Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
azure vm create: Cannot create a passwordless Linux VM #586
Similar to the portal, I'd like to improve the SSH security of my instance by using a private key, providing just the PEM cert with the
However I'm still being prompted for a password; the Azure portal makes the password optional.
If I try entering a blank password when prompted, the error I get is 'Missing the required primitive field 'UserPassword' in the role' so I'm not sure how the portal configures VMs that have none but it is possible!
The underlying issue here is that our serialization logic inside the role model system will ignore empty strings from appearing in XML; however, in this specialized scenario, the REST endpoints will actually happily accept an empty password as long as it is included in an empty XML element in the request. This scenario is only for SSH scenarios where the
I've prototyped a working fix to unblock myself and these commits are available to review. Happy to clean up and try to pull into the product at some point but of course I did this with only manual testing (unblocking my work) vs writing unit tests et al.
Node SDK fix:
Updates the role schema parser to support a new
This fix must be taken for the CLI change to work or the CLI's new values for the password are ignored.
X-plat CLI change:
Adds a new
PM question / design:
What should the default be? In the portal, the default for Linux IaaS VMs right now is to check the box for SSH certificate use and ask for the upload, with the password box unchecked.
This would imply that a breaking change should be made to match the portal behavior whereby when you specify the SSH certificate PEM file in the command line, to automatically disable the password sending unless you opt in to providing a password.
My implementation provided above does not do the breaking change but instead has the passwordless option be opt-in. I'm not a fan but it is lower impact.
I believe no Linux VM should have a password set in the IaaS world per the standards other cloud environments tend to have in this space.