SSH handshaking | Configure the public instance to connect to the private instance

Well, we will connect to a virtual instance through the public endpoint of that instance and a PEM key. But when there is a need to connect to an instance in a private subnet that doesn’t have a public endpoint, to install and deploy applications.

Handshaking between the public and private virtual instances in a virtual network using the same PEM key to authenticate both.

Public subnet contains virtual instances that can connect directly using the public endpoint, whereas instances that contain private endpoints can’t be able to connect directly using the internet. An instance(bastion to private subnet) that already existed in the same virtual network should authorize public users to connect to the private subnet instances.

Public virtual instances can be connected by using(in Terminal/cmd prompt):

# connect to public subnet virtual machine
chmod 400 your_pem_key.pem
ssh -i your_pem_key.pem username@public_ip_address

Before creating the private virtual instances, check:

Select the same key for both public & private virtual machines

1. Use the existing key stored in Azure & select the same key used for creating public virtual instances.
2. Enable port 22 in every public and private instance.

Connect to the public virtual instance, and copy that pem key.

# copy your pem key
pbcopy < your_pem_key.pem

Create a pem key in a public virtual instance.

vi your_pem_key.pem
# paste the copied key here

Click esc, :wq to save.

Inside a public virtual instance, use these commands to connect to a private instance.

chmod 400 your_pem_key.pem
ssh -i your_pem_key.pem username@private_ip_address

Giving yes will connect you to a private virtual instance.

Saving a pem key in a public instance is not recommended every time. Generating a key in the public instance and saving it as an authorized key in the private instance is the better approach. In public instances,

ssh-keygen
# click enter 3 times
vi .ssh/id_rsa.pub
# copy the key

Enter the private machine using the first approach by locating the pem key.

vi .ssh/authorized_keys
# press i to enter into insert mode & paste the copied key there
# press esc & :wq to write and save

Go back to the public instance and delete the pem key that we created earlier to connect the private instance. We can connect to the private instance using this command directly from now, without using any pem key.

ssh private_ip_address

This is my better approach to handshaking public and private instances.

Author: Bhuvan Prasad

1. Linkedin

Thanks for your time!