I need to attach a GPU VM created in the same vnet of the ML workspace

Question

I need to attach a GPU VM created in the same vnet of the ML workspace

Arturo Sánchez Pineda 17

Hi,

I need to attach a VM that has public and private IPs to an ML Studio workspace. Both are in the same VNet, and the VNet is private, so no access to the internet.

The command like (also via the Web GUI)

az ml compute attach --resource-group rg-azml-xxx --workspace-name mlw-azml-xxx --name ml-yyy-02 --type virtualmachine --resource-id /subscriptions/xxx/resourcegroups/yyy/providers/Microsoft.Compute/virtualMachines/zzz-linux-02 --admin-username xxx --ssh-private-key-file /Users/yyy_key.pem

gives


(BadRequest) Could not authenticate '20.xxx.yyy.zzz:22' against the SSH service. Verify that the supplied credentials are correct.

Code: BadRequest
Message: Could not authenticate '20.

But, again, if I use the VPN I can SSH into the machine using its public IP. I need to attach this machine. Please help.
There is not reason I cannot attach a VM that is in the same vnet. I need a way to tell to the attach to use Azure network, not the internet.

Docs:
https://learn.microsoft.com/en-us/cli/azure/ml/compute?view=azure-cli-latest#az-ml-compute-attach

az ml compute attach --resource-group
                     --workspace-name
                     [--admin-password]
                     [--admin-username]
                     [--file]
                     [--identity-type]
                     [--name]
                     [--namespace]
                     [--no-wait]
                     [--resource-id]
                     [--ssh-port]
                     [--ssh-private-key-file]
                     [--type]
                     [--user-assigned-identities]

Nikhil Duserla 7,935 Reputation points Microsoft External Staff Moderator

2025-05-12T17:43:21.43+00:00

Hello @Arturo Sánchez Pineda,

Are you trying to access the VM within the VNet using its private IP? Also, could you clarify where exactly you intend to attach the VM?

Could you please provide more details about the issue? This will help me better understand the problem and offer appropriate workarounds.
Nikhil Duserla 7,935 Reputation points Microsoft External Staff Moderator

2025-05-13T09:29:45.84+00:00

Hello @Arturo Sánchez Pineda,

I’ll be waiting for your response with the required details so I can proceed with troubleshooting your issue.
Arturo Sánchez Pineda 17 Reputation points

2025-05-13T12:48:28.9233333+00:00

Hi @Nikhil Duserla , thank you very much for your prompt reply.

Let me try to paint a better case:

We have an Azure ML studio workspace: https://learn.microsoft.com/en-us/azure/machine-learning/concept-workspace

This workspace is used by several users, where each of them has one or more compute instances. We also have some clusters.

Finally, as you can see in the pic attached, we can also Attach Computers. In our case, we have attached a VM created a few days ago. So, we know it works

The particularity of this workspace is that it is located in a private VNET, and I will maintain this configuration. Since each ML studio workspace has an ACR (container registry), the attached VM needs to be able to pull from it. Something that a machine external to the vnet cannot do

So, I created a new VM of the same type as the currently successfully attached one, but inside the same VNET as the workspace, so that it can "see" the elements connected to that VNET, such as the ACR.

The problem? When attempting to attach this second VM via the Web GUI or using the CLI, it complains that it cannot SSH, even though it has a public IP that is reachable from within the VNet (I am 100% sure I can SSH into the machine using its public or private IP, providing that my laptop is also inside the Network).

My suspicion, and I hope I am wrong, is that Azure attempts the SSH conection using the internet, instead of the backbone Azure network, that should be the way to go so that the attach work, even if the VM is in a private network only, since it is the same network than the workspace.

So, the question is: how do I tell Azure to SSH using the internal network?

Thanks again!

