Can't connect to Red Hat Linux VM via Putty and SSH

Question

Can't connect to Red Hat Linux VM via Putty and SSH

Tom Smith 70

When trying to connect to Linux VM via Putty and SSH (port 22), I can't connect and get a time out message. I can connect via the Azure CLI and to the console in Azure.

0 comments

Answer accepted by question author

0 additional answers

Your answer

Answer 1

Jilakara Hemalatha 12,915 Microsoft External Staff Moderator

Hi Tom Smith,

As the information provided was limited, I would like to clarify the issue based on my current understanding:

Inbound Port Rules: Please verify that the Network Security Group (NSG) associated with the virtual machine has an inbound rule allowing SSH traffic on port 22.
SSH Authentication: If you are using SSH key-based authentication, ensure that you have generated the private key using PuTTYgen. This private key must be used with an SSH client (e.g., PuTTY) to successfully establish the connection to the VM.

Reference: https://learn.microsoft.com/en-us/azure/virtual-machines/linux-vm-connect?tabs=Linux

Adding Root cause of the issue here:

The root cause of the SSH timeout was related to custom networking configuration during VM creation. The VM was initially deployed with manual changes to the IP settings and virtual network configuration, which caused the network interface and security rules not to be correctly applied. As a result, SSH traffic on port 22 could not reach the VM even though the NSG appeared to allow it.

To resolve the issue recommended

Recreated the virtual machine in the same region (East US) but with the Networking tab left at its default settings in new RG.

Ensured the public IP address, NSG, and subnet were automatically configured by Azure.

After these changes, the VM became reachable and the SSH connection via PuTTY and SSH succeeded without timeouts.

Tom Smith 70 Reputation points

2025-09-19T15:08:50.9533333+00:00

I verified the NSG is allowing inbound traffic and we are using username/password for authentication currently because this is a test environment
Jilakara Hemalatha 12,915 Reputation points Microsoft External Staff Moderator

2025-09-19T15:49:41.0033333+00:00
Hi

Having an inbound rule for port 22 in place is only one part of the configuration. Other factors may still prevent the SSH connection. For instance, the Network Security Group (NSG) could be linked to the wrong network interface or subnet. It’s important to verify in the Azure portal, under the Networking tab of your VM, that the correct NSG is associated

Reference: https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

Another frequent cause is the VM’s internal firewall. Even if Azure permits the traffic, the operating system itself may block port 22. For Linux VMs, you can inspect the firewall rules by running iptables or firewalld commands directly in the Azure Serial Console.

sudo firewall-cmd --list-all sudo iptables -L -n

If port 22 is missing, you can allow it with:

sudo firewall-cmd --permanent --add-port=22/tcp sudo firewall-cmd --reload

Also, make sure the SSH service (sshd) is running. From the Serial Console:

systemctl status sshd

If inactive, start and enable it:

sudo systemctl start sshd sudo systemctl enable sshd

Official Documentation for Further Assistance:

https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/troubleshoot-ssh-connection

https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/detailed-troubleshoot-ssh-connection

https://learn.microsoft.com/en-us/azure/virtual-network/troubleshoot-vm-connectivity

Please perform these checks and let us know the results. If the issue persists, please provide below details

1.Could you please confirm whether the Azure VM Agent is running on your Linux VM?

Are you connecting to the VM using the public IP or the private IP? If private, is there a VPN/ExpressRoute in place?

3.Have you confirmed the public IP address hasn’t changed recently?

4.Besides the inbound rule for SSH (port 22), have you tried assigning an outbound rule to ensure traffic responses are not being blocked?

5.Can you verify that the NSG is attached to the correct NIC or subnet?

When you created the VM it was the new VM?
Tom Smith 70 Reputation points

2025-09-19T16:16:01.11+00:00

I disabled the firewall for testing on the VM and verified the SSH service is running:
Jilakara Hemalatha 12,915 Reputation points Microsoft External Staff Moderator

2025-09-19T16:51:48.38+00:00
Thank you for sharing the details:

1.Could you please confirm whether the Azure VM Agent is running on your Linux VM?

2.Are you connecting to the VM using the public IP or the private IP? If private, is there a VPN/ExpressRoute in place?

3.Have you confirmed the public IP address hasn’t changed recently?

4.Besides the inbound rule for SSH (port 22), have you tried assigning an outbound rule to ensure traffic responses are not being blocked?

5.Can you verify that the NSG is attached to the correct NIC or subnet?

6.When you created the VM it was the new VM?

7.What was Redhat version and the region?

Can you share the screenshot of Azure CLI : ssh username@pubicipaddress?
Tom Smith 70 Reputation points

2025-09-19T17:12:24.2366667+00:00
Jilakara Hemalatha 12,915 Reputation points Microsoft External Staff Moderator

2025-09-22T02:11:59.6833333+00:00
Hi Tom Smith,

Thanks for sharing the details and the screenshot. Based on the information, I see you are using the Microsoft Entra ID SSH extension for authentication and encountering this error when connecting via PuTTY or other standard SSH clients on port 22:

key_exchange_identification: Connection

Your VM is configured to use the Microsoft Entra ID SSH extension, which enables authentication through Azure AD (Entra ID) using OpenSSH certificate-based authentication. This method is a modern and secure alternative to traditional SSH username/password or SSH key logins.

