In preview: SSH access to Azure Arc-enabled servers

Published Apr 19 2022 09:00 AM 4,272 Views
Microsoft

Remote server management is a critical tool for server administrators. Whether you are running automation or using interactively, SSH based remoting is to connect to your remote server. Starting today, you can now securely SSH into your Arc enabled servers without a public IP address or additional inbound ports!

 

SSH access to Arc enabled servers allows you to SSH into your Arc onboarded servers with a simple Azure CLI command (Azure PowerShell coming soon)!  Leverage your existing local SSH keys, username/passwords to connect to either Windows or Linux servers. Additionally, you can SSH using your Azure AD credentials (currently available on Linux-only).

 

Using Arc enabled servers and SSH access you can now access any of your machines, in any network, with one command without exposing a public IP address or opening additional inbound firewall ports.  SSH traffic is sent over the existing connection between the Azure Arc agent and Azure, no extra configuration is required. Additionally, we are committed to providing a secure and consistent experience across operating systems, Arc servers & Azure VMs, and authentication types. This means that the same command, `az ssh vm`, can be used to access any of your machines.  Providing a consistent, easy to understand, automatable solution for accessing your machines with SSH.

 

DannyMaertens_3-1650311378552.png

 

To learn more, view the latest documentation:

SSH access to Azure Arc-enabled servers overview

 

To see a brief demonstration, please view the video below:

