{"id":17915,"date":"2018-02-15T15:00:00","date_gmt":"2018-02-15T15:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/premier_developer\/?p=17915"},"modified":"2019-03-01T11:58:45","modified_gmt":"2019-03-01T18:58:45","slug":"walk-through-of-using-ssh-to-connect-azure-vm-jump-servers","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/premier-developer\/walk-through-of-using-ssh-to-connect-azure-vm-jump-servers\/","title":{"rendered":"Walk-through of using SSH to connect Azure VM Jump Servers"},"content":{"rendered":"<p>In this post, Premier Developer consultant <a href=\"https:\/\/www.linkedin.com\/in\/kurtschenk\/\" target=\"_blank\" rel=\"noopener\">Kurt Schenk<\/a> walks us through setting up an SSH connection to Azure using a jumpbox.<\/p>\n<hr \/>\n<p>Using SSH to access resources is becoming increasingly common for Windows users. Some typical scenarios are connecting to Linux VMs from Windows development computers; another common one is using SSH to connect to VMs in Azure through a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Jump_server\">jumpbox<\/a>. These VMs behind the jumpbox could be any OS such as Linux or Windows, but the jumpbox is the secure entry point, deployed to a management subnet, requiring secure SSH (ideally with a private key vs. username and password) with ingress and egress strictly controlled. For example, see <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/architecture\/reference-architectures\/dmz\/index\">network DMZ reference architecture<\/a>.<\/p>\n<p>Below I am sharing a walkthrough of how I recently set up to use SSH tunneling through a jumpbox; as well as some helpful links.<\/p>\n<ol>\n<li>Download and install <a href=\"https:\/\/gitforwindows.org\/\">Git for Windows<\/a>\nYou will use Git BASH which provides a BASH emulation for Windows, where you can run ssh, openssl, ssh-keygen, and other commands<\/li>\n<li>Create the private key that you will use to connect to the SSH jumpbox\n<ul>\n<li>SSH can use a username and password as well, but I strongly recommend a private key (and this may indeed be required)<\/li>\n<li>I used <a href=\"https:\/\/www.chiark.greenend.org.uk\/~sgtatham\/putty\/latest.html\">PuTTY<\/a> to create a PuTTY private key (.ppk) but when I decided to use Git BASH instead, I converted it to an SSH key (.pem) using puttygen. I would recommend just going directly to create an SSH key with Git BASH (using openssl, or ssh-keygen). See <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/virtual-machines\/linux\/ssh-from-windows\">this article<\/a> for more information on using SSH with Windows on Azure.\n<pre class=\"brush: bash\">openssl.exe req -x509 -nodes -days 365 -newkey rsa:2048 \\\r\n\u00a0\u00a0\u00a0\u00a0 -keyout myPrivateKey.key -out myCert.pem<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>Go to .ssh folder Located at C:\\Users\\{login}\\.ssh (for me C:\\Users\\kurtsc\\.ssh) and\n<ul>\n<li>Create a subfolder authorized_keys and copy the .pem file there<\/li>\n<li>Create file called config in .ssh folder with the text below, replacing {sshUserName} with your user name, and {privateKey} with the name of your private key, <b>formatted with tabs<\/b> like below.\n<pre class=\"brush: bash\">Host azure-jump\r\n\u00a0\u00a0\u00a0\u00a0 HostName [FQDN or IP of jumpbox accessible on internet]\r\n\u00a0\u00a0\u00a0\u00a0 Port 443\r\n\u00a0\u00a0\u00a0\u00a0 User {sshUserName}\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IdentityFile ~\/.ssh\/authorized_keys\/{privateKey}.pem<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>Share the SSH public key with SSH jumpbox administrator who will configure you as a user on the SSH server, using that public key. You will then connect with SSH using your private key.<\/li>\n<li>Configure proxy in FireFox to support SOCKS5, and Remote DNS[NOTE] Selecting Remote DNS resolves Domain Name System (DNS) requests by using the DNS server in your Azure VNET. Do not select this if that is not the case.