Arturo
Alex Burlachenko 10,255 Reputation points

2025-05-13T13:54:42.3733333+00:00

Arturo Sánchez Pineda it really helps clarify the situation. I understand now that your workspace and VMs are in a private virtual network, and you’re running into SSH issues when trying to attach a new VM, even though it’s in the same virtual network as the workspace.

From what you’ve described, it does seem like Azure ML might be trying to reach the VM over the public internet rather than through the internal Azure backbone network, even though both the workspace and the VM are in the same private virtual network. This would explain why SSH fails despite the VM being reachable from within the network.

Check the VM’s Network Security Group (NSG) Rules Even though the VM is in the same virtual network, the NSG might be blocking SSH traffic from the Azure ML service’s internal IP range. Make sure port 22 (SSH) is allowed from the subnet where the ML workspace is deployed. You can find more about NSG rules in the Microsoft documentation.

Ensure the VM’s Private IP is Used for SSH When attaching the VM via CLI, try explicitly specifying the private IP (if possible) or confirm that the resource-id parameter correctly points to the VM in the internal network. The az ml compute attach command should ideally use the private network, but if it defaults to public, we might need a workaround.

Verify the SSH Key and Credentials Double-check that the SSH key and username provided in the command are correct. Sometimes, the key format or permissions can cause issues. The Azure ML compute attach docs mention the --ssh-private-key-file parameter—ensure the key is in the right format (PEM) and accessible.

Test Internal Connectivity from Another VM If possible, try SSH’ing into the new VM from another VM in the same virtual network (like an existing attached compute instance). This will confirm whether the SSH service itself is working correctly inside the network.

Check Azure ML Service Endpoints Azure ML might use specific service tags or endpoints for internal communication. Ensure these are allowed in your NSG. The list of required service tags might help, even in a private network setup.

Temporary: Public IP with Restricted Access If nothing else works, you could try assigning a public IP to the VM temporarily (with strict NSG rules to only allow Azure ML’s IP range) just for the attach process, then remove the public IP afterward. This is not ideal but might help confirm the behavior.

Since your first VM attached successfully, comparing its NSG rules, subnet configuration, and SSH setup with the new VM might reveal differences.

Best regards,

Alex
Mounika Reddy Anumandla 6,845 Reputation points Microsoft External Staff Moderator

2025-05-14T11:24:40.8766667+00:00

Hi Arturo Sánchez Pineda,

Just checking in to see if you had a chance to review the response provided to your question.

Let me know if you have any further queries!

If the information is helpful, please click "Accept Answer" and "Upvote it."
Arturo Sánchez Pineda 17 Reputation points

2025-05-15T10:13:03.4366667+00:00
Hi team!

Thank you for the detailed feedback. We truly appreciate it. Let me reply that while re-making the steps we used to successfully attach a VM that was in a different vnet with internet access, so the SSH works via the internet, and we recover a "hack" idea related to the SSH key type:

We created a new SSH key using an Ed25519 type key (and not the older RSA format that Azure gives you by default), e.g. ssh-keygen -t ed25519 -f key

After inserting the new pub key in the ~/.ssh/authorized_keys we were able to attach the vm using the command line below (please, notice that there is no CLI option, nor in the web GUI to say what IP to use)

Arturo Sánchez Pineda 17

> az ml compute attach --resource-group rg-azml-xxx --workspace-name mlw-azml-zzz --name ml-vm-name --type virtualmachine --resource-id /subscriptions/xxx-yyy-zzz-000-111222333/resourcegroups/rg-azml-xxx/providers/Microsoft.Compute/virtualMachines/vm-name --admin-username yyy --ssh-private-key-file /Users/xxx/.ssh/key

output:

{ "id": "/subscriptions/xxx-yyy-zzz-000-111222333/resourcegroups/rg-azml-xxx/providers/Microsoft.Compute/virtualMachines/vm-name", "location": "planetearth", "name": "ml-vm-name", "provisioning_state": "Succeeded", "resourceGroup": "rg-azml-xxx", "resource_id": "/subscriptions/xxx-yyy-zzz-000-111222333/resourcegroups/rg-azml-xxx/providers/Microsoft.Compute/virtualMachines/vm-name", "ssh_settings": { "ssh_port": 22 }, "type": "virtualmachine" }

