Avoid public ip to ssh into azure vm

Question

Hi we are using public ip and port 22 to ssh into our azure vm's. But we want to avoid the use of public ip due to security reasons. we looked into options like azure bastion but due to the pricing constraint we decided to drop that option. Can you please suggest other options like can we connect using private ip of vm or vpn gateway as such or any other suitable options. A sample supporting document would be really helpful.

Thanks in Advance.

Answer 1

@Shreyas Arani , There is no complete Azure alternative solution that can replace bastion. Having said that you can still be able to reduce the IP vulnerability attacks like Brute force attacks and DDoS attacks using the below solutions,

1. Deploying NSG on the subnet with necessary I/O security rules should block the IP access to certain IP's.
2. Deploying a VPN Gateway and connecting on microsoft backbone. In this method you can connect to VM using its private IP. This includes pricing.
3. Configuring Just-in-time access by configuring it through an Azure Virtual Machine blade or configure a JIT policy on a VM programmatically. This reduces the risk of attacks as the port will be closed until you access.
4. Deploying a jump host and hardening it with NSG. This increases infrastructure cost.

So, deploying the Azure Bastion is the best solution to provide a complete security solution.

----------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Answer 2

@Shreyas Arani - You can try setting up Site-Site/Point-Site VPN connection from you organizations private network. Once you establish any of these VPN connections, you can access VM with private IP address