SSH keys on Windows for Kubernetes with Azure Container Service (ACS)

I’m on Windows and want to connect to my Kubernetes Linux cluster provisioned with Azure Container Service. I want to connect in the command prompt so I can use Kubectl and I want to connect with PuTTY also. Besides this I also want to know which keys to use when provisioning the ACS Kubernetes cluster in the Azure Portal and also which key to use when provisioning with ARM templates.

It is possible to follow the Microsoft documentation and generate SSH keys to connect to your cluster and execute openssl.exe and also PuttyGen to connect with PuTTY . But I was struggling with the SSH keys a couple of times now. And after some investigation together with Loek Duys, the following method works best for me:


  1. You should already have installed all necessary tools. See the documentation to read how to do this.
  2. Download PuTTY
  3. Download PuTTYgen

Use PuTTYgen to generate *all* necessary SSH keys

  1. Open PuTTYgen. Click Generate. Move your mouse over the blank area and wait till the key is generated. (all default values, so the type to generate is RSA)
  2. Fill in a passphrase
  3. Click on Save public key. Name it: pempublickey
  4. Click on Save private key. Name it: puttyprivatekey.ppk
  5. Select the key in the textbox and save it in a new file. Name it: singlelinepublickey
  6. Click on Conversions in the menu. Then Export OpenSSH key. Name it: opensshrsaprivatekey

You have all keys that are needed.

Connecting with PuTTY:

  1. Fill in the Host Name: <youruser>@<Master FQDN>
    For example:
  2. Fill in the port: 22
  3. Navigate to Connection–>SSH–>Auth and select the puttyprivatekey.ppk

  4. Tip: save the settings by typing a name in Saved Settions textbox and click Save. Next time you start PuTTY you only have to load the settings

Use the Command Prompt: az acs kubernetes get-credentials

  1. Use the opensshrsaprivatekey as parameter for az acs kubernetes get-credentials command:
    az acs kubernetes get-credentials –resource-group=myresourcegroup –name=myclustername –ssh-key-file “C:\sshkeys\opensshrsaprivatekey
    You will be asked for the passphrase.
  2. If you don’t want to pass –ssh-key everytime, put the opensshrsaprivatekey file in the .ssh directory in your user map:
    C:\Users\Pascal Naber\.ssh\opensshrsaprivatekey
    now you can connect just with:
    az acs kubernetes get-credentials –resource-group=myresourcegroup –name=myclustername

Provision the ACS cluster with Kubernetes in the Azure Portal

  1. Paste the content of one of the public SSH keys. Use pempublickey or singlelinepublickey

Provision the ACS cluster with an ARM Template

  1. Use the single line public key file: singlelinepublickey

Reset the SSH key

If you made a mistake while provisioning the cluster or you want to reset the SSH key, you don’t have to delete the cluster and provision it again. It’s possible to reset the SSH key.

  1. In the Azure Portal navigate to the cluster and select the master virtual machine.
  2. In the menu click on Reset password
  3. You have the option here to Reset the SSH public key. You can use one of the public keys; or the pempublickey or the singlelinepublickey

5 gedachtes over “SSH keys on Windows for Kubernetes with Azure Container Service (ACS)

  1. Pingback: Run .NET Core 2 Docker images in Kubernetes using Azure Container Service and Azure Container Registry | Pascal Naber

  2. Pingback: Working with multiple Kubernetes Clusters on Azure Container Service | Pascal Naber

  3. Pingback: Azure Containers, SSH Keys and Windows – TECHBUNNY

  4. Pingback: Access dashboard on AKS with RBAC enabled | Pascal Naber

  5. Pingback: Resources for “Getting Started with Azure Kubernetes Service with .NET Core, Prometheus, and Grafana” » Brain Flings

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen. logo

Je reageert onder je account. Log uit /  Bijwerken )


Je reageert onder je Twitter account. Log uit /  Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit /  Bijwerken )

Verbinden met %s

Deze site gebruikt Akismet om spam te bestrijden. Ontdek hoe de data van je reactie verwerkt wordt.