As you already doing jit access help you to enable open ports for a period of time, however currently isn't supported for a particular public IP. An alternative It's enable your jit access and execute an script to modify the rule on your NSG to only permit access from your public ip:
az network nsg rule update --name MyRule --nsg-name MyNsg --resource-group MyResourceGroup --access Allow --protocol Tcp --direction Inbound --priority 100 --source-address-prefixes <public-ip> --source-port-ranges '*' --destination-address-prefixes '*' --destination-port-ranges 22
Here additional information about Jit is working:
[Bonus track]On the other hand, I also faced that challenge some time ago , so that I did it and you can do is:
- Deploy a load balancer / application gateway (ref: https://learn.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-public-portal )
- Add your VMs as backend and
- Publish a custom port for each VM (e.g. : 1022, 2022) -- Less atacks from internet ( ref: https://learn.microsoft.com/en-us/azure/load-balancer/manage-rules-how-to ) Add a rule to only permit call from you specific public IP.
- You can remove public IPs of your linux VMS(IF you are using this public Ips only to get remote access)
With this workaround will use less public IP resources but require and additional Azure resource.