为 create_new_user.json 的文件并添加以下格式的设置。To create a user with sudo permissions that uses an SSH key for authentication, create a file named create_new_user.json and add settings in the following format. 用你自己的值替换 usernamessh_key 参数的值。Substitute your own values for the username and ssh_key parameters. 丢失或忘记当前凭据时,此方法有助于重新获取对 VM 的访问权限。This method is designed to help you regain access to a VM in the event that current credentials are lost or forgotten. 作为最佳做法,应限制具有 sudo 权限的帐户 。As a best practice, accounts with sudo permissions should be limited.

{
  "username":"myNewUser",
  "ssh_key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZ3S7gGp3rcbKmG2Y4vGZFMuMZCwoUzZNG1vHY7P2XV2x9FfAhy8iGD+lF8UdjFX3t5ebMm6BnnMh8fHwkTRdOt3LDQq8o8ElTBrZaKPxZN2thMZnODs5Hlemb2UX0oRIGRcvWqsd4oJmxsXa/Si98Wa6RHWbc9QZhw80KAcOVhmndZAZAGR+Wq6yslNo5TMOr1/ZyQAook5C4FtcSGn3Y+WczaoGWIxG4ZaWk128g79VIeJcIQqOjPodHvQAhll7qDlItVvBfMOben3GyhYTm7k4YwlEdkONm4yV/UIW0la1rmyztSBQIm9sZmSq44XXgjVmDHNF8UfCZ1ToE4r2SdwTmZv00T2i5faeYnHzxiLPA3Enub7iUo5IdwFArnqad7MO1SY1kLemhX9eFjLWN4mJe56Fu4NiWJkR9APSZQrYeKaqru4KUC68QpVasNJHbuxPSf/PcjF3cjO1+X+4x6L1H5HTPuqUkyZGgDO4ynUHbko4dhlanALcriF7tIfQR9i2r2xOyv5gxJEW/zztGqWma/d4rBoPjnf6tO7rLFHXMt/DVTkAfn5woYtLDwkn5FMyvThRmex3BDf0gujoI1y6cOWLe9Y5geNX0oj+MXg/W0cXAtzSFocstV1PoVqy883hNoeQZ3mIGB3Q0rIUm5d9MA2bMMt31m1g3Sin6EQ== myNewUser@myVM",
  "password":"myNewUserPassword"
}

结合以下参数执行 VMAccess 脚本:Execute the VMAccess script with:

az vm extension set \
  --resource-group myResourceGroup \
  --vm-name myVM \
  --name VMAccessForLinux \
  --publisher Microsoft.OSTCExtensions \
  --version 1.4 \
  --protected-settings create_new_user.json

若要删除用户,请创建名为 delete_user.json 的文件并添加以下内容。To delete a user, create a file named delete_user.json and add the following content. 用你自己的值替换 remove_user 参数:Substitute your own value for the remove_user parameter:

{
  "remove_user":"myNewUser"
}

结合以下参数执行 VMAccess 脚本:Execute the VMAccess script with:

az vm extension set \
  --resource-group myResourceGroup \
  --vm-name myVM \
  --name VMAccessForLinux \
  --publisher Microsoft.OSTCExtensions \
  --version 1.4 \
  --protected-settings delete_user.json

检查或修复磁盘Check or repair the disk

使用 VMAccess 还可以检查并修复添加到 Linux VM 的磁盘。Using VMAccess you can also check and repair a disk that you added to the Linux VM.

若要检查并修复磁盘,请创建名为 disk_check_repair.json 的文件并添加以下格式的设置。To check and then repair the disk, create a file named disk_check_repair.json and add settings in the following format. 用你自己的值替换 repair_disk 名称:Substitute your own value for the name of repair_disk:

{
  "check_disk": "true",
  "repair_disk": "true, mydiskname"
}

结合以下参数执行 VMAccess 脚本:Execute the VMAccess script with:

az vm extension set \
  --resource-group myResourceGroup \
  --vm-name myVM \
  --name VMAccessForLinux \
  --publisher Microsoft.OSTCExtensions \
  --version 1.4 \
  --protected-settings disk_check_repair.json

故障排除和支持Troubleshoot and support

故障排除Troubleshoot

有关扩展部署状态的数据可以从 Azure 门户和使用 Azure CLI 进行检索。Data about the state of extension deployments can be retrieved from the Azure portal, and by using the Azure CLI. 若要查看给定 VM 的扩展部署状态,请使用 Azure CLI 运行以下命令。To see the deployment state of extensions for a given VM, run the following command using the Azure CLI.

az vm extension list --resource-group myResourceGroup --vm-name myVM -o table

支持Support

如果对本文中的任何观点存在疑问,可以联系 Azure 支持上的 Azure 专家。If you need more help at any point in this article, you can contact the Azure experts on the Azure support. 或者,你也可以提出 Azure 支持事件。Alternatively, you can file an Azure support incident. 请转到 Azure 支持站点提交请求。Go to the Azure support site and submit your request. 有关使用 Azure 支持的信息,请阅读 Azure 支持常见问题For information about using Azure Support, read the Azure support FAQ.