Documentation

Your comprehensive guide to Azure services

Connect to Azure Virtual Machines

This document outlines the various methods and best practices for connecting to your Azure Virtual Machines (VMs) securely and efficiently. Whether you're connecting from Windows, Linux, or macOS, we've got you covered.

On this page:

Connecting to Windows VMs

Azure provides several ways to connect to your Windows VMs. The most common methods are RDP and SSH tunneling.

Remote Desktop Protocol (RDP)

RDP is the standard protocol for connecting to Windows desktops. You can connect to your Windows VM using the RDP client available on most operating systems.

  1. Obtain the VM's IP Address or DNS Name: You can find this in the Azure portal under your VM's overview page.
  2. Open your RDP Client: On Windows, search for "Remote Desktop Connection". On macOS, you can download the Microsoft Remote Desktop client from the App Store.
  3. Enter the IP Address or DNS Name: Type the address into the "Computer" field.
  4. Connect: Click "Connect". You will be prompted for the username and password you configured when creating the VM.
Tip: Ensure that port 3389 (the default RDP port) is open in your VM's Network Security Group (NSG) and any firewalls.

SSH Tunneling for RDP

For enhanced security, you can tunnel RDP traffic over an SSH connection. This is particularly useful if you want to avoid exposing the RDP port directly to the internet.

Steps (using OpenSSH on Linux/macOS):

  1. Ensure you have SSH access to the VM and that port 22 is open in the NSG.
  2. Establish an SSH tunnel: 
    ssh -L 33890:localhost:3389 your_username@your_vm_public_ip
  3. In your RDP client, connect to localhost:33890.

For Windows, you can use tools like PuTTY to configure SSH tunneling.

Connecting to Linux VMs

Connecting to Linux VMs typically involves SSH, but RDP can also be configured.

Secure Shell (SSH)

SSH is the most common and secure method for connecting to Linux VMs. Most Linux distributions come with an SSH client pre-installed.

Steps:

  1. Obtain the VM's IP Address or DNS Name: From the Azure portal.
  2. Open your Terminal or SSH Client:
  3. Connect using SSH: 
    ssh your_username@your_vm_public_ip

    If you are using SSH keys for authentication, you might use:

    ssh -i /path/to/your/private/key your_username@your_vm_public_ip
  4. You will be prompted for your password or passphrase for your SSH key.
Tip: It is highly recommended to use SSH key pairs instead of passwords for authentication. Ensure port 22 is open in your VM's NSG.

RDP to Linux (with xrdp)

While not as common as SSH, you can install and configure xrdp on your Linux VM to enable RDP connections. This requires additional setup and is often used for graphical desktop environments.

General Steps (may vary by distribution):

  1. Connect to your Linux VM via SSH.
  2. Install the desktop environment (e.g., GNOME, KDE).
  3. Install xrdp.
  4. Configure xrdp to use your desktop environment.
  5. Ensure port 3389 is open in the NSG.
  6. Connect using an RDP client, pointing to your VM's IP address.

Refer to specific Linux distribution documentation for detailed installation and configuration steps.

Security Considerations

Securing your VM connections is paramount. Utilize these Azure features to enhance security.

Network Security Groups (NSGs)

NSGs act as a firewall for your Azure Virtual Machines, controlling inbound and outbound traffic. Always configure NSGs to allow only necessary ports (e.g., 22 for SSH, 3389 for RDP) from trusted IP addresses or ranges.

Azure Bastion

Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH access to your VMs directly through the Azure portal over TLS. It eliminates the need to expose public IP addresses on your VMs, significantly reducing your attack surface.

Benefits of Azure Bastion:

  • No public IP required on VMs.
  • Access via Azure portal.
  • Browser-based RDP/SSH.
  • Integrated security features.

VPN and ExpressRoute

For connecting from your on-premises network to Azure VMs, consider using Azure VPN Gateway or Azure ExpressRoute. These solutions create a secure and private connection between your network and Azure, allowing you to access VMs without exposing them to the public internet.

Troubleshooting Common Connection Issues

  • Port Not Open: Verify that the required port (22 for SSH, 3389 for RDP) is open in both the Azure Network Security Group (NSG) and the VM's operating system firewall.
  • Incorrect Credentials: Double-check the username and password or ensure your SSH private key is correct and has the right permissions.
  • VM Status: Ensure the VM is running and healthy in the Azure portal.
  • Network Path: Check for any intermediate firewalls or network devices that might be blocking the connection.
  • DNS Resolution: If using DNS names, ensure they are resolving correctly.

For more detailed troubleshooting, consult the Azure VM Connection Troubleshooting Guide.