Arturo Sánchez Pineda 17 Reputation points

2025-05-15T10:20:20.25+00:00

...sorry, but this buggy chat keeps giving the message that I am not authorised when I try to put my complete answer, so it isn't easy to work like that....
Arturo Sánchez Pineda 17 Reputation points

2025-05-15T10:23:17.6633333+00:00
After that, to make the job able to go and run into the new vm attached, we needed to add to / etc/ ssh / sshd_config (inside the vm):

# allow rsa keys as well Match User corescience PubkeyAcceptedAlgorithms +ssh-rsa

And then sudo systemctl restart sshd. This is because without that customisation, even if the vm is successfully attached, the job has issues with SSH-ing into the vm. Why? because we are using a modern SSH key type, Azure appears to insist on using an old format in some areas but a newer one in others.

Note: This recipe was used to attach VMs in only private vnets and those connected to a VNET with internet access.

(PS: names of elements were changed for security reasons)
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Nikhil Duserla 7,935 Reputation points Microsoft External Staff Moderator

2025-05-19T18:28:25.8766667+00:00

Hello @Arturo Sánchez Pineda,

Apologies for the delayed response. Please bear with me I'm currently working on your issue and will get back to you shortly.
Manas Mohanty 5,950 Reputation points Microsoft External Staff Moderator

2025-05-20T08:31:01.9466667+00:00

Hello @Arturo Sánchez Pineda,

Just wanted to quickly summarize the case with respect to provided pointers from Alex Burlachenko

As I went through the issue notes from above.

Issue is

You are trying to connect Virtual machine to Secured Azure machine learning workspace. But that Virtual machine does not have a private IP must probably as it is trying to connect with a public Ip.

Could not authenticate '20.xxx.yyy.zzz:22' against the SSH service. Verify that the supplied credentials are correct.

These situations will happen AML would be blocking all public IPs until they are whitelisted. We should create a private endpoint against virtual network.

1. if you have not allowed inbound connection from that public IP to your subnet range or the credentials for virtual machine did not work. You can check the VM1 rule and port configuration in NSG which gets attached into AML studio to do the needed changes in VM2.

2. 22, 3389,80, 443 are not opened in your Virtual machine and NSG (Please check Inbound and outbound traffic

https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

You also need to add few other tags in outbound traffic-based scenario mentioned below.

Inbound and outbound traffic Azure ML

Thank you.
Arturo Sánchez Pineda 17 Reputation points

2025-05-22T11:32:57.7+00:00

Hi @Manas Mohanty , @Alex Burlachenko , all, thanks for the support once again. Sorry for the fragmented messages last time, but the chat has a setup that prevents some "command injection," which did not allow me to include all the parts of the message. In any case, as mentioned, we successfully solved the attachment issue using a modern SSH key algorithm.

The issue is that it is not straightforward to identify this limitation/issue/feature from Azure.

The part I am not comfortable with is that we needed to perform customisations inside the VM, as in my comment of May 15, 2025, 12:23 PM.

I also reviewed your recommendations for the NSG and the network, and they align. So, this is good (I did not perform changes there since it was always the case).

I don't know if I should declare the case as solved, but we are now at the point of using the attached machines for jobs and performing additional customisations, so the attached machines receive the correct credentials. But it is another case.

I am also open to suggestions on where to add that information, or any documentation I can help update, like https://learn.microsoft.com/en-us/cli/azure/ml/compute?view=azure-cli-latest#az-ml-compute-attach itself.

Thanks and cheers,

Arturo
Nikhil Duserla 7,935 Reputation points Microsoft External Staff Moderator

2025-05-23T10:39:30.6466667+00:00

Hello @Arturo Sánchez Pineda,

Thanks for letting us know.

