SSH
Configure SSH for your Azure Arc-enabled Servers.
Introduction
The lab environment in this hack allows you to have SSH access to the Windows and Linux on prem servers as they are open to the internet and ports 22 (SSH) and 3389 (RDP) are allowed through for your source IP addresses. This is useful for the hack so that we can do the onboarding, but in most environments you will be onboarding servers that are on private networks.
SSH for Azure Arc-enabled Servers enables RBAC controlled SSH based connectivity without public IPs or open ports and therefore reduces the attack surface whilst maintaining centralised management capabilities.
Challenge
Enable SSH access to the on prem
-
Linux VMs using AAD credentials
-
Windows VMs using the onpremadmin account
Ensure the azcmagent incoming connections are configured for ports 22 and 3389 on the Windows servers
Note that the Microsoft.HybridConnectivity provider has already been registered in the Azure Pass subscriptions.
Success criteria
Demonstrate to your proctors that you:
- can connect to all hosts using either
az ssh arcorEnter-AzVM
Questions:
- Which built-in RBAC role would be a good choice for a security group of Linux users?
- How would you disable SSH access?
Resources
- https://learn.microsoft.com/azure/azure-arc/servers/ssh-arc-overview
- https://learn.microsoft.com/azure/active-directory/devices/howto-vm-sign-in-azure-ad-linux
- https://learn.microsoft.com/azure/azure-arc/servers/ssh-arc-troubleshoot
- https://learn.microsoft.com/cli/azure/ssh
- https://learn.microsoft.com/powershell/module/az.ssh
Next Steps
The endpoint you have created on your Windows on prem servers will also be used in the next lab where you will explore using Windows Admin Center.
Help us improve
Azure Citadel is a community site built on GitHub, please contribute and send a pull request
Make a change