Using SSH to connect Azure Linux VM from Windows

Posted on    by

SSH (Secure SHell) is the most preferred way to connect to Azure Linux VM from Windows, Linux and Mac OS. It enables the system to connect securely and reliably over the insecure network. It uses network port 22 to connect the machines. In this article, you explore the different SSH options to connect to Azure Linux VM.

Prerequisites

This article requires an active Azure subscription to create an Azure Linux VM. If you don’t have a subscription, create a free account before you begin. You also need a basic knowledge of Azure CLI to create the Azure VM. By and large, all the Linux distribution of Azure VM comes with an SSH package pre-installed. You can check the status of the SSH daemon service by running the below command in Azure Linux VM
Please note the above command requires you to connect to Azure VM before checking the status of the SSH daemon service. Additionally, it requires

  • Port 22 to open at the firewall level in the Azure Linux VM. By default, Azure opens up port 22 at the firewall level after provisioning the VM
  • Port 22 to open at the network security group attached with the Azure Linux VM. By default, Azure opens up port 22 at the network security group after provisioning the VM
  • Enable the SSH feature in Windows 10 (local machine). To enable the SSH client in Windows 10, please refer to the article Install OpenSSH

As you see, Azure configures each of them except for the last one. Please set up the OpenSSH in your Windows machine. Alternatively, you can use PuTTy and MobaXterm as well.

SSH Options

There are three different options to connect to Azure Linux VM using SSH

You can use any options based on the security control suited for you. Regarding the most secured approach, the preferred one is the SSH key pair with a passphrase.

SSH password-based authentication

It is the same as basic authentication. It requires a username and password to connect to the Azure Linux VM using SSH protocol. You can use –authentication-type password parameter to accept a password for authentication. Let us understand with an example below
Here I’ve used Azure CLI to create a new VM with ubuntu
Once the VM is created, you can connect using ssh command
During the first login, it’ll ask for a confirmation to add the ECDSA key to the list of known hosts (C:/Users/{username}/.ssh/known_hosts). Subsequently, it doesn’t ask for confirmation while logging in unless the key is changed or removed. You can turn off the password-based authentication by updating the PasswordAuthentication value to no in the sshd config file (/etc/ssh/ssh_config) located in the Azure Linux VM
azure-liux-vm-ssh-notes

It requires the root priviledge to save the content of ssh_config file. It also requires to restart the ssh daemon service to take the latest changes by running the command systemctl restart sshd

SSH key-based authentication

It requires a username and key pair to connect to the Azure Linux VM using SSH protocol. You can use –generate-ssh-keys parameter to use key-pair for authentication. The Azure CLI generates the key pair and stores them in the local directory C:/Users/{username}/.ssh/. The default name of the private and public key file is id_rsa and id_rsa.pub respectively. The Azure Linux VM must have the public key and the local machine must have the private key (similar to the bank locker where bank and customer both have a key). Let us understand with an example below
Here I’ve used Azure CLI to create a new VM with ubuntu
Once the VM is created, you can connect using ssh command
Same as above, it’ll ask a confirmation to add the ECDSA key to the list of known hosts during the first login.

SSH key with passphrase based authentication

A passphrase is the same as a password. It helps to secure the key pair. You can create the key pair with an optional passphrase using the ssh-keygen utility. The utility generates the key pair with a passphrase. It also stores them in the local directory C:/Users/{username}/.ssh/. The name of the private and public key file is id_rsa and id_rsa.pub respectively. You can use the –ssh-key-values parameter to configure the Linux VM with the public key. The local machine must have a private key. Let us understand with an example below
Here I’ve used Azure CLI to create a new VM with ubuntu
Once the VM is created, you can connect using ssh command
It asks for a passphrase every time you log in. Same as above, it’ll ask a confirmation to add the ECDSA key to the list of known hosts during the first login.
azure-liux-vm-ssh-tips

ssh-keygen utility can create the key-pair and place them in a particular location. ssh can use -i parameter to pass the private key. You will see the sample commands in the above code snippets.
The passphrase is optional. Giving the passphrase can make it mandatory while creating the key-pair. You can skip the passphrase by pressing the enter key.

Conclusion

Coming from a Windows background, it took time to understand the Linux ecosystem. The first thing that comes to my mind is to connect a Linux VM from Windows using SSH while researching Linux on Azure. Hopefully, it helps you to learn the various SSH options to connect an Azure Linux VM from Windows 10 machine. I’d love to know what you think. Please leave a comment below about your thoughts. If you enjoyed reading this article, share it with your friends and colleagues!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.