1 answer

Your answer

Nikhil Duserla 7,935 Reputation points Microsoft External Staff Moderator

2025-05-12T17:43:21.43+00:00

Hello @Arturo Sánchez Pineda,

Are you trying to access the VM within the VNet using its private IP? Also, could you clarify where exactly you intend to attach the VM?

Could you please provide more details about the issue? This will help me better understand the problem and offer appropriate workarounds.
Nikhil Duserla 7,935 Reputation points Microsoft External Staff Moderator

2025-05-13T09:29:45.84+00:00

Hello @Arturo Sánchez Pineda,

I’ll be waiting for your response with the required details so I can proceed with troubleshooting your issue.
Arturo Sánchez Pineda 17 Reputation points

2025-05-13T12:48:28.9233333+00:00

Hi @Nikhil Duserla , thank you very much for your prompt reply.

Let me try to paint a better case:

We have an Azure ML studio workspace: https://learn.microsoft.com/en-us/azure/machine-learning/concept-workspace

This workspace is used by several users, where each of them has one or more compute instances. We also have some clusters.

Finally, as you can see in the pic attached, we can also Attach Computers. In our case, we have attached a VM created a few days ago. So, we know it works

The particularity of this workspace is that it is located in a private VNET, and I will maintain this configuration. Since each ML studio workspace has an ACR (container registry), the attached VM needs to be able to pull from it. Something that a machine external to the vnet cannot do

So, I created a new VM of the same type as the currently successfully attached one, but inside the same VNET as the workspace, so that it can "see" the elements connected to that VNET, such as the ACR.

The problem? When attempting to attach this second VM via the Web GUI or using the CLI, it complains that it cannot SSH, even though it has a public IP that is reachable from within the VNet (I am 100% sure I can SSH into the machine using its public or private IP, providing that my laptop is also inside the Network).

My suspicion, and I hope I am wrong, is that Azure attempts the SSH conection using the internet, instead of the backbone Azure network, that should be the way to go so that the attach work, even if the VM is in a private network only, since it is the same network than the workspace.

So, the question is: how do I tell Azure to SSH using the internal network?

Thanks again!

Arturo
Mounika Reddy Anumandla 6,845 Reputation points Microsoft External Staff Moderator

2025-05-14T11:24:40.8766667+00:00

Hi Arturo Sánchez Pineda,

Just checking in to see if you had a chance to review the response provided to your question.

Let me know if you have any further queries!

If the information is helpful, please click "Accept Answer" and "Upvote it."
Arturo Sánchez Pineda 17 Reputation points

2025-05-15T10:13:03.4366667+00:00

Hi team!

Thank you for the detailed feedback. We truly appreciate it. Let me reply that while re-making the steps we used to successfully attach a VM that was in a different vnet with internet access, so the SSH works via the internet, and we recover a "hack" idea related to the SSH key type:

We created a new SSH key using an Ed25519 type key (and not the older RSA format that Azure gives you by default), e.g. ssh-keygen -t ed25519 -f key

After inserting the new pub key in the ~/.ssh/authorized_keys we were able to attach the vm using the command line below (please, notice that there is no CLI option, nor in the web GUI to say what IP to use)
Arturo Sánchez Pineda 17 Reputation points

2025-05-15T10:16:02.97+00:00

> az ml compute attach --resource-group rg-azml-xxx --workspace-name mlw-azml-zzz --name ml-vm-name --type virtualmachine --resource-id /subscriptions/xxx-yyy-zzz-000-111222333/resourcegroups/rg-azml-xxx/providers/Microsoft.Compute/virtualMachines/vm-name --admin-username yyy --ssh-private-key-file /Users/xxx/.ssh/key

output:

