SSH keys on Windows for Kubernetes with Azure Container Service (ACS)

I’m on Windows and want to connect to my Kubernetes Linux cluster provisioned with Azure Container Service. I want to connect in the command prompt so I can use Kubectl and I want to connect with PuTTY also. Besides this I also want to know which keys to use when provisioning the ACS Kubernetes cluster in the Azure Portal and also which key to use when provisioning with ARM templates.

It is possible to follow the Microsoft documentation and generate SSH keys to connect to your cluster and execute openssl.exe and also PuttyGen to connect with PuTTY . But I was struggling with the SSH keys a couple of times now. And after some investigation together with Loek Duys, the following method works best for me:

Prerequisites

1. You should already have installed all necessary tools. See the documentation to read how to do this.
2. Download PuTTY
3. Download PuTTYgen

Use PuTTYgen to generate *all* necessary SSH keys

1. Open PuTTYgen. Click Generate. Move your mouse over the blank area and wait till the key is generated. (all default values, so the type to generate is RSA)
   
2. Fill in a passphrase
3. Click on Save public key. Name it: pempublickey
4. Click on Save private key. Name it: puttyprivatekey.ppk
5. Select the key in the textbox and save it in a new file. Name it: singlelinepublickey
6. Click on Conversions in the menu. Then Export OpenSSH key. Name it: opensshrsaprivatekey
   

You have all keys that are needed.

Connecting with PuTTY:

1. Fill in the Host Name: <youruser>@<Master FQDN>
   For example: azureuser@mycluster.westeurope.cloudapp.azure.com
2. Fill in the port: 22
   
3. Navigate to Connection–>SSH–>Auth and select the puttyprivatekey.ppk
   
   
4. Tip: save the settings by typing a name in Saved Settions textbox and click Save. Next time you start PuTTY you only have to load the settings

Use the Command Prompt: az acs kubernetes get-credentials

1. Use the opensshrsaprivatekey as parameter for az acs kubernetes get-credentials command:
   az acs kubernetes get-credentials –resource-group=myresourcegroup –name=myclustername –ssh-key-file “C:\sshkeys\opensshrsaprivatekey”
   You will be asked for the passphrase.
2. If you don’t want to pass –ssh-key everytime, put the opensshrsaprivatekey file in the .ssh directory in your user map:
   C:\Users\Pascal Naber\.ssh\opensshrsaprivatekey
   now you can connect just with:
   az acs kubernetes get-credentials –resource-group=myresourcegroup –name=myclustername

Provision the ACS cluster with Kubernetes in the Azure Portal

1. Paste the content of one of the public SSH keys. Use pempublickey or singlelinepublickey
   
   

Provision the ACS cluster with an ARM Template

1. Use the single line public key file: singlelinepublickey
   
   

Reset the SSH key

If you made a mistake while provisioning the cluster or you want to reset the SSH key, you don’t have to delete the cluster and provision it again. It’s possible to reset the SSH key.

1. In the Azure Portal navigate to the cluster and select the master virtual machine.
2. In the menu click on Reset password
3. You have the option here to Reset the SSH public key. You can use one of the public keys; or the pempublickey or the singlelinepublickey