Workaround for connecting SSH “source IP” protected VM from Azure Cloud Shell
Cloud Shell Bash sessions are de-facto Linux Azure Virtual Machines, created, allocated and bound dynamically to users opening a session. The VMs are managed by Azure and created outside subscriber’s Virtual Networks. From them is often impossible to SSH user’s VMs if Network Security Groups rules do not permit SSH from the Internet. A workaround is to create a dedicated NSG rule to allow the SSH connections from the VM currently assigned. At the beginning of the session, the rule must be updated with the currently assigned IP address and activated (“allow”). At the end of the session the rule should be “denied”. A couple of scripts can help setting the rule. In the example, “SSH_FromCloudShell” is the rule the script will modify. The Cloudshellallow.sh script use https://ifconfig.co to get the current public IP address.
Cloudshellallow.sh
echo --- START ---
myPubIP=$(curl https://ifconfig.co)
read -p "The publis IP address is: $myPubIP Press enter to continue"
echo "Updating NSG rule. Please wait..."
az network nsg rule update \
--nsg-name "my_nsg_rule_name" \
--resource-group "my_res_group" \
--name "SSH_FromCloudShell" \
--source-address-prefix $myPubIP \
--access Allow
echo --- THE END ---
Cloudshelldeny.sh
echo --- START ---
echo "Updating NSG rule. Please wait..."
az network nsg rule update \
--nsg-name "my_nsg_rule_name" \
--resource-group "my_res_group" \
--name "SSH_FromCloudShell" \
--access Deny
echo --- THE END ---
DISCLAIMER: Content and opinions are my own. None of the ideas expressed in this web-site are shared, supported, or endorsed in any manner by my current or former employers.
Nothing here should be taken seriously and you understand and accept that you can use any suggestions, ideas, techincal solutions on this web-site only at your own risk.
All trademarks are property of their respective owners.