SSH Connectivity
Azure Arc is a powerful tool that allows users to manage their hybrid infrastructure, including Windows Servers, from a single control plane. With Azure Arc, users can connect to their Windows Servers using Secure Shell (SSH), a popular cryptographic network protocol used for secure communication over unsecured networks. In this blog post, we will discuss the benefits of connecting to Windows Servers with SSH and provide technical steps on how to configure SSH on Azure Arc Windows Servers.
Benefits
Connecting to Windows Servers using SSH has several benefits, including:
• Security: SSH provides secure communication between the client and the server by encrypting the connection. No inbound port is needed as all communication is outbound from the Arc-enabled server. Hence, there is no requirement for an Azure public IP address or VPN connection.
• Portability: SSH is a cross-platform protocol, which means that it can be used on Windows, Linux, macOS, and other operating systems. This makes it easy to manage Windows Servers from different platforms. By comparison, the WinRM protocol can only manage the Windows operating system. With many organisations hosting Windows and Linux servers in the cloud, SSH is a convenient common protocol for connection.
• Automation: SSH can be used to automate tasks on Windows Servers, making it easier to manage multiple servers and perform repetitive tasks.
Implementation
To enable SSH connectivity:
- Install OpenSSH
- Navigate to the Azure portal and search for Azure Arc
- Choose Servers and select a server
- Select Extensions and click Add
- Click on OpenSSH for Windows – Azure Arc and click Next and Create
- Configure the Arc agent
- Select the Azure Arc server and choose Windows Admin Center (WAC)
- If WAC isn’t configured already, click Set Up (this can take a few minutes)
- Select WAC and click Connect (the Azure user account must be assigned the Windows Admin Center Administrator Login role)
- Choose PowerShell and enter the following commands to add port 22 to the list of ports (incomingconnections.ports)
- cmd /c “azcmagent config list”
- cmd /c “azcmagent config set incomingconnections.ports 22,xxxx,yyyy” (to add port 22 to the list if not already where xxxx and yyyy already exist)
- Ensure that the Azure user account used to connect has the Virtual Machine Local User Login role assigned
- Connect to the Arc server
- From the selected Azure Arc server, choose Connect
- Select Authentication type of Password and provide the local administrator user name
- Click Connect in browser or copy the generated ssh command to issue from your choice of client with Azure CLI or PowerShell
In conclusion, Azure Arc provides a powerful solution for managing and governing resources across hybrid environments. By connecting to your Azure Arc servers with SSH, you can simplify management, increase productivity, and maintain a consistent management experience.
