Need to ssh into an Azure Virtual Machine but don't have much more than a browser? Don't worry, Azure has already thought about that. With people working remotely or on the go, it's nice to know there are quick alternatives to getting into your resources without having to make major changes to your existing infrastructure and network. I have certainly been on the road and have received alert notifications requiring some intervention on a server without having access to my laptop.
This video shows you how to configure an NSG rule to allow SSH from the Azure Cloud shell within the portal. This is great if you need to access resources and don't have a VPN or Azure Bastion set up within the Virtual Network (VNET). I show you just three minutes how to modify your NSG to permit the AzureCloud service tag and ssh into my VM.
Here are some additional docs you can access related to the subjects quickly covered in the video:
Network security groups - You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network.
Microsoft Learn NSG Module: Secure and isolate access to Azure resources by using network security groups and service endpoints.
Virtual network service tags - A service tag represents a group of IP address prefixes from a given Azure service. Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag as addresses change, minimizing the complexity of frequent updates to network security rules.
I recommend instead creating an exception for the specific public IP address of your Azure cloud shell session. This example curl command returns the public IP address from a cloud shell bash session: curl -s checkip.dyndns.org | sed -e 's/.*Current IP Address: //' -e 's/<.*$//'
Microsoft