On this weblog publish, I’ll stroll you thru the steps to connect with an Azure Arc-enabled Home windows Server utilizing RDP over SSH.
As a seasoned Home windows Administrator, I’m used to utilizing the Distant Desktop Protocol (RDP) to instantly connect with a Home windows Server and carry out vital duties.
Nevertheless, with the mix of SSH and onboarding your server into Azure Arc, turning it into an Arc-enabled server, now you can connect with an RDP session by means of the SSH tunnel arrange by the Azure Linked Machine agent.
This allows you to effortlessly connect with the RDP session in your native machine by way of a Home windows Terminal window, similar to a direct RDP connection, all by harnessing the facility of Azure Arc and SSH.
On this weblog publish, I’ll present you the way to do that.
Desk of Contents
Stipulations
- A bodily or digital server operating Home windows Server 2019, 2022, or 2025, onboarded to Azure Arc with at the least model 1.31.xxxx of the Azure Linked Machine agent. The server ought to have OpenSSH put in and enabled, or the OpenSSH for Home windows – Azure Arc extension, together with Distant Desktop Protocol (RDP) enabled.
- A administration server or administrator workstation with Azure CLI put in, model 2.0.0 or increased (at the moment 2.71.0), which is required to connect with the server by way of SSH.
- An account that may be a member of the native OpenSSH Customers or Directors group to ascertain an SSH connection to the server.
- An account that may be a member of the built-in Directors group or one other native group with RDP entry is required to log in to the server by way of RDP. This is usually a native consumer or a website consumer who’s a part of the Area Directors group or one other area group with the mandatory permissions.
- To log in with a website consumer, the area group the consumer belongs to have to be added to the sshd_config file on the server, for instance “Area Admins”.
Join by way of OpenSSH and RDP with a neighborhood consumer account
To attach over RDP by way of SSH with a neighborhood consumer account, first open a Home windows Terminal (or PowerShell) window in your administration server or administrator workstation.
Then, check in to Azure utilizing the Azure CLI with the az login command. This can will let you choose the right Azure subscription that accommodates the Arc-enabled server useful resource.
Subsequent, run the next command to ascertain an RDP connection over SSH to the Arc-enabled Home windows Server.
az ssh arc --resource-group --name --local-user --rdp
Within the instance beneath, the command used is:
az ssh arc --resource-group rg-prd-myh-arc-srv-03 --name swprds061 --local-user example-admin --rdp
Then, enter the native consumer password. For safety causes, be aware that you just received’t see any characters whereas typing.
Then click on Join within the “Distant Desktop Connection Safety Warning” dialog field, which seems if you happen to entered the right password.
Then enter your native consumer credentials to log in to the server.
Then click on Sure within the Distant Desktop Connection window, and you’ll start your work.
💡 You’ll discover that the connection seems to be made to localhost as a substitute of the particular server title. That’s as a result of the SSH tunnel creates a safe native endpoint in your machine, forwarding your RDP visitors by means of the tunnel to the distant server.
Join by way of OpenSSH and RDP with a website consumer
To attach over RDP by way of SSH with a website consumer account, the steps are the identical, apart from the consumer you’ll log in with. Begin by opening a Home windows Terminal (or PowerShell) window in your administration server or administrator workstation.
Subsequent, check in to Azure utilizing the az login command within the Azure CLI. This can will let you choose the right Azure subscription containing the Arc-enabled server useful resource.
Subsequent, run the next command to ascertain an RDP connection over SSH to the Arc-enabled Home windows Server utilizing a website account:
az ssh arc --resource-group --name --local-user "DOMAINUsername" --rdp
Within the instance beneath, I log in with a website consumer who’s a part of the Area Directors group. The command used is:
az ssh arc --resource-group rg-prd-myh-arc-srv-03 --name swprds061 --local-user "domainwmatthysen_xx" --rdp
After coming into the right password, click on Join within the “Distant Desktop Connection Safety Warning” dialog that seems.
Then, enter your area consumer credentials to log in to the server.
Subsequent, click on Sure within the Distant Desktop Connection window to proceed and start your work.
💡 Similar to with a neighborhood account, you’ll discover the connection is made to localhost reasonably than the precise server title. It is because the SSH tunnel units up a safe native endpoint in your machine, which forwards the RDP visitors to the distant server.
Frequent connection points
For those who neglect so as to add the area group that the area consumer belongs to within the sshd_config file on the server, you’ll obtain a “Connection closed by UNKNOWN port 65535” error.
For those who enter the unsuitable password for the consumer, whether or not native or area, you’ll have as much as three makes an attempt to retry. After that, you’ll see a “Permission denied (publickey, password, keyboard-interactive)” message, and the SSH connection shall be dropped.
Conclusion
RDP over SSH by way of Azure Arc presents a safe method to entry distant desktop periods, particularly helpful over public networks or when enhanced safety is required, all with out requiring a VPN or VPN consumer.
On this weblog publish, I confirmed you the way to do that with each a neighborhood consumer account and a website consumer account.
I hope that is useful in your surroundings, lab, or manufacturing. When you have any questions or recommendations about this weblog publish, be happy to succeed in out on X (@wmatthyssen) or go away a remark beneath.
