| author | cherylmc |
|---|---|
| ms.service | azure-bastion |
| ms.topic | include |
| ms.date | 01/28/2025 |
| ms.author | cherylmc |
The az network bastion tunnel command is another way that you can connect to your VMs. When you use this command, you can do the following:
- Connect from native clients on non-Windows local computers. (For example, a Linux computer.)
- Connect to a VM using SSH or RDP. (The bastion tunnel doesn't relay web servers or hosts.)
- Use the native client of your choice.
- Transfer files to your target VM from your local computer.
Limitations:
- Signing in using an SSH private key stored in Azure Key Vault isn’t supported with this feature. Before signing in to your Linux VM using an SSH key pair, download your private key to a file on your local machine.
- This feature isn't supported on Cloud Shell.
Steps:
-
Sign in to your Azure account using
az login. If you have more than one subscription, you can view them usingaz account listand select the subscription containing your Bastion resource usingaz account set --subscription "<subscription ID>". -
Open the tunnel to your target VM. Without root privileges use local port 1024 or above as ports below that are privileged ports only accessible by root.
az network bastion tunnel --name "<BastionName>" --resource-group "<ResourceGroupName>" --target-resource-id "<VMResourceId or VMSSInstanceResourceId>" --resource-port "<TargetVMPort>" --port "<LocalMachinePort>" -
Connect to your target VM using SSH or RDP, the native client of your choice, and the local machine port you specified in the previous step.
For example, you can use the following command if you have the OpenSSH client installed on your local computer:
ssh <username>@127.0.0.1 -p <LocalMachinePort>