5 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-3288597%22%20slang%3D%22en-US%22%3EIn%20preview%3A%20SSH%20access%20to%20Azure%20Arc-enabled%20servers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3288597%22%20slang%3D%22en-US%22%3E%3CP%3ERemote%20server%20management%20is%20a%20critical%20tool%20for%20server%20administrators.%20Whether%20you%20are%20running%20automation%20or%20using%20interactively%2C%20SSH%20based%20remoting%20is%20to%20connect%20to%20your%20remote%20server.%20Starting%20today%2C%20you%20can%20now%20securely%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FSSHArc%2Fdocs%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESSH%20into%20your%20Arc%20enabled%20servers%3C%2FA%3E%20without%20a%20public%20IP%20address%20or%20additional%20inbound%20ports!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESSH%20access%20to%20Arc%20enabled%20servers%20allows%20you%20to%20SSH%20into%20your%20Arc%20onboarded%20servers%20with%20a%20simple%20Azure%20CLI%20command%20(Azure%20PowerShell%20coming%20soon)!%26nbsp%3B%20Leverage%20your%20existing%20local%20SSH%20keys%2C%20username%2Fpasswords%20to%20connect%20to%20either%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fwindows-server%2Fadministration%2Fopenssh%2Fopenssh_install_firstuse%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EWindows%3C%2FA%3E%20or%20Linux%20servers.%20Additionally%2C%20you%20can%20SSH%20using%20your%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fdevices%2Fhowto-vm-sign-in-azure-ad-linux%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20AD%20credentials%3C%2FA%3E%20(currently%20available%20on%20Linux-only).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EUsing%20Arc%20enabled%20servers%20and%20SSH%20access%20you%20can%20now%20access%20any%20of%20your%20machines%2C%20in%20any%20network%2C%20with%20one%20command%20without%20exposing%20a%20public%20IP%20address%20or%20opening%20additional%20inbound%20firewall%20ports.%20%26nbsp%3BSSH%20traffic%20is%20sent%20over%20the%20existing%20connection%20between%20the%20Azure%20Arc%20agent%20and%20Azure%2C%20no%20extra%20configuration%20is%20required.%20Additionally%2C%20we%20are%20committed%20to%20providing%20a%20secure%20and%20consistent%20experience%20across%20operating%20systems%2C%20Arc%20servers%20%26amp%3B%20Azure%20VMs%2C%20and%20authentication%20types.%20This%20means%20that%20the%20same%20command%2C%20%60az%20ssh%20vm%60%2C%20can%20be%20used%20to%20access%20any%20of%20your%20machines.%26nbsp%3B%20Providing%20a%20consistent%2C%20easy%20to%20understand%2C%20automatable%20solution%20for%20accessing%20your%20machines%20with%20SSH.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22DannyMaertens_3-1650311378552.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F365074iCCBDCF793D863230%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22DannyMaertens_3-1650311378552.png%22%20alt%3D%22DannyMaertens_3-1650311378552.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20learn%20more%2C%20view%20the%20latest%20documentation%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FSSHArc%2Fdocs%2Foverview%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ESSH%20access%20to%20Azure%20Arc-enabled%20servers%20overview%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20see%20a%20brief%20demonstration%2C%20please%20view%20the%20video%20below%3A%3C%2FP%3E%0A%3CP%3E%3C%2FP%3E%3CDIV%20class%3D%22video-embed-center%20video-embed%22%3E%3CIFRAME%20class%3D%22embedly-embed%22%20src%3D%22https%3A%2F%2Fcdn.embedly.com%2Fwidgets%2Fmedia.html%3Fsrc%3Dhttps%253A%252F%252Fwww.youtube.com%252Fembed%252FtUR8A97UJH0%253Ffeature%253Doembed%26amp%3Bdisplay_name%3DYouTube%26amp%3Burl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DtUR8A97UJH0%26amp%3Bimage%3Dhttps%253A%252F%252Fi.ytimg.com%252Fvi%252FtUR8A97UJH0%252Fhqdefault.jpg%26amp%3Bkey%3Dfad07bfa4bd747d3bdea27e17b533c0e%26amp%3Btype%3Dtext%252Fhtml%26amp%3Bschema%3Dyoutube%22%20width%3D%22400%22%20height%3D%22225%22%20scrolling%3D%22no%22%20title%3D%22SSH%20access%20to%20Linux%20and%20Windows%20Servers%20running%20anywhere%20using%20Azure%20Arc%22%20frameborder%3D%220%22%20allow%3D%22autoplay%3B%20fullscreen%22%20allowfullscreen%3D%22true%22%3E%3C%2FIFRAME%3E%3C%2FDIV%3E%3CP%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-3288597%22%20slang%3D%22en-US%22%3E%3CP%3ERemote%20server%20management%20is%20a%20critical%20tool%20for%20server%20administrators.%20Whether%20you%20are%20running%20automation%20or%20using%20interactively%2C%20SSH%20based%20remoting%20is%20to%20connect%20to%20your%20remote%20server.%20Starting%20today%2C%20you%20can%20now%20securely%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FSSHArc%2Fdocs%2Foverview%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3ESSH%20into%20your%20Arc%20enabled%20servers%3C%2FA%3E%20without%20a%20public%20IP%20address%20or%20additional%20ports%20from%20an%20external%20network!