Cannot access VM Linux using SSH

Tsoi, Frank 1 Reputation point
2022-03-08T16:58:07.207+00:00

I have created a Linux VM (redhat) yesterday and I was able to access via SSH. But I cannot access using SSH today. The error is connection timed out. The Connection troubleshooting shows Network connectivity blocked by security group rule : defaultRule_DenyAllInBound. I am tried to add inbounding rule. but the error is failed to create security rule. Any idea how I can fix the issue? Thanks
181152-image.png

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,255 questions
{count} votes

1 answer

Sort by: Most helpful
  1. srbhatta-MSFT 8,546 Reputation points Microsoft Employee
    2022-03-10T05:32:38.863+00:00

    Hello @Tsoi, Frank ,
    Thanks for posting your query on Microsoft QnA.
    You are unable to add port 22 in the inbound security rule on NSG, because that will be open to internet, which is disallowed by your company policy that is applied on your subscription (as I can see from the error screenshot that you have shared). Policies are assigned to enforce compliance with your corporate standards.

    You can create an exclusion to the Azure Policy to exclude a resource (in your case the NSG) to allow to creation of inbound security rule allowing inbound connections from Internet to SSH port 22, thereby exposing port 22 to Internet. But, this will result in the NSG getting excluded and the same NSG might be applied to other VMs also, hence, it might be a point of concern. You can find more details about exclusion in this document. I have also attached a screenshot below on how it looks like.

    181735-2022-03-10-10-52-07-clipboard.png

    You can also create an exemption to perform the same task. Refer to this article. Like I mentioned above, this also will exempt the NSG from the Policy and the same NSG can be attached to other VMs.

    In your case, I would suggest you to once check with the Policy owner as adding exclusions might create an issue since the same NSG might be attached to multiple virtual machines.

    A workaround would be to connect to your VM via SSH using Azure Bastion. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH. For more details, refer.

    Hope this helps.

    --------------------

    Please don't forget to 179759-accept.png and 179670-upvote.png if you think the information provided was useful so that it can help others in the community looking for help on similar issues.

    0 comments No comments