{ "id": "/subscriptions/xxx-yyy-zzz-000-111222333/resourcegroups/rg-azml-xxx/providers/Microsoft.Compute/virtualMachines/vm-name", "location": "planetearth", "name": "ml-vm-name", "provisioning_state": "Succeeded", "resourceGroup": "rg-azml-xxx", "resource_id": "/subscriptions/xxx-yyy-zzz-000-111222333/resourcegroups/rg-azml-xxx/providers/Microsoft.Compute/virtualMachines/vm-name", "ssh_settings": { "ssh_port": 22 }, "type": "virtualmachine" }
Arturo Sánchez Pineda 17 Reputation points

2025-05-15T10:20:20.25+00:00

...sorry, but this buggy chat keeps giving the message that I am not authorised when I try to put my complete answer, so it isn't easy to work like that....
Arturo Sánchez Pineda 17 Reputation points

2025-05-15T10:23:17.6633333+00:00

After that, to make the job able to go and run into the new vm attached, we needed to add to / etc/ ssh / sshd_config (inside the vm):

# allow rsa keys as well Match User corescience PubkeyAcceptedAlgorithms +ssh-rsa

And then sudo systemctl restart sshd. This is because without that customisation, even if the vm is successfully attached, the job has issues with SSH-ing into the vm. Why? because we are using a modern SSH key type, Azure appears to insist on using an old format in some areas but a newer one in others.

Note: This recipe was used to attach VMs in only private vnets and those connected to a VNET with internet access.

(PS: names of elements were changed for security reasons)
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Nikhil Duserla 7,935 Reputation points Microsoft External Staff Moderator

2025-05-19T18:28:25.8766667+00:00

Hello @Arturo Sánchez Pineda,

Apologies for the delayed response. Please bear with me I'm currently working on your issue and will get back to you shortly.
Manas Mohanty 5,950 Reputation points Microsoft External Staff Moderator

2025-05-20T08:31:01.9466667+00:00

Hello @Arturo Sánchez Pineda,

Just wanted to quickly summarize the case with respect to provided pointers from Alex Burlachenko

As I went through the issue notes from above.

Issue is

You are trying to connect Virtual machine to Secured Azure machine learning workspace. But that Virtual machine does not have a private IP must probably as it is trying to connect with a public Ip.

Could not authenticate '20.xxx.yyy.zzz:22' against the SSH service. Verify that the supplied credentials are correct.

These situations will happen AML would be blocking all public IPs until they are whitelisted. We should create a private endpoint against virtual network.

1. if you have not allowed inbound connection from that public IP to your subnet range or the credentials for virtual machine did not work. You can check the VM1 rule and port configuration in NSG which gets attached into AML studio to do the needed changes in VM2.

2. 22, 3389,80, 443 are not opened in your Virtual machine and NSG (Please check Inbound and outbound traffic

https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

You also need to add few other tags in outbound traffic-based scenario mentioned below.

Inbound and outbound traffic Azure ML

Thank you.
Arturo Sánchez Pineda 17 Reputation points

2025-05-22T11:32:57.7+00:00

Hi @Manas Mohanty , @Alex Burlachenko , all, thanks for the support once again. Sorry for the fragmented messages last time, but the chat has a setup that prevents some "command injection," which did not allow me to include all the parts of the message. In any case, as mentioned, we successfully solved the attachment issue using a modern SSH key algorithm.

The issue is that it is not straightforward to identify this limitation/issue/feature from Azure.

The part I am not comfortable with is that we needed to perform customisations inside the VM, as in my comment of May 15, 2025, 12:23 PM.

I also reviewed your recommendations for the NSG and the network, and they align. So, this is good (I did not perform changes there since it was always the case).

I don't know if I should declare the case as solved, but we are now at the point of using the attached machines for jobs and performing additional customisations, so the attached machines receive the correct credentials. But it is another case.

I am also open to suggestions on where to add that information, or any documentation I can help update, like https://learn.microsoft.com/en-us/cli/azure/ml/compute?view=azure-cli-latest#az-ml-compute-attach itself.

