General SSH use
Use this page for direct SSH to target VM through Azure Bastion native client.
Contents
Prerequisites
- Azure CLI installed.
- Access to Bastion resource and target VM resource.
- SSH private key present locally.
Quick checks:
az version
az account show --output table
How-to steps
- Sign in to Azure:
az login
az account set --subscription "<SUBSCRIPTION_NAME_OR_ID>"
- Resolve target VM resource ID:
az vm show \
--resource-group "<TARGET_VM_RESOURCE_GROUP>" \
--name "<TARGET_VM_NAME>" \
--query id -o tsv
- Connect via Bastion:
az network bastion ssh \
--name "<BASTION_NAME>" \
--resource-group "<BASTION_RESOURCE_GROUP>" \
--target-resource-id "<TARGET_VM_RESOURCE_ID>" \
--auth-type ssh-key \
--username "<ENTRA_USERNAME>" \
--ssh-key ~/.ssh/id_rsa
Crime example
Use this pattern with Crime-specific values:
az network bastion ssh \
--name "<CRIME_BASTION_NAME>" \
--resource-group "<CRIME_BASTION_RG>" \
--target-resource-id "<CRIME_TARGET_VM_RESOURCE_ID>" \
--auth-type ssh-key \
--username "<ENTRA_USERNAME>" \
--ssh-key ~/.ssh/id_rsa
Verification
A successful connection will drop you into an interactive shell on the target VM. Verify you are on the expected host:
hostname
uname -n
The output should match the target VM name. If the prompt does not appear within 30 seconds, the connection has failed — check the Bastion name, resource group, and VM resource ID.
Troubleshooting
See the Troubleshooting page for common failures including command not found, auth errors, and role assignment issues.
Additional Information
- SSH Port Forwarding and services — forward ports after connecting.
- Using Azure Portal — browser-based alternative.
- Additional guidance via links — Microsoft docs for CLI and SKU details.
This page was last reviewed on 11 June 2026.
It needs to be reviewed again on 11 December 2026
by the page owner platops-build-notices
.
This page was set to be reviewed before 11 December 2026
by the page owner platops-build-notices.
This might mean the content is out of date.