If you work with Azure Virtual Machines you may and should already know Azure Bastion, the feature allowing you to connect directly to a virtual machine with RDP or SSH from the web browser without the need to have a public IP and have management ports opened.
Well, good news the long awaited connection using a native client from your client – meaning you don’t need anymore to use the web browser – is now available in preview
There are few perquisites and limitations:
- Use of custom port or protocol is currently not available when connecting with native client
- Login on the virtual machine through Bastion with native client using a local account is not supported
- SSH connection using the private key from an Azure Key Vault is not supported; you will need to download it first
- Azure Bastion SKU must be standard
- Launch and configuration of the native client requires Azure Cli
Off course for the native client connection you need to ensure the management ports (22 for SSH or 3389 for RDP) are open on the virtual machine.
If you are already using Bastion you don’t need to recreate a new instance to take advantage of this new feature.
Just access the Configuration blade of your Bastion instance to enable the Native client support setting
If you create a new Azure Bastion instance, during the creation you have to enable the Native client support setting available at the Advanced step
Once you have enable the Native client support setting you can connect using the below commands
- SSH using Azure AD authentication
az network bastion ssh –name “<BastionName>” –resource-group “<ResourceGroupName>” –target-resource-id “<VMResourceId>” –auth-type “AAD”
- SSH using a private ley
az network bastion ssh “<BastionName>” –resource-group “<ResourceGroupName>” –target-resource-id “<VMResourceId>” –auth-type “ssh-key” –username “<Username>” –ssh-key “<Filepath>”
az network bastion rdp –name “<BastionName>” –resource-group “<ResourceGroupName>” –target-resource-id “<VMResourceId>”