使用 Azure Bastion 通过 SSH 连接到 Linux 虚拟机Connect using SSH to a Linux virtual machine using Azure Bastion

本文介绍如何在 Azure 虚拟网络中通过 SSH 安全无缝地连接到 Linux VM。This article shows you how to securely and seamlessly SSH to your Linux VMs in an Azure virtual network. 可直接从 Azure 门户连接到 VM。You can connect to a VM directly from the Azure portal. 使用 Azure Bastion 时,VM 不需要客户端、代理或其他软件。When using Azure Bastion, VMs don't require a client, agent, or additional software. 有关 Azure Bastion 的详细信息,请参阅概述For more information about Azure Bastion, see the Overview.

可以使用 Azure Bastion 通过 SSH 连接到 Linux 虚拟机。You can use Azure Bastion to connect to a Linux virtual machine using SSH. 可以同时使用用户名/密码和 SSH 密钥进行身份验证。You can use both username/password and SSH keys for authentication. 可通过以下方法之一使用 SSH 密钥连接到 VM:You can connect to your VM with SSH keys by using either:

  • 手动输入的私钥A private key that you manually enter
  • 包含私钥信息的文件A file that contains the private key information

SSH 私钥必须采用以 "-----BEGIN RSA PRIVATE KEY-----" 开头并以 "-----END RSA PRIVATE KEY-----" 结尾的格式。The SSH private key must be in a format that begins with "-----BEGIN RSA PRIVATE KEY-----" and ends with "-----END RSA PRIVATE KEY-----".

准备阶段Before you begin

请确保已为 VM 所在的虚拟网络设置 Azure Bastion 主机。Make sure that you have set up an Azure Bastion host for the virtual network in which the VM resides. 有关详细信息,请参阅创建 Azure Bastion 主机For more information, see Create an Azure Bastion host. 在虚拟网络中预配和部署 Bastion 服务后,便可以使用它连接到此虚拟网络中的任何 VM。Once the Bastion service is provisioned and deployed in your virtual network, you can use it to connect to any VM in this virtual network.

使用 Bastion 进行连接时,它假设你使用 RDP 连接到 Windows VM,使用 SSH 连接到 Linux VM。When you use Bastion to connect, it assumes that you are using RDP to connect to a Windows VM, and SSH to connect to your Linux VMs. 若要了解如何连接到 Windows VM,请参阅连接到 VM - WindowsFor information about connecting to a Windows VM, see Connect to a VM - Windows.

必需的角色Required roles

需要使用以下角色进行连接:In order to make a connection, the following roles are required:

  • 虚拟机上的读者角色Reader role on the virtual machine
  • NIC 上的读者角色(使用虚拟机的专用 IP)Reader role on the NIC with private IP of the virtual machine
  • Azure Bastion 资源上的读者角色Reader role on the Azure Bastion resource

端口Ports

若要通过 SSH 连接到 Linux VM,必须在 VM 上打开以下端口:In order to connect to the Linux VM via SSH, you must have the following ports open on your VM:

  • 入站端口:SSH (22)Inbound port: SSH (22)

连接:使用用户名和密码Connect: Using username and password

  1. 打开 Azure 门户Open the Azure portal. 导航到要连接到的虚拟机,然后单击“连接”并从下拉列表中选择“Bastion”。Navigate to the virtual machine that you want to connect to, then click Connect and select Bastion from the dropdown.

    屏幕截图显示了 Azure 门户中虚拟机的概览,其中已选择“连接”。

  2. 单击“Bastion”后,会出现一个侧栏,上面有 3 个选项卡(“RDP”、“SSH”和“Bastion”)。After you click Bastion, a side bar appears that has three tabs - RDP, SSH, and Bastion. 如果已为虚拟网络预配了 Bastion,则默认情况下“Bastion”选项卡处于活动状态。If Bastion was provisioned for the virtual network, the Bastion tab is active by default. 如果未为虚拟网络预配 Bastion,请参阅配置 BastionIf you didn't provision Bastion for the virtual network, see Configure Bastion.

    屏幕截图显示了 Azure 门户中虚拟机的概览,其中已选择“连接”。

  3. 输入用于通过 SSH 连接到虚拟机的用户名和密码。Enter the username and password for SSH to your virtual machine.

  4. 输入密钥后,单击“连接”按钮。Click Connect button after entering the key.

连接:手动输入私钥Connect: Manually enter a private key

  1. 打开 Azure 门户Open the Azure portal. 导航到要连接到的虚拟机,然后单击“连接”并从下拉列表中选择“Bastion”。Navigate to the virtual machine that you want to connect to, then click Connect and select Bastion from the dropdown.

    屏幕截图显示了 Azure 门户中虚拟机的概览,其中已选择“连接”。

  2. 单击“Bastion”后,会出现一个侧栏,上面有 3 个选项卡(“RDP”、“SSH”和“Bastion”)。After you click Bastion, a side bar appears that has three tabs - RDP, SSH, and Bastion. 如果已为虚拟网络预配了 Bastion,则默认情况下“Bastion”选项卡处于活动状态。If Bastion was provisioned for the virtual network, the Bastion tab is active by default. 如果未为虚拟网络预配 Bastion,请参阅配置 BastionIf you didn't provision Bastion for the virtual network, see Configure Bastion.

    屏幕截图显示了 Azure 门户中虚拟机的概览,其中已选择“连接”。

  3. 输入用户名,并选择“SSH 私钥”。Enter the username and select SSH Private Key.

  4. 将私钥输入到文本区域“SSH 私钥”中(或直接进行粘贴)。Enter your private key into the text area SSH Private Key (or paste it directly).

  5. 输入密钥后,单击“连接”按钮。Click Connect button after entering the key.

连接:使用私钥文件Connect: Using a private key file

  1. 打开 Azure 门户Open the Azure portal. 导航到要连接到的虚拟机,然后单击“连接”并从下拉列表中选择“Bastion”。Navigate to the virtual machine that you want to connect to, then click Connect and select Bastion from the dropdown.

    屏幕截图显示了 Azure 门户中虚拟机的概览,其中已选择“连接”。

  2. 单击“Bastion”后,会出现一个侧栏,上面有 3 个选项卡(“RDP”、“SSH”和“Bastion”)。After you click Bastion, a side bar appears that has three tabs - RDP, SSH, and Bastion. 如果已为虚拟网络预配了 Bastion,则默认情况下“Bastion”选项卡处于活动状态。If Bastion was provisioned for the virtual network, the Bastion tab is active by default. 如果未为虚拟网络预配 Bastion,请参阅配置 BastionIf you didn't provision Bastion for the virtual network, see Configure Bastion.

    屏幕截图显示了 Azure 门户中虚拟机的概览,其中已选择“连接”。

  3. 输入用户名,并选择“本地文件中的 SSH 私钥”。Enter the username and select SSH Private Key from Local File.

  4. 单击“浏览”按钮(本地文件中的文件夹图标)。Click the Browse button (the folder icon in the local file).

  5. 通过浏览方式找到该文件,然后单击“打开”。Browse for the file, then click Open.

  6. 单击“连接”以连接到 VM。Click Connect to connect to the VM. 单击“连接”后,可连接到此虚拟机的 SSH 将直接在 Azure 门户中打开。Once you click Connect, SSH to this virtual machine will directly open in the Azure portal. 此连接通过 HTML5 在虚拟机的专用 IP 上使用 Bastion 服务的端口 443 进行。This connection is over HTML5 using port 443 on the Bastion service over the private IP of your virtual machine.

后续步骤Next steps

阅读 Bastion 常见问题解答Read the Bastion FAQ