How to Connect to an Azure Linux Virtual Machine?

Azure Linux Virtual Machines give you scalable, secure, and flexible computing power in the cloud. You can use them to host applications, manage databases, or run development and testing environments. You can securely manage workloads from any device and location by connecting to your Azure Linux VM with an SSH client.

This guide shows you how to connect to an Azure Linux Virtual Machine, along with the prerequisites and best practices for a smooth and secure connection.

Prerequisites for Connecting to an Azure Linux VM

Have an SSH Key Pair

Users must have an SSH key pair to connect to Azure desktops from Linux. Azure can create a key pair during VM deployment. However, you can also create one manually with Azure Cloud Shell, a macOS, or a Linux host.

Have a Network Security Group (NSG)

Users need an existing Network Security Group (NSG) to complete the process. Most VMs include an NSG by default. If a user doesn’t have one, create it and attach it manually on your device.

Open the SSH Port

Users should open the port. SSH typically uses port 22. Users can validate the open port for SSH using the troubleshooter or by manually checking it.

Follow the instructions below for the manual process. However, if you use another port number, the process will remain the same.

1. Go to your VM and select Networking from the left menu.

2. Look for a rule that allows TCP on port 22 from your computer’s IP address.

3. If the rule exists, you’re ready to proceed, and if no rule exists, click Add inbound port rule.

4. Select SSH for Service, adjust Priority and Source if needed, and type SSH for Name.

5. Click Add to create the rule.

Assign a Public IP Address to Your VM

Users must have a VM with a public IP address. Check the status of your VM’s IP address with the following steps:

1. Go to your VM and select Overview from the left menu.

2. Check the Networking section.

3. If there is an IP address next to a Public IP address, then your VM already has one.

4. If the Public IP address field is empty, then add a public IP address to your existing VM.

Verify that Your VM is Running

Check if your VM is running properly using the following steps:

1. Go to the Overview tab.

2. Click the Essentials section to ensure the VM status shows Running.

3. If it isn’t running, click Start at the top of the page.

Note: Use the Azure portal to connect if you face any issues. Go to the Azure portal, search for Virtual machines, and select your VM. Click Connect from the left menu and choose your preferred connection method. The portal will guide you through any remaining prerequisites.

Supported SSH Key Formats

Azure currently supports the following SSH key types:

• SSH protocol 2 (SSH-2) RSA with a minimum length of 2048 bits.

• ED25519 keys with a fixed length of 256 bits.

Other formats such as ECDH and ECDSA are not supported.

SSH Clients

You can connect to an Azure Linux VM using one of the following SSH clients:

• Windows 10/11: Includes OpenSSH client commands in PowerShell or Command Prompt.

• Azure Cloud Shell: Accessible in a web browser, from the Azure portal, or inside Visual Studio Code via the Azure Account extension.

• Windows Subsystem for Linux (WSL): Lets you run native Linux tools and connect to your VM over SSH within a Bash shell.

Step-by-Step Process for Connecting an Azure Linux Virtual Machine?

After completing the above prerequisites, the user can connect to their VM. They can open their preferred SSH client, which is typically included in Linux, macOS, and Windows.

Note: Some users are on Windows 7 or an older version, where Win32 OpenSSH isn’t included by default. In this situation, they should consider installing WSL or using Azure Cloud Shell from a browser.

Option 1: WSL, macOS, or native Linux client

SSH with a new key pair

Step 1: Place the SSH keys in the correct directory: Ensure the public and private keys are in the ~/.ssh directory.

• If the keys were generated manually or with the CLI, they are usually already there.

• If the keys were downloaded in .pem format from the Azure portal, move them to the correct directory with the following syntax: mv PRIVATE_KEY_SOURCE PRIVATE_KEY_DESTINATION

• If the key is in the Downloads folder, and myKey.pem is the name of the user’s SSH key, type:

$ mv /Downloads/myKey.pem ~/.ssh
  

• In WSL, local files are in /mnt/c/Users/{USERNAME}/Downloads/myKey.pem

Step 2: Set proper permissions: Make the private key read-only.

$ chmod 400 ~/.ssh/myKey.pem
  

Step 3: Run the SSH command: Run the SSH command via this syntax: ssh -i PATH_TO_PRIVATE_KEY USERNAME@EXTERNAL_IP

For example, if “azureuser” is your username and 20.51.230.13 is your VM’s public IP address, type:

$ ssh -i ~/.ssh/myKey.pem [email protected]
  

Step 4: Validate the host fingerprint: The first time a client connects, it prompts fingerprint verification. Do not accept the fingerprint authentication as it may expose you to man-in-the-middle (MitM) attacks. Validate it by running inside the VM (via Run Command in portal):

$ ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub | awk '{print $2}'
  

Step 5: Success: The user is now successfully connected to the VM.

