Connect with SSH to Windows or Linux worker nodes for maintenance and troubleshooting
Applies to: AKS on Azure Stack HCI 22H2, AKS on Windows Server
You might need to access Windows or Linux worker nodes in AKS enabled by Azure Arc for maintenance, log collection, or other troubleshooting operations. For security purposes, you must create a Secure Shell Protocol (SSH) connection to access the Windows or Linux worker nodes. To use SSH, you sign in using the node's IP address.
This article describes how to create an SSH connection to access both Windows and Linux nodes.
Use SSH to connect to Windows worker nodes
To use SSH to sign in to a Windows worker node, run kubectl get to obtain the IP address of your node and capture the EXTERNAL-IP value.
Note
You must pass the correct location to your SSH private key. The following example uses the default location of %systemdrive%\akshci.ssh\akshci_rsa, but you might need to change this location if you requested a different path. To change the location, specify the -sshPublicKey parameter for Set-AksHciConfig.
To obtain the IP address of the Windows worker node, run the following command:
kubectl --kubeconfig=yourkubeconfig get nodes -o wide
Next, run ssh Administrator@ip to connect to a Windows node:
ssh -i $env:SYSTEMDRIVE\AksHci\.ssh\akshci_rsa administrator@<IP Address of the Node>
After you use SSH to connect to the node, you can run net user administrator * to update your administrator password.
Use SSH to connect to Linux worker nodes
To use SSH to sign in to a Linux worker node, first run kubectl get to obtain the IP address of your node and capture the EXTERNAL-IP value.
Note
You must pass the correct location to your SSH private key. The following example uses the default location of %systemdrive%\akshci.ssh\akshci_rsa, but you might need to change this location if you requested a different path. To change the location, specify the -sshPublicKey parameter for Set-AksHciConfig.
To obtain the IP address of the Linux worker node:
kubectl --kubeconfig=yourkubeconfig get nodes -o wide
Use ssh clouduser@ip to connect to the Linux node:
ssh -i $env:SYSTEMDRIVE\AksHci\.ssh\akshci_rsa clouduser@<IP Address of the Node>
After you use SSH to connect to the node, you can run net user administrator * to update your administrator password.
Next steps
- Review Known issues.
- Review Windows Admin Center known issues.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for