To connect to your Linux VM over SSH from Windows, you can use PuTTY.
A common way to SSH into Linux is to use key-based authentication. This involves using a key pair:
- Public key: This gets appended to
/home/AzureUser/.ssh/authorized_keys(your admin username may vary)
- Private key: This is a plaintext file stored on your workstation that you gives you access.
Refer to the Microsoft documentation for more details.
You can download PuTTY here.
Create a key pair
Although you will be using PuTTY to SSH into the VM, you generate a key pair using PuTTYgen. This is what PuTTYgen looks like:
To generate a new key pair:
- Click Generate
- Follow the instructions (you will be asked to move your mouse to create randomness)
- Click Save public key
- Click Save private key
Set the public key when creating your VM
When you create a VM, you will see the following:
You can set SSH public key source to
Use existing public key.
This will reveal a field named SSH public key. Paste the contents of your public key in this box.
Set the public key on an existing VM
If your VM already exists, you can still set the public key.
Under the VM details page, go to Reset password.
This page gives you the option to Reset SSH public key, and to set your SSH public key.
Note: Be careful not to select
Reset configuration only, because this will
wipe out the SFTP Gateway specific settings in the
SSH into the VM using PuTTY
Once your public key is installed on the VM, you can finally SSH into the VM.
- For Connection type, make sure the SSH radio button is selected.
- In the Host Name field, enter
azureuser@<public ip>(your admin username and IP will vary)
- On the left, expand the SSH section, and click on Auth.
- Click on Browse to look for your private key (.PPK), and click Open.
- To launch the SSH session, click Open.
You should be prompted with the VM's host key, where you need to type
SSH attempt hangs and eventually times out
A common issue is that you will receive no feedback from the VM.
Chances are that the Network Security Group (NSG) does not have an ingress rule for your workstation's public IP over TCP port 22.
Check to verify this ingress rule exists.