SSH with existing public key

Step 1: Run the SSH command using the following syntax to connect to your VM:

Example- VM public IP Address = 20.51.230.13

Username = azureuser

$ ssh [email protected]
  

Step 2: Validate the host fingerprint: The first time a client connects, it prompts fingerprint verification. Do not simply accept the fingerprint, as this may expose you to man-in-the-middle (MitM) attacks. Validate the fingerprint by running this inside the VM (via Run Command in the portal):

$ ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub | awk '{print $2}'
  

Step 3: Success: You are now successfully connected to your VM.

SSH with Password Authentication

(Warning: Password authentication is less secure than SSH key pair and is not recommended.)

Step 1: Run the SSH command: Use the following syntax to connect to your VM:

Example- VM public IP Address = 20.51.230.13

Username = azureuser

$ ssh [email protected]
  

Step 2: Enter your credentials: When prompted, enter the username and password you created when provisioning the VM.

Step 3: Validate the host fingerprint: The first time a client connects, it prompts fingerprint verification. Validate it by running the following inside the VM (via Run Command in the portal):

$ ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub | awk '{print $2}'
  

Step 4: Success: You are now successfully connected to your VM.

Option 2: Windows command line (cmd.exe, PowerShell, etc.)

SSH with a new key pair

Step 1: Locate your private SSH Key and run the SSH command with the following syntax:

$ ssh -i PATH_TO_PRIVATE_KEY USERNAME@EXTERNAL_IP
  

PS> ssh -i .\\Downloads\\myKey.pem [email protected]
  

Step 2: Validate the host fingerprint: The first time a client connects, it prompts fingerprint verification. Do not simply accept the fingerprint, as this may expose you to man-in-the-middle (MitM) attacks. Validate the fingerprint by running this inside the VM (via Run Command in the portal):

PS> Invoke-AzVMRunCommand -ResourceGroupName 'myResourceGroup' -VMName 'myVM' -CommandId 'RunShellScript' -ScriptString 'ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub | awk '\''{print $2}'\''
  

Step 3: Success: You are now successfully connected to your VM.

SSH with Password Authentication

(Warning: Password authentication is less secure than SSH key pair and is not recommended.)

Step 1: Run the SSH command: Use the following syntax to connect to your VM:

Example- VM public IP Address = 20.51.230.13

Username = azureuser

$ ssh [email protected]
  

Step 2: Validate the host fingerprint: The first time a client connects, it prompts fingerprint verification. Do not simply accept the fingerprint, as this may expose you to man-in-the-middle (MitM) attacks. Validate the fingerprint by running this inside the VM (via Run Command in the portal):

$ ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub | awk '{print $2}'
  

Step 3: Success: You are now successfully connected to your VM.

Note: The above-described steps are when the SSH key is in the key.pem format. If a user used CLI or Azure PowerShell to download their keys, they may be in the id_rsa or ED25519 format.

Troubleshoot SSH connection issues to an Azure Linux VM

1. Reset the SSH configuration: Restore default SSH settings if the service is misconfigured.

2. Reset the user credentials: Update the username/password or SSH public key as needed.

3. Verify Network Security Group (NSG) rules: Ensure inbound SSH traffic (TCP port 22) is allowed. Also, port redirection/mapping requires an Azure load balancer.

If using Microsoft Entra ID for SSH login, make sure the user has Virtual Machine Administrator Login or Virtual Machine User Login role on the resource group that contains the VM and its associated resources.

4. Check VM resource health: Confirm that the VM reports as healthy. If boot diagnostics are enabled, check the logs for boot errors.

5. Restart the VM: Sometimes a simple restart resolves connection issues.

6. Redeploy the VM: Moves the VM to a new Azure node to fix persistent issues.

For more advanced troubleshooting, refer to the official Microsoft documentation.

Note: After each step, try reconnecting to your VM for success.

Available Methods to Troubleshoot SSH Connection Issues

Users can reset credentials and SSH configuration using any of the following methods. They can also check the SSH service status for further issues. After each step, try reconnecting to your VM:

Azure Portal: It is ideal for quickly resetting SSH configuration or keys when you don’t have Azure tools installed.

Azure VM Serial Console: This method will work even if SSH is misconfigured. It provides an interactive console to your VM and is useful, especially for scenarios where you “can’t SSH”.

Run Command through Azure Portal: Execute basic commands from the portal. Output is returned directly to the portal.

Azure CLI: Quickly reset SSH configuration or credentials from the command line.

Azure VMAccessForLinux Extension: Use JSON definition files to reset SSH configuration or user credentials.

Final Thoughts

Connecting to an Azure Linux Virtual Machine is simple when you follow the right prerequisites and steps. With secure SSH access, you can manage your workloads seamlessly from any device or location.

Ace Cloud Hosting provides a fully managed Azure Virtual Desktop with 24/7 support, so you don’t deal with setup or technical issues. Start your free trial today and enjoy a secure virtual desktop experience.