Installing Ubuntu VM in Azure

Quite a few times I’ve been asked how to install and configure Ubuntu machines in the Azure cloud. Over a short series of posts I’ll go through some simple steps of how to do it in a secure manner.

Generate certificate for authentication

There are different ways of authenticating when you’re connecting to your VM. A certificate is an encryption key used as a “complex password”. This certificate can also be password protected if wanted. If you don’t want to use a certificate you can jump to the Create a virtual machine section further down.

To authenticate against your Virtual Machine using a certificate you can create a private-public pair using OpenSSL. If you’re using Putty to connect you have to use the Windows version of OpenSSL as many has reported compatibility problems with Linux generated keys in a Windows version of Putty.

Here you can download OpenSSL for Windows from Sourceforge.

Create the keys in the following way. You might need to set the OPENSSL_CONF setting first if your installation file doesn’t do that.

C:\Data\Tools\GnuWin32\bin>set OPENSSL_CONF=c:/Data/Tools/GnuWin32/share/openssl.cnf

C:\Data\Tools\GnuWin32\bin>openssl.exe req -x509 -nodes -days 365 -newkey rsa:2048 -keyout myPrivateKey.key -out myCert.pem
Loading 'screen' into random state - done
Generating a 2048 bit RSA private key
....+++
..................................................+++
writing new private key to 'myPrivateKey.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

C:\Data\Tools\GnuWin32\bin>

In this example the newly created keys will end up in the C:\Data\Tools\GnuWin32\bin folder and you should move them somewhere else. I personally keep them on a TrueCrypt drive.

Generate a PPK file for Putty

Now that you’ve got your key files you need to convert the private key into a Putty recognized format.

1. Download Putty and Puttygen here
2. Open Puttygen and click on Load. Browse to the myPrivateKey.key created earlier (You’ll have to change file filter to All files(*.*) to be able to see the file).
   
3. If you want to password protect your certificate them enter passphrases in the boxes.
4. Click on Save private key.

Create the virtual machine

Now it’s time to create the virtual machine in Azure.

1. Create a new VM under New -> Compute -> Virtual Machine -> From gallery
2. On the first screen – select your linux flavour and version. Even though there are several newer Ubuntu versions available, I selected 12.04 LTS here. I’ve used it in many places and find it more stable than the 13.xx versions.
   
3. On the second screen – set vm name and user credentials. If you’ve created a certificate earlier then select the myCert.pem file here. You can select both password and certificate if you want to.
   
4. On the third screen – configure the cloud service, subscription, network and storage (network and storage are dependent on what subscription you choose). A cloud service is like a box able to contain a lot of things, including many virtual machines. The cloud service has it’s own firewall and prohibits Internet from having direct access to your virtual machines. This is important to understand that your whole cloud service has one public dns name and you then use port mapping to redirect incoming calls to individual virtual machines on the inside. The DNS name you choose here (if you select to create a new cloud service) thus belongs to your cloud service and not specifically to your VM.
   
5. On the fourth screen – port mapping. For our example we just leave this as it is. Default port for SSH is 22 but if you’re using an already existing cloud service where port 22 is taken you won’t be able to use that one. You can leave the Public port field empty and Azure will then assign an available port number.
   
6. It’ll take a few minutes but after a while it should pop up under Virtual Machines in the Azure portal.

Connect to your virtual machine

A basic Linux Ubuntu installation has no graphical user interface so right now all we can do is to connect with a command prompt. Using Putty we connect to the DNS name of the cloud service created during installation.

If you’ve chosen to use certificates you need to set the certificate file under Connection -> SSH -> Auth in the Putty configuration section.

When it’s all set you can click on save to save your profile.

When you connect you’ll either be asked for the password (entered when installing the virtual machine) or the passphrase (entered when converting certificate to putty recognized certificate in Puttygen)…or both of them.

login as: azureuser
Authenticating with public key "openssh-key"
Passphrase for key "openssh-key":

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

azureuser@myUbuntuMachine:~$

You're in and in control of your new VM. If you'd like a graphical user interface for your new VM then you can continue here.