\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-35626\" src=\"http:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2018\/02\/jump1.jpg\" alt=\"\" width=\"1331\" height=\"653\" srcset=\"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2018\/02\/jump1.jpg 1331w, https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2018\/02\/jump1-300x147.jpg 300w, https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2018\/02\/jump1-768x377.jpg 768w, https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2018\/02\/jump1-1024x502.jpg 1024w\" sizes=\"(max-width: 1331px) 100vw, 1331px\" \/><\/li>\n<li>Start Git BASH and type SSH -D 9999 azure-jump which will make a dynamic tunnel that can be used by SOCKS5 client, like FireFox as described above. You can then browse to web servers in you Azure Virtual Private Network, with https:\/\/[WebServerFQDNinYourVNET] if you have DNS set up in your Azure VNET; or <a href=\"https:\/\/[WebServerIpAddressInVNET\">https:\/\/[WebServerIpAddressInVNET<\/a>].<a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/31\/2019\/04\/clip_image00441.jpg\"><img decoding=\"async\" title=\"clip_image004[4]\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/31\/2019\/04\/clip_image0044_thumb.jpg\" alt=\"clip_image004[4]\" width=\"527\" height=\"331\" border=\"0\" \/><\/a>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/31\/2019\/04\/clip_image00641.jpg\"><img decoding=\"async\" title=\"clip_image006[4]\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/31\/2019\/04\/clip_image0064_thumb.jpg\" alt=\"clip_image006[4]\" width=\"761\" height=\"85\" border=\"0\" \/><\/a><\/li>\n<li>Connecting to a database from SQL Server Management Studio\n<ul>\n<li>Run the command below in Git BASH to create a local forward of port 8500 to the database server:\n<pre class=\"brush: bash\">ssh -L 8500:10.0.10.4:1433 azure-jump<\/pre>\n<\/li>\n<li>in SSMS connect to 127.0.0.1,8500 and enter the proper SQL Server Login credentials<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h4>Links<\/h4>\n<p>Use SSH key authentication with VSTS: <a href=\"https:\/\/docs.microsoft.com\/en-us\/vsts\/git\/use-ssh-keys-to-authenticate\">https:\/\/docs.microsoft.com\/en-us\/vsts\/git\/use-ssh-keys-to-authenticate<\/a><\/p>\n<p>Example of SSH port forwarding to Jenkins: <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/jenkins\/azure-container-agents-plugin-run-container-as-an-agent#connect-to-the-jenkins-server-running-on-azure\">https:\/\/docs.microsoft.com\/en-us\/azure\/jenkins\/azure-container-agents-plugin-run-container-as-an-agent#connect-to-the-jenkins-server-running-on-azure<\/a><\/p>\n<p><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/virtual-machines\/linux\/create-ssh-keys-detailed\">https:\/\/docs.microsoft.com\/en-us\/azure\/virtual-machines\/linux\/create-ssh-keys-detailed<\/a><\/p>\n<p>Discusses SOCKS5 support in browsers: <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/hdinsight\/hdinsight-linux-ambari-ssh-tunnel\">https:\/\/docs.microsoft.com\/en-us\/azure\/hdinsight\/hdinsight-linux-ambari-ssh-tunnel<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this post, Premier Developer consultant Kurt Schenk walks us through setting up an SSH connection to Azure using a jumpbox. Using SSH to access resources is becoming increasingly common for Windows users. Some typical scenarios are connecting to Linux VMs from Windows development computers; another common one is using SSH to connect to VMs [&hellip;]<\/p>\n","protected":false},"author":581,"featured_media":37840,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[25],"tags":[24,26,27,28],"class_list":["post-17915","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure","tag-azure","tag-kurt-schenk","tag-linux","tag-ssh"],"acf":[],"blog_post_summary":"<p>In this post, Premier Developer consultant Kurt Schenk walks us through setting up an SSH connection to Azure using a jumpbox. Using SSH to access resources is becoming increasingly common for Windows users. Some typical scenarios are connecting to Linux VMs from Windows development computers; another common one is using SSH to connect to VMs [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/posts\/17915","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/users\/581"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/comments?post=17915"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/posts\/17915\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/media\/37840"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/media?parent=17915"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/categories?post=17915"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/tags?post=17915"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}