Thanks and cheers,

Arturo
Nikhil Duserla 7,935 Reputation points Microsoft External Staff Moderator

2025-05-23T10:39:30.6466667+00:00

Hello @Arturo Sánchez Pineda,

Thanks for letting us know.

Answer 1

Hi Arturo Sánchez Pineda

еhank you for reaching out and sharing your question on the Q&A portal. I appreciate the details you provided.

It sounds like you’re encountering an authentication error when trying to attach the VM, even though both the VM and the ML workspace are in the same private virtual network. Since the virtual network has no internet access, the error suggests the system might still be trying to reach the VM via its public IP, which isn’t what you want.

First, let’s confirm that the VM is properly configured for SSH access within the virtual network. Since you mentioned you can SSH into the machine via VPN using its public IP, the next step is to ensure the ML workspace can communicate with the VM using its private IP. You can find more details about configuring private networks for Azure ML in the Microsoft documentation.

When running the az ml compute attach command, make sure the SSH key and username are correct. Also, since the VM is in a private network, you might need to explicitly specify the private IP or ensure the command is executed in a way that routes traffic internally. The Azure ML compute attach documentation explains the parameters, but it doesn’t explicitly mention private network usage, so we might need to adjust the approach.

One thing to try is verifying the VM’s network security group (NSG) rules to ensure SSH traffic (port 22) is allowed from the ML workspace’s subnet. You can check NSG settings in the Azure Virtual Networks documentation.

If the issue persists, you could also try using the VM’s private IP directly in the command (if supported).

Let me know if this helps.

Best regards,
Alex
P.S. If my answer help to you, please Accept my answer
PPS That is my Answer and not a Comment
https://ctrlaltdel.blog/

just seen your last comment... it really helps clarify the situation. I understand now that your workspace and VMs are in a private virtual network, and you’re running into SSH issues when trying to attach a new VM, even though it’s in the same virtual network as the workspace.

From what you’ve described, it does seem like Azure ML might be trying to reach the VM over the public internet rather than through the internal Azure backbone network, even though both the workspace and the VM are in the same private virtual network. This would explain why SSH fails despite the VM being reachable from within the network.

Check the VM’s Network Security Group (NSG) Rules Even though the VM is in the same virtual network, the NSG might be blocking SSH traffic from the Azure ML service’s internal IP range. Make sure port 22 (SSH) is allowed from the subnet where the ML workspace is deployed. You can find more about NSG rules in the Microsoft documentation.

Ensure the VM’s Private IP is Used for SSH When attaching the VM via CLI, try explicitly specifying the private IP (if possible) or confirm that the resource-id parameter correctly points to the VM in the internal network. The az ml compute attach command should ideally use the private network, but if it defaults to public, we might need a workaround.

Verify the SSH Key and Credentials Double-check that the SSH key and username provided in the command are correct. Sometimes, the key format or permissions can cause issues. The Azure ML compute attach docs mention the --ssh-private-key-file parameter—ensure the key is in the right format (PEM) and accessible.

Test Internal Connectivity from Another VM If possible, try SSH’ing into the new VM from another VM in the same virtual network (like an existing attached compute instance). This will confirm whether the SSH service itself is working correctly inside the network.

Check Azure ML Service Endpoints Azure ML might use specific service tags or endpoints for internal communication. Ensure these are allowed in your NSG. The list of required service tags might help, even in a private network setup.

Temporary: Public IP with Restricted Access If nothing else works, you could try assigning a public IP to the VM temporarily (with strict NSG rules to only allow Azure ML’s IP range) just for the attach process, then remove the public IP afterward. This is not ideal but might help confirm the behavior.

Since your first VM attached successfully, comparing its NSG rules, subnet configuration, and SSH setup with the new VM might reveal differences.

Share via

I need to attach a GPU VM created in the same vnet of the ML workspace

1 answer

Your answer