%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3288597%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Arc%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMulticloud%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EServers%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3290511%22%20slang%3D%22en-US%22%3ERe%3A%20In%20preview%3A%20SSH%20access%20to%20Azure%20Arc-enabled%20servers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3290511%22%20slang%3D%22en-US%22%3E%3CP%3ELooks%20like%20the%20screenshot%20uses%20az%20ssh%20%3CSTRONG%3Evm%3C%2FSTRONG%3E%20while%20in%20the%20video%20Thomas%20uses%20az%20ssh%20%3CSTRONG%3Earc%3C%2FSTRONG%3E.%20I%20end%20up%20trying%20both%20for%20my%20arc-enabled%20servers%20(using%20different%20arguments)%20and%20they%20both%20worked.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3289613%22%20slang%3D%22en-US%22%3ERe%3A%20In%20preview%3A%20SSH%20access%20to%20Azure%20Arc-enabled%20servers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3289613%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1367514%22%20target%3D%22_blank%22%3E%40SimonLeGeek%3C%2FA%3E%2C%20t%3CSPAN%3Ehe%26nbsp%3B%3C%2FSPAN%3E%3CCODE%3Eaz%20ssh%20vm%3C%2FCODE%3E%3CSPAN%3E%26nbsp%3Bcommand%20currently%20supports%20Azure%20IaaS%20virtual%20machines%20that%20have%20a%20public%20IP%20address.%20We%20are%20working%20with%20Bastion%20to%20integrate%20their%20scenarios%20into%26nbsp%3B%3C%2FSPAN%3E%3CCODE%3Eaz%20ssh%3C%2FCODE%3E%3CSPAN%3E%26nbsp%3Band%20the%20future%20Azure%20PowerShell%20cmdlets.%20We%20will%20have%20more%20to%20share%20at%20a%20future%20time.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3289461%22%20slang%3D%22en-US%22%3ERe%3A%20In%20preview%3A%20SSH%20access%20to%20Azure%20Arc-enabled%20servers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3289461%22%20slang%3D%22en-US%22%3E%3CP%3EDo%20you%20know%20if%20there%20is%20any%20plans%20to%20provide%20such%20feature%20for%20native%20Azure%20virtual%20machines.%3C%2FP%3E%3CP%3ECurrently%2C%20I%20think%20the%20solution%20would%20be%20Azure%20Bastion%2C%20but%20it%20is%20much%20more%20complicated%20to%20get%20running%20than%20what%20is%20presented%20here%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3378689%22%20slang%3D%22en-US%22%3ERe%3A%20In%20preview%3A%20SSH%20access%20to%20Azure%20Arc-enabled%20servers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3378689%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3EI've%20tried%20this%20feature%2C%20but%20have%20had%20an%20error%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-applescript%22%3E%3CCODE%3Eaz%20ssh%20arc%20--resource-group%20rg-name%20--name%20server-name%20--local-user%20local-user-name%0AFailed%20to%20run%20ssh%20command%20with%20error%3A%20%5BWinError%202%5D%20The%20system%20cannot%20find%20the%20file%20specified.%0AEnsure%20OpenSSH%20is%20installed%20and%20the%20PATH%20Environment%20Variable%20is%20set%20correctly.%0AAlternatively%2C%20use%20--ssh-client-folder%20to%20provide%20OpenSSH%20folder%20path.%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%3CSPAN%3EAs%20this%20command%20advised%2C%20I%20tried%20to%20add%20%22--ssh-client-folder%22%20pointing%20to%20installed%20OpenSSH%20-%20C%3A%5CWindows%5CSystem32%5COpenSSH%20%2C%20but%20also%20without%20any%20luck.%20Moreover%2C%20it's%20a%20bit%20odd%20that%20the%20same%20error%20appears%2C%20when%20I%20try%20to%20connect%20from%20a%20Linux%20server.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20addition%2C%26nbsp%3B%20error%20message%20looks%20even%20more%20interesting%20with%20%22--debug%22%20key%20on%20a%20windows%20server%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-applescript%22%3E%3CCODE%3Ecli.azure.cli.core.util%3A%20azure.cli.core.util.handle_exception%20is%20called%20with%20an%20exception%3A%0Acli.azure.cli.core.util%3A%20Traceback%20(most%20recent%20call%20last)%3A%0AFile%20%22C%3A%5CUsers%5CAdministrator%5C.azure%5Ccliextensions%5Cssh%5Cazext_ssh%5Cssh_utils.py%22%2C%20line%2065%2C%20in%20start_ssh_connection%0Aconnection_status%20%3D%20subprocess.run(command%2C%20env%3Denv%2C%20text%3DTrue)%0AFile%20%22subprocess.py%22%2C%20line%20501%2C%20in%20run%0AFile%20%22subprocess.py%22%2C%20line%20966%2C%20in%20__init__%0AFile%20%22subprocess.py%22%2C%20line%201435%2C%20in%20_execute_child%0AFileNotFoundError%3A%20%5BWinError%202%5D%20The%20system%20cannot%20find%20the%20file%20specified%0A%0ADuring%20handling%20of%20the%20above%20exception%2C%20another%20exception%20occurred%3A%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20appreciate%20any%20ideas%20on%20solving%20this%20problem%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3384878%22%20slang%3D%22en-US%22%3ERe%3A%20In%20preview%3A%20SSH%20access%20to%20Azure%20Arc-enabled%20servers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3384878%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F177212%22%20target%3D%22_blank%22%3E%40Danny%20Maertens%3C%2FA%3E%26nbsp%3BDo%20you%20mean%20it%20will%20only%20work%20with%20a%20Azure%20IaaS%20VM%20if%20it%20has%20a%20public%20IP%20attached%20to%20it%3F%20Do%20you%20know%20if%20there%20is%20any%20roadmap%20to%20connecting%20with%20it%20only%20with%20a%20private%20IP%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Apr 23 2022 12:32 PM
Updated by: