Privacy and cookie policy


2017-11-07 17:38

Workaround for connecting SSH “source IP” protected VM from Azure Cloud Shell

Cloud Shell Bash sessions are de-facto Linux Azure Virtual Machines, created, allocated and bound dynamically to users opening a session. The VMs are managed by Azure and created outside subscriber’s Virtual Networks. From them is often impossible to SSH user’s VMs if Network Security Groups rules do not permit SSH from the Internet. A workaround is to create a dedicated NSG rule to allow the SSH connections from the VM currently assigned. At the beginning of the session, the rule must be updated with the currently assigned IP address and activated (“allow”). At the end of the session the rule should be “denied”. A couple of scripts can help setting the rule. In the example, “SSH_FromCloudShell” is the rule the script will modify. The Cloudshellallow.sh script use https://ifconfig.co to get the current public IP address.

Cloudshellallow.sh

echo --- START ---

myPubIP=$(curl https://ifconfig.co)

read -p "The publis IP address is: $myPubIP Press enter to continue"

echo "Updating NSG rule. Please wait..."

az network nsg rule update \

--nsg-name "my_nsg_rule_name" \

--resource-group "my_res_group" \

--name "SSH_FromCloudShell" \

--source-address-prefix $myPubIP \

--access Allow

echo --- THE END ---

Cloudshelldeny.sh

echo --- START ---

echo "Updating NSG rule. Please wait..."

az network nsg rule update \

--nsg-name "my_nsg_rule_name" \

--resource-group "my_res_group" \

--name "SSH_FromCloudShell" \

--access Deny

echo --- THE END ---