Create an RDP connection to a Linux VM using Azure Bastion
This article shows you how to securely and seamlessly create an RDP connection to your Linux VMs located in an Azure virtual network directly through the Azure portal. Azure Bastion provides secure connectivity to all of the VMs in the virtual network in which it's provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH. For more information, see What is Azure Bastion?
When you use Azure Bastion, your VMs don't require a client or an agent. However, to connect to a Linux VM using RDP, you must install xrdp. See the next section for details.
Prerequisites and limitations
Make sure you've configured an Azure Bastion host for the virtual network in which the VM resides. For more information, see Create an Azure Bastion host. Once the Bastion service is provisioned and deployed in your virtual network, you can use it to connect to any VM in this virtual network.
The connection settings and features that are available depend on the Bastion SKU you're using.
- RDP to a Linux VM is only available for the Standard SKU or higher. To check your SKU or upgrade to a higher SKU tier, see Upgrade the SKU.
- To see the available features and settings per SKU tier, see the SKUs and features section of the Bastion overview article.
To use RDP with a Linux virtual machine, you must also ensure that you have xrdp installed and configured on the Linux VM. To learn how to do this, see Use xrdp with Linux.
You must use username/password authentication.
Required roles
In order to make a connection, the following roles are required:
- Reader role on the virtual machine
- Reader role on the NIC with private IP of the virtual machine
- Reader role on the Azure Bastion resource
- Reader role on the virtual network of the target virtual machine (if the Bastion deployment is in a peered virtual network).
Ports
To connect to the Linux VM via RDP, you must have the following ports open on your VM:
- Inbound port: RDP (3389) or
- Inbound port: Custom value (you'll then need to specify this custom port when you connect to the VM via Azure Bastion)
Connect
In the Azure portal, go to the virtual machine that you want to connect to. On the Overview page, select Connect, then select Bastion from the dropdown to open the Bastion page.
On the Bastion page, expand the Connection Settings section. If you don't see Connection Settings, your Bastion deployment is using the Basic SKU. See Upgrade a SKU for steps to upgrade.
- Select RDP.
- If you plan to use an inbound port different from the standard RDP port (3389), enter the Port.
Enter the Username and Password, and then select Connect to connect to the VM. The RDP connection to this virtual machine via Bastion will open directly in the browser (over HTML5) using port 443 and the Bastion service.
Next steps
Read the Bastion FAQ for more information.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for