To connect to a Linux Virtual Machine (VM) in Azure, you primarily use SSH (Secure Shell) to establish a remote terminal session.
Below are the various methods to connect to a Linux VM, with step-by-step instructions for each.
Using SSH (Secure Shell)
Steps
Ensure the VM has a Public IP
In the Azure portal, navigate to the Linux VM you want to connect to.
Ensure the VM has a Public IP address (check the Overview section of the VM).
If it doesn’t have a public IP, you can either assign one or use Azure Bastion or VPN.
Check Network Security Group (NSG) Rules
Make sure that the Network Security Group (NSG) attached to your VM or its subnet allows inbound traffic on port 22 (SSH).
Go to the Networking tab of the VM in the Azure portal.
Verify or create an NSG rule that allows TCP traffic on port 22.
Connect Using SSH
If you’re using Linux or macOS, you can use the built-in Terminal.
On Windows, you can use Windows Subsystem for Linux (WSL), PowerShell, or third-party tools like PuTTY or MobaXterm.
Command
xxxxxxxxxx11ssh -i /path/to/your/private-key username@<VM-public-IP>Replace:
/path/to/your/private-key: The path to your private SSH key.username: The username you configured for the Linux VM.<VM-public-IP>: The public IP address of the VM.
Login
If the private key is correctly configured, you should connect to the VM without entering a password (if using key-based authentication).
If you set up password-based authentication, you will be prompted to enter the password.
Note
Ensure that you are using an SSH key pair for more secure access.
If you didn’t set up an SSH key during VM creation, you can also use a username and password to log in (though SSH key-based authentication is preferred for security reasons).
Using Azure Bastion (For Secure Access Without Public IP)
Azure Bastion allows you to securely connect to your Linux VM without exposing it to the public internet (no need for a public IP on the VM).
Steps
Deploy Azure Bastion
In the Azure portal, search for Azure Bastion and create a Bastion host in the same virtual network (VNet) as your Linux VM.
Connect Using Bastion
Navigate to the VM in the Azure portal.
Click on the Connect button at the top of the VM Overview page.
Select the Bastion option.
Enter your username and SSH private key or password to authenticate.
Access the VM
After authentication, a browser-based SSH session will open, allowing you to manage the Linux VM securely without needing a public IP.
Benefits
No Public IP Exposure: Keeps your Linux VM private and secure by only allowing access through Bastion.
Security: Secure, encrypted connection, reducing the attack surface.
Using VPN (Private Network Access)
You can set up a VPN connection to your Azure Virtual Network (VNet), then access your Linux VM using SSH over its private IP address.
Steps
Set Up a VPN Gateway
In the Azure portal, create a VPN Gateway for your VNet.
Configure a Point-to-Site VPN (for individual clients) or Site-to-Site VPN (for connecting entire networks) to securely connect from your local machine to the Azure VNet.
Connect to the VNet
Once the VPN gateway is set up, connect to your Azure VNet using your VPN client. This creates a secure tunnel between your local machine and Azure.
SSH to the VM Using Private IP
After connecting to the VNet via VPN, use the private IP of the Linux VM to SSH into it:
xxxxxxxxxx11ssh -i /path/to/your/private-key username@<VM-private-IP>The private IP can be found on the Networking tab of the VM in the Azure portal.
Benefits
Avoids the need for public IP exposure.
Offers a more secure connection by keeping traffic within your private network.
Using Azure Cloud Shell (Browser-Based SSH)
Azure Cloud Shell is a browser-based shell that allows you to interact with your Azure resources, including VMs, without needing any local setup.
Steps
Open Azure Cloud Shell
In the Azure portal, click the Cloud Shell icon at the top-right of the portal.
You can choose either Bash or PowerShell for your environment (Bash is preferred for Linux VMs).
Get the VM's Public IP
Use the following command to retrieve the public IP address of your Linux VM:
xxxxxxxxxx51az vm show \2--name <VM-name> \3--resource-group <Resource-group-name> \4--query "publicIps" \5--output tsvSSH Using Cloud Shell
Once you have the public IP, use SSH from the Cloud Shell:
xxxxxxxxxx11ssh -i /path/to/your/private-key username@<VM-public-IP>If you are using password authentication, simply enter the password when prompted.
Benefits
No local setup required: Everything runs directly in the Azure portal.
Convenient for quick access to Azure resources.
Using Serial Console (for Troubleshooting)
The Azure Serial Console provides a way to interact with your Linux VM at a lower level, even if the networking configuration isn’t working (e.g., SSH is misconfigured).
Steps
Access Serial Console
In the Azure portal, navigate to the VM’s Overview page.
Under Support + troubleshooting, click Serial Console.
Login to the Console
A terminal window will appear. Enter the username and password to access your Linux VM.
This method provides direct, low-level access to the VM.
Benefits
Useful for recovering from network or SSH failures.
Provides out-of-band access to the VM for troubleshooting.
Third-Party SSH Clients (e.g., PuTTY, MobaXterm, Termius)
If you prefer not to use the built-in terminal or Azure Cloud Shell, third-party tools like PuTTY, MobaXterm, or Termius can also be used to SSH into your Linux VM.
Steps
Install Third-Party Client
Download and install your preferred SSH client (e.g., PuTTY, MobaXterm, or Termius).
Configure SSH Client
Launch the client and provide the following details:
Host: The public IP address of the Linux VM.
Port: 22 (the default SSH port).
Authentication: Choose public key or password as per your setup.
Connect
Click Connect, and authenticate using your private key or password.
Using Azure CLI/PowerShell (With Managed Identity)
If you’ve set up Managed Identity on your Linux VM, you can interact with the VM through Azure CLI or PowerShell for automated tasks, but direct SSH will still be needed for interactive access.
Steps
Enable Managed Identity
Ensure the Managed Identity is enabled on your Linux VM.
Use Azure CLI/PowerShell
You can interact with the VM or manage resources using Azure CLI or PowerShell for tasks like retrieving credentials or managing services.
SSH
For actual access, SSH is still required, but Managed Identity helps automate tasks or secure the connection.
Summary
Here are the connections means we learned.
SSH (Public IP): The most common method using SSH from your local machine.
Azure Bastion: Secure SSH access without a public IP (no exposure to the internet).
VPN: Private SSH access via a VPN (no public IP exposure).
Azure Cloud Shell: A browser-based shell to SSH into the VM directly.
Serial Console: Low-level troubleshooting access if the VM is unresponsive.
Third-Party SSH Clients: Tools like PuTTY, MobaXterm, or Termius.
Azure CLI/PowerShell with Managed Identity: For automated or scripted access to Azure resources.
By selecting the appropriate method based on your security needs, VM configuration, and access requirements, you can securely and efficiently connect to your Linux VMs on Azure.
Leave a Reply