Create an RDP connection to a Linux VM using Azure Bastion

This article shows you how to securely and seamlessly create an RDP connection to your Linux VMs located in an Azure virtual network directly through the Azure portal. When you use Azure Bastion, your VMs don't require a client, agent, or additional software. You can also connect to a Linux VM using SSH.

Azure Bastion provides secure connectivity to all of the VMs in the virtual network in which it's provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH. For more information, see What is Azure Bastion?


Before you begin, verify that you've met the following criteria:

  • Make sure that you have set up an Azure Bastion host for the virtual network in which the VM resides. For more information, see Create an Azure Bastion host. Once the Bastion service is provisioned and deployed in your virtual network, you can use it to connect to any VM in this virtual network.

  • To use RDP with a Linux virtual machine, you must also ensure that you have xrdp installed and configured on the Linux VM. To learn how to do this, see Use xrdp with Linux.

  • Bastion must be configured with the Standard SKU.

  • You must use username/password authentication.

Required roles

In order to make a connection, the following roles are required:

  • Reader role on the virtual machine
  • Reader role on the NIC with private IP of the virtual machine
  • Reader role on the Azure Bastion resource
  • Reader role on the virtual network of the target virtual machine (if the Bastion deployment is in a peered virtual network).


To connect to the Linux VM via RDP, you must have the following ports open on your VM:

  • Inbound port: RDP (3389) or
  • Inbound port: Custom value (you'll then need to specify this custom port when you connect to the VM via Azure Bastion)


  1. In the Azure portal, go to the virtual machine that you want to connect to. On the Overview page, select Connect, then select Bastion from the dropdown to open the Bastion page. You can also select Bastion from the left pane.

    Screenshot of Connect.

  2. On the Bastion page, expand the Connection Settings section and select RDP. If you plan to use an inbound port different from the standard RDP port (3389), enter the Port.

    Screenshot showing port.

  3. Enter the Username and Password, and then select Connect to connect to the VM. The RDP connection to this virtual machine via Bastion will open directly in the browser (over HTML5) using port 443 and the Bastion service.

Next steps

Read the Bastion FAQ for more information.