Running a VM in Azure is simple. Create it and it just works.
But if you need an RDP or SSH connection to it, you have to know about the security implications.
Enabling RDP or SSH on a VM will open an inbound port for the communication. And this is an invitation for hackers to try to get in using these ports.
A temporary solution is creating a really difficult password/key to get in or changing the port number on which the SSH/ RDP service is listening. But still, this is ‘like playing with fire’. Smart hackers can work around this.
What we need is some kind of terminal session to the VM without opening inbound ports.
Luckily, Microsoft offers a few solutions for this.
First of all, you can make use of the serial console page of the VM instance (as seen in a previous blog).
This is a simple solution but the console form factor is not that great and sometimes random logging messages are written over your shell access which makes it hard to do actual, serious work in this pane.
Recently, Microsoft offers a new and better solution called Azure Bastion.
Bastion enables seamless secure RDP/SSH connectivity to Azure Virtual Machines in your Azure Virtual Networks directly in your web browser and without the need of public IP on your Virtual Machines.
The relationship with VMs looks like this:
VM’s are made part of a virtual network containing a subnet called ‘AzureBastionSubnet’. Next to the VMs this Azure Bastion resource is running and that one makes it possible to create a secure SSH connection.
Note: you need to create an Azure portal connection ‘as a second channel’.
Let’s see how this works.Doorgaan met het lezen van “Secure SSH Connection to a VM using Azure Bastion”