You've successfully subscribed to Florin Loghiade
Great! Next, complete checkout for full access to Florin Loghiade
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.
Native RDP / SSH with Azure Bastion

Native RDP / SSH with Azure Bastion

in

I've talked about Azure Bastion in the past -> Azure Bastion - Managed Jump Server (florinloghiade.ro). To tell it in a nutshell, Azure Bastion is a managed jump server which allows you to directly connect to your workloads without the operational hassle.

Recently the Azure Bastion offering received an update which now allows you to have native RDP and SSH connections without having to open the Azure Portal. The only thing that you need is a terminal with AzCli installed.

If you create a new Bastion Service then you need to go to the advanced tab and check native client support.

Otherwise if you already have a Bastion Service deployed, go to the configuration blade and check the native client support box and press apply.

Be aware that this option requires Azure Bastion Standard SKU which will bring raise the cost of the solution.

Requirements for it to work:

  • Reader role on the virtual machine.
  • Reader role on the NIC with private IP of the virtual machine.
  • Reader role on the Azure Bastion resource.

Virtual Machine Administrator Login or Virtual Machine User Login role, if you’re using the Azure AD sign-in method.

Az Cli Version 2.33.1 or higher

At the time of writing, this solution will not work on Linux or MacOS but I'm pretty sure this will come soon :)

To connect to a Windows Machine

az network bastion rdp --name BastionDemo --resource-group Bastion-Demo --target-resource-id /subscriptions/e2d85901-f23b-4293-90a0-e0e169d95686/resourceGroups/Bastion-Demo/providers/Microsoft.Compute/virtualMachines/bastionwindows

To connect to a Linux Machine

az network bastion ssh --name BastionDemo --resource-group Bastion-Demo --target-resource-id /subscriptions/e2d85901-f23b-4293-90a0-e0e169d95686/resourceGroups/Bastion-Demo/providers/Microsoft.Compute/virtualMachines/bastionlinux --auth-type password --username adminuser

This solution will work with VNET peered bastion services or bastions that are in the same VNET as the VMs. Simple solution that brings a lot of value I say.

Have a good one!