Just In Time Access SSH Azure

Clinton Ivins 45 Reputation points
2023-11-08T08:48:18.22+00:00

Hi All,

I have a few VM's Ubuntu Linux in Azure, these host MongoDB's. I have attached an public IP nic in order to manage these via SSH with networking rules to allow my IP via SSH. I need to remove the public access, however i would like to enable Just in Time access that would add my IP (Local PC from Home) and attached a Public IP for me to connect for the duration of the access assigned via JIT. I have enabled JIT which updates the NSG, but i don't see a public IP assigned ? Firstly can this be done and if so how ?

Thanks in advance

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,427 questions
0 comments No comments
{count} votes

Accepted answer
  1. Luis Arias 6,796 Reputation points
    2023-11-08T12:00:38.4666667+00:00

    Hi Clinton,

    As you already doing jit access help you to enable open ports for a period of time, however currently isn't supported for a particular public IP. An alternative It's enable your jit access and execute an script to modify the rule on your NSG to only permit access from your public ip:

    az network nsg rule update --name MyRule --nsg-name MyNsg --resource-group MyResourceGroup --access Allow --protocol Tcp --direction Inbound --priority 100 --source-address-prefixes <public-ip> --source-port-ranges '*' --destination-address-prefixes '*' --destination-port-ranges 22
    

    Here additional information about Jit is working:

    https://learn.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-overview?tabs=defender-for-container-arch-aks

    [Bonus track]On the other hand, I also faced that challenge some time ago , so that I did it and you can do is:

    With this workaround will use less public IP resources but require and additional Azure resource.

    Cheers,

    Luis


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.