Azure CLI SSH commands integrate seamlessly with this extension and support authentication using short-lived OpenSSH certificates issued by Entra ID. That’s why these connections succeed.

Traditional SSH clients like PuTTY typically rely on password or private key-based authentication and, until recently, lacked full support for OpenSSH certificate-based authentication. This incompatibility can lead to connection timeouts or the SSH key exchange (kex_exchange_identification) error you are experiencing.

Could you please follow the below steps to resolve the issue:

1. Update PuTTY to the Latest Version:

Modern PuTTY versions now support OpenSSH certificate-based authentication, enabling compatibility with the Microsoft Entra ID SSH extension. Please download and use the latest PuTTY release to enable this functionality.

2. Verify Azure RBAC Role Assignments:

Ensure your Azure AD user has one of these roles assigned on the VM or resource group:

Virtual Machine Administrator Login

Virtual Machine User Login

Without these roles, Entra ID SSH authentication will be blocked.

3. Configure Traditional SSH Access (if needed):

If you prefer using PuTTY or other SSH clients without certificate support, you can enable password or SSH key authentication on the VM:

Reset the user password:

az vm reset-access --resource-group <ResourceGroup> --name <VMName> --user-name <username> --password <NewPassword>

Edit sshd_config on the VM to include:

sudo vi /etc/ssh/sshd_config

PasswordAuthentication yes

Restart the SSH service

sudo systemctl restart sshd

Alternatively, create an SSH key pair and configure authorized keys for SSH key-based login.

4. Microsoft Entra ID SSH Extension Considerations

The Entra ID SSH extension enables Azure AD certificate-based logins that might conflict with traditional SSH authentication settings.

You may temporarily disable the extension to test standard username/password SSH login.

Alternatively, continue using Azure CLI SSH commands for seamless certificate-based logins.

If required, please restart or redeploy the VM.

Could you please refer below documentations:

https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/troubleshoot-ssh-connection

https://learn.microsoft.com/en-us/entra/identity/devices/howto-vm-sign-in-azure-ad-linux

https://learn.microsoft.com/en-us/azure/virtual-machines/linux/ssh-from-windows#using-the-putty-ssh-client

Hope this helps to resolve the issue. Please let me know if you have any further questions or need assistance.
Jilakara Hemalatha 12,915 Reputation points Microsoft External Staff Moderator

2025-09-24T01:31:21.45+00:00

Hi Tom Smith,

Just checking if provided response was helpful. Could you please let me know if you have any queries.
Tom Smith 70 Reputation points

2025-09-24T12:33:17.13+00:00

I added the user to the Virtual Machine Administrator role, but I am still not able to connect.
Tom Smith 70 Reputation points

2025-09-24T13:50:05.3366667+00:00
Tom Smith 70 Reputation points

2025-09-24T16:10:33.85+00:00

I also noticed this on the AADSSHLoginforLinix Extension:

[ExtensionOperationError] Non-zero exit code: 20, /var/lib/waagent/Microsoft.Azure.ActiveDirectory.AADSSHLoginForLinux-1.0.3162.1/./installer.sh install [stdout] Machine OS: rhel v10.0 x86_64 Installing... Failed to update the RHUI cert; ignoring the error This is an Azure machine Configuring microsoft-prod repo [stderr] Error: Failed to download metadata for repo 'rhui-microsoft-azure-rhel10': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 16 100 16 0 0 1643 0 --:--:-- --:--:-- --:--:-- 1777 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to packages.microsoft.com:443 Cannot access https://packages.microsoft.com. Make sure this URL is not blocked by a firewall
Jilakara Hemalatha 12,915 Reputation points Microsoft External Staff Moderator

2025-09-30T16:58:12.0333333+00:00
Hi Tom Smith,

Thank you for your patience while we investigated this issue.

The root cause of the SSH timeout was related to custom networking configuration during VM creation. The VM was initially deployed with manual changes to the IP settings and virtual network configuration, which caused the network interface and security rules not to be correctly applied. As a result, SSH traffic on port 22 could not reach the VM even though the NSG appeared to allow it.

To resolve the issue recommended

Recreated the virtual machine in the same region (East US) but with the Networking tab left at its default settings in new RG.

Ensured the public IP address, NSG, and subnet were automatically configured by Azure.

After these changes, the VM became reachable and the SSH connection via PuTTY and SSH succeeded without timeouts.

As issue got resolved. Could you please take a moment to accept the answer and upvote it. So, it will be helpful to community members who is facing same issue.

Thank you for helping to improve Microsoft Q&A!

Share via

Can't connect to Red Hat Linux VM via Putty and SSH

0 additional answers

Your answer