Azure – Use of native client to connect to Azure Bastion is here

If you work with Azure Virtual Machines you may and should already know Azure Bastion, the feature allowing you to connect directly to a virtual machine with RDP or SSH from the web browser without the need to have a public IP and have management ports opened.

Well, good news the long awaited connection using a native client from your client – meaning you don’t need anymore to use the web browser – is now available in preview

There are few perquisites and limitations:

  • Use of custom port or protocol is currently not available when connecting with native client
  • Login on the virtual machine through Bastion with native client using a local account is not supported
  • SSH connection using the private key from an Azure Key Vault is not supported; you will need to download it first
  • Azure Bastion SKU must be standard
  • Launch and configuration of the native client requires Azure Cli

Off course for the native client connection you need to ensure the management ports (22 for SSH or 3389 for RDP) are open on the virtual machine.

If you are already using Bastion you don’t need to recreate a new instance to take advantage of this new feature.

Just access the Configuration blade of your Bastion instance to enable the Native client support setting

image

If you create a new Azure Bastion instance, during the creation you have to enable the Native client support setting available at the Advanced step

image

Once you have enable the Native client support setting you can connect using the below commands

  • SSH using Azure AD authentication

az network bastion ssh –name “<BastionName>” –resource-group “<ResourceGroupName>” –target-resource-id “<VMResourceId>” –auth-type  “AAD”

  • SSH using a private ley

az network bastion ssh “<BastionName>” –resource-group “<ResourceGroupName>” –target-resource-id “<VMResourceId>” –auth-type “ssh-key” –username “<Username>” –ssh-key “<Filepath>”

  • RDP

az network bastion rdp –name “<BastionName>” –resource-group “<ResourceGroupName>” –target-resource-id “<VMResourceId>”

Leave a Comment

Your email address will not be published.