Blog Post

Azure Arc Blog
1 MIN READ

In preview: SSH access to Azure Arc-enabled servers

Danny Maertens's avatar
Danny Maertens
Icon for Microsoft rankMicrosoft
Apr 19, 2022

Remote server management is a critical tool for server administrators. Whether you are running automation or using interactively, SSH based remoting is to connect to your remote server. Starting today, you can now securely SSH into your Arc enabled servers without a public IP address or additional inbound ports!

 

SSH access to Arc enabled servers allows you to SSH into your Arc onboarded servers with a simple Azure CLI command (Azure PowerShell coming soon)!  Leverage your existing local SSH keys, username/passwords to connect to either Windows or Linux servers. Additionally, you can SSH using your Azure AD credentials (currently available on Linux-only).

 

Using Arc enabled servers and SSH access you can now access any of your machines, in any network, with one command without exposing a public IP address or opening additional inbound firewall ports.  SSH traffic is sent over the existing connection between the Azure Arc agent and Azure, no extra configuration is required. Additionally, we are committed to providing a secure and consistent experience across operating systems, Arc servers & Azure VMs, and authentication types. This means that the same command, `az ssh vm`, can be used to access any of your machines.  Providing a consistent, easy to understand, automatable solution for accessing your machines with SSH.

 

 

To learn more, view the latest documentation:

SSH access to Azure Arc-enabled servers overview

 

To see a brief demonstration, please view the video below:

Updated Apr 23, 2022
Version 2.0
azure arc
hybrid
multicloud
servers
  • chrkuznos's avatar
    chrkuznos
    Copper Contributor
    Mar 27, 2024

    Hey all,

    I am new in azure ssh and its my first vm that I am trying to add in azure portal, the installation completed, but when I try to connect it proposes ssh and I get the following error message. 

    Any ideas?

     

     

  • Jaypee0490's avatar
    Jaypee0490
    Copper Contributor
    May 17, 2022

    Danny Maertens Do you mean it will only work with a Azure IaaS VM if it has a public IP attached to it? Do you know if there is any roadmap to connecting with it only with a private IP?

  • AlexanderV's avatar
    AlexanderV
    Copper Contributor
    May 16, 2022

    Hi all,

    I've tried this feature, but have had an error:

     

    az ssh arc --resource-group rg-name --name server-name --local-user local-user-name
Failed to run ssh command with error: [WinError 2] The system cannot find the file specified.
Ensure OpenSSH is installed and the PATH Environment Variable is set correctly.
Alternatively, use --ssh-client-folder to provide OpenSSH folder path.

     

    As this command advised, I tried to add "--ssh-client-folder" pointing to installed OpenSSH - C:\Windows\System32\OpenSSH , but also without any luck. Moreover, it's a bit odd that the same error appears, when I try to connect from a Linux server.

     

    In addition,  error message looks even more interesting with "--debug" key on a windows server:

     

    cli.azure.cli.core.util: azure.cli.core.util.handle_exception is called with an exception:
cli.azure.cli.core.util: Traceback (most recent call last):
File "C:\Users\Administrator\.azure\cliextensions\ssh\azext_ssh\ssh_utils.py", line 65, in start_ssh_connection
connection_status = subprocess.run(command, env=env, text=True)
File "subprocess.py", line 501, in run
File "subprocess.py", line 966, in __init__
File "subprocess.py", line 1435, in _execute_child
FileNotFoundError: [WinError 2] The system cannot find the file specified

During handling of the above exception, another exception occurred:

     

     

    I would appreciate any ideas on solving this problem.

     

  • Henry Fu's avatar
    Henry Fu
    Copper Contributor
    Apr 20, 2022

    Looks like the screenshot uses az ssh vm while in the video Thomas uses az ssh arc. I end up trying both for my arc-enabled servers (using different arguments) and they both worked.

  • Danny Maertens's avatar
    Danny Maertens
    Icon for Microsoft rankMicrosoft
    Apr 19, 2022

    SimonLeGeek, the az ssh vm command currently supports Azure IaaS virtual machines that have a public IP address. We are working with Bastion to integrate their scenarios into az ssh and the future Azure PowerShell cmdlets. We will have more to share at a future time.

  • SimonLeGeek's avatar
    SimonLeGeek
    Copper Contributor
    Apr 19, 2022

    Do you know if there is any plans to provide such feature for native Azure virtual machines.

    Currently, I think the solution would be Azure Bastion, but it is much more complicated to get running than what is presented here?