You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-network/tutorial-filter-network-traffic-cli.md
+11-10Lines changed: 11 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -128,9 +128,7 @@ az network vnet subnet create \
128
128
129
129
Create two VMs in the virtual network so you can validate traffic filtering in a later step.
130
130
131
-
Create a VM with [az vm create](/cli/azure/vm). The following example creates a VM that serves as a web server. The `--asgs asg-web-servers` option causes Azure to make the network interface it creates for the VM a member of the *asg-web-servers* application security group.
132
-
133
-
The `--nsg ""` option is specified to prevent Azure from creating a default network security group for the network interface Azure creates when it creates the VM. The following example creates a VM and adds a user account. The `--generate-ssh-keys` parameter causes the CLI to look for an available ssh key in `~/.ssh`. If one is found, that key is used. If not, one is generated and stored in `~/.ssh`. Finally, we deploy the latest `Ubuntu 22.04` image.
131
+
Create a VM with [az vm create](/cli/azure/vm). The following example creates a VM that serves as a web server. The `--asgs asg-web-servers` option causes Azure to make the network interface it creates for the VM a member of the *asg-web-servers* application security group. The `--nsg ""` option is specified to prevent Azure from creating a default network security group for the network interface Azure creates when it creates the VM. The command will prompt you to create a password for the VM. SSH keys are not used in this example to facilitate the later steps in this article. In a production environment, use SSH keys for security.
134
132
135
133
```azurecli-interactive
136
134
az vm create \
@@ -142,7 +140,8 @@ az vm create \
142
140
--nsg "" \
143
141
--asgs asg-web-servers \
144
142
--admin-username azureuser \
145
-
--generate-ssh-keys
143
+
--authentication-type password \
144
+
--assign-identity
146
145
```
147
146
148
147
The VM takes a few minutes to create. After the VM is created, output similar to the following example is returned:
@@ -160,7 +159,9 @@ The VM takes a few minutes to create. After the VM is created, output similar to
160
159
}
161
160
```
162
161
163
-
Create a VM to serve as a management server:
162
+
Create a VM with [az vm create](/cli/azure/vm). The following example creates a VM that serves as a management server. The `--asgs asg-mgmt-servers` option causes Azure to make the network interface it creates for the VM a member of the *asg-mgmt-servers* application security group.
163
+
164
+
The following example creates a VM and adds a user account. The `--generate-ssh-keys` parameter causes the CLI to look for an available ssh key in `~/.ssh`. If one is found, that key is used. If not, one is generated and stored in `~/.ssh`. Finally, we deploy the latest `Ubuntu 22.04` image.
164
165
165
166
```azurecli-interactive
166
167
az vm create \
@@ -172,7 +173,8 @@ az vm create \
172
173
--nsg "" \
173
174
--asgs asg-mgmt-servers \
174
175
--admin-username azureuser \
175
-
--generate-ssh-keys
176
+
--generate-ssh-keys \
177
+
--assign-identity
176
178
```
177
179
178
180
The VM takes a few minutes to create. Don't continue with the next step until Azure finishes creating the VM.
@@ -187,9 +189,7 @@ az vm extension set \
187
189
--name AADSSHLoginForLinux \
188
190
--resource-group test-rg \
189
191
--vm-name vm-web
190
-
```
191
192
192
-
```bash
193
193
az vm extension set \
194
194
--publisher Microsoft.Azure.ActiveDirectory \
195
195
--name AADSSHLoginForLinux \
@@ -199,10 +199,11 @@ az vm extension set \
199
199
200
200
## Test traffic filters
201
201
202
-
Using an SSH client of your choice, connect to the VMs created previously. For example, the following command can be used from a command line interface such as [Windows Subsystem for Linux](/windows/wsl/install) to create an SSH session with the *vm-mgmt* VM. In the previous steps, we enabled Microsoft Entra ID sign-in for the VMs. You can sign-in to the virtual machines using your Microsoft Entra ID credentials or you can use the SSH key that you used to create the VMs. In the following example, we use the SSH key to sign-in to the VMs.
202
+
Using an SSH client of your choice, connect to the VMs created previously. For example, the following command can be used from a command line interface such as [Windows Subsystem for Linux](/windows/wsl/install) to create an SSH session with the *vm-mgmt* VM. In the previous steps, we enabled Microsoft Entra ID sign-in for the VMs. You can sign-in to the virtual machines using your Microsoft Entra ID credentials or you can use the SSH key that you used to create the VMs. In the following example, we use the SSH key to signin to management VM and then sign in to the web VM from the management VM with a password.
203
203
204
-
For more information about how to SSH to a Linux VM and sign in with Microsoft Entra ID, see [Sign in to a Linux virtual machine in Azure by using Microsoft Entra ID and OpenSSH](/entra/identity/devices/howto-vm-sign-in-azure-ad-linux).
204
+
```bash
205
205
206
+
For more information about how to SSH to a Linux VM and sign in with Microsoft Entra ID, see [Sign in to a Linux virtual machine in Azure by using Microsoft Entra ID and OpenSSH](/entra/identity/devices/howto-vm-sign-in-azure-ad-linux).
0 commit comments