# SSH Commands from Nginx Proxy to Backend VMs

## Backend VM IPs

| IP Address | Region | Region Code |
|------------|--------|-------------|
| 10.1.1.4   | Central US | cus |
| 10.2.1.4   | East US | eus |
| 10.3.1.4   | East US 2 | eus2 |
| 10.4.1.4   | West US | wus |
| 10.5.1.4   | West US 2 | wus2 |

## SSH Command Format

```bash
ssh -o StrictHostKeyChecking=no besuadmin@<IP>
```

## Individual Commands

### Central US (cus)
```bash
ssh -o StrictHostKeyChecking=no besuadmin@10.1.1.4
```

### East US (eus)
```bash
ssh -o StrictHostKeyChecking=no besuadmin@10.2.1.4
```

### East US 2 (eus2)
```bash
ssh -o StrictHostKeyChecking=no besuadmin@10.3.1.4
```

### West US (wus)
```bash
ssh -o StrictHostKeyChecking=no besuadmin@10.4.1.4
```

### West US 2 (wus2)
```bash
ssh -o StrictHostKeyChecking=no besuadmin@10.5.1.4
```

## Batch Commands

### Test connectivity to all VMs
```bash
for IP in 10.1.1.4 10.2.1.4 10.3.1.4 10.4.1.4 10.5.1.4; do
  echo "=== Testing $IP ==="
  ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 besuadmin@$IP 'echo Connected successfully' || echo "  Connection failed"
done
```

### Execute command on all VMs
```bash
for IP in 10.1.1.4 10.2.1.4 10.3.1.4 10.4.1.4 10.5.1.4; do
  echo "=== Executing on $IP ==="
  ssh -o StrictHostKeyChecking=no besuadmin@$IP '<your-command-here>'
done
```

## Setting Up SSH Keys (If Not Already Configured)

### Step 1: Generate SSH key on Nginx proxy (if not exists)
```bash
ssh besuadmin@20.160.58.99
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N ""
cat ~/.ssh/id_rsa.pub
```

### Step 2: Copy public key to each backend VM
```bash
# From Nginx proxy, copy public key to each VM
for IP in 10.1.1.4 10.2.1.4 10.3.1.4 10.4.1.4 10.5.1.4; do
  ssh-copy-id -o StrictHostKeyChecking=no besuadmin@$IP
done
```

### Step 3: Alternative - Manual key copy via Azure Run Command
```bash
# Get public key from Nginx proxy
PUBLIC_KEY=$(ssh besuadmin@20.160.58.99 "cat ~/.ssh/id_rsa.pub")

# Add to each VM's authorized_keys
for REGION in "cus" "eus" "eus2" "wus" "wus2"; do
  RG="az-p-${REGION}-rg-comp-001"
  VM=$(az vm list --resource-group "$RG" --query "[0].name" -o tsv)
  az vm run-command invoke \
    --resource-group "$RG" \
    --name "$VM" \
    --command-id RunShellScript \
    --scripts "echo '$PUBLIC_KEY' >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
done
```

## Notes

- **Username**: `besuadmin` (as configured in Terraform)
- **StrictHostKeyChecking**: Disabled to avoid host key verification prompts
- **ConnectTimeout**: 5 seconds recommended for batch operations
- **Network**: VNet peerings are configured, so connectivity should work once SSH keys are set up

## Troubleshooting

### Permission denied (publickey)
- SSH keys not configured between Nginx proxy and backend VMs
- Solution: Set up SSH keys using the steps above

### Connection refused
- VM not running or port 22 blocked
- Solution: Check VM status and NSG rules

### Host key verification failed
- Use `-o StrictHostKeyChecking=no` flag
- Or manually accept host keys: `ssh-keyscan <IP> >> ~/.ssh/known_hosts`

---

**Last Updated**: After reviewing SSH connectivity requirements