Score:0

How do you SSH in to an Azure VM through an Azure Bastion?

br flag

My initial understanding was that an Azure Bastion acts like a lightweight SSH (and RDP) gateway to resources -- specifically, VMs -- on the same virtual network, rather than provisioning a full VM as a jumpbox. That is, I would expect to be able to do this, from anywhere on the public Internet, to SSH into a VM on the same network:

ssh -i /path/to/private.key -J BASTION_IP user@VM_IP

Where BASTION_IP is the public IP associated with the Bastion resource and VM_IP is the internal IP address of the VM in a sibling subnet to the Bastion subnet.

I've set this up in Terraform, using the "Basic" Bastion SKU but, when I try connecting, it times out. In the Azure Poral, there is an option named "Native Client Support" (which needs the "Standard" SKU), exposed as the tunneling_enabled argument in the respective Terraform resource. With those changes made, my connection still times out.

Following the rabbit hole of documentation suggests that you have to use the Azure CLI. Indeed, I can get tunnelling to work using the Azure CLI -- the SSH extension is Windows only, apparently -- but it's a bit of a faff:

az login  # I assume there's a way to login unattended
az account set --subscription SUBSCRIPTION_ID
az network bastion tunnel --name BASTION_NAME --resource-group RG_NAME --target-resource-id REALLY_LONG_VM_RESOURCE_ID --resource-port 22 --port 2222 &
ssh -i /path/to/private.key -p 2222 user@localhost

Is there a non-proprietary way of SSH'ing into an Azure VM through an Azure Bastion? Or is my assumption on its use-case off?

Score:0
ng flag

You really only have two ways to connect to Bastion with SSH, using a local client, and both involve the Azure CLI:

  • Using Az Network Bastion Tunnel, as you mentioned, to create a tunnel and then connect however you want
  • Using Az Network Bastion SSH to use the native client directly

You could automate this connection if you wanted to connect using a service principal, but assuming you want to connect as a user then it would be a bit of a pain having to store the users credentials and deal with MFA etc.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.