File transfer using a native client
Azure Bastion offers support for file transfer between your target VM and local computer using Bastion and a native RDP or native SSH client. To learn more about native client support, refer to Configure Bastion native client support. While it might be possible to use third-party clients and tools to upload or download files, this article focuses on working with supported native clients.
- File transfers are supported using the native client only. You can't upload or download files using PowerShell or via the Azure portal.
- You can upload and download files using the Windows native client and RDP.
- You can upload and download files to a VM using the native client of your choice and either RDP or SSH.
- This feature requires the Standard SKU. The Basic SKU doesn't support using the native client.
- Install Azure CLI (version 2.32 or later) to run the commands in this article. For information about installing the CLI commands, see Install the Azure CLI and Get Started with Azure CLI.
- Get the Resource ID for the VM to which you want to connect. The Resource ID can be easily located in the Azure portal. Go to the Overview page for your VM and select the JSON View link to open the Resource JSON. Copy the Resource ID at the top of the page to your clipboard to use later when connecting to your VM.
The steps in this section apply when connecting to a target VM from a Windows local computer using the native Windows client and RDP. The az network bastion rdp command uses the native client MSTSC. Once connected to the target VM, you can upload and download files using right-click, then Copy and Paste. To learn more about this command and how to connect, see Connect from a Windows native client.
Note
File transfer over SSH is not supported using this method. Instead, use the az network bastion tunnel command to upload files over SSH.
Sign in to your Azure account. If you have more than one subscription, select the subscription containing your Bastion resource.
az login az account list az account set --subscription "<subscription ID>"
Sign in to your target VM via RDP using the following command. You can use either a local username and password, or your Microsoft Entra credentials. To learn more about how to use Microsoft Entra ID to sign in to your Azure Windows VMs, see Azure Windows VMs and Microsoft Entra ID.
az network bastion rdp --name "<BastionName>" --resource-group "<BastionResourceGroupName>" --target-resource-id "<VMResourceId>"
Once you sign in to your target VM, the native client on your computer opens up with your VM session. You can now transfer files between your VM and local machine using right-click, then Copy and Paste.
The steps in this section apply to native clients other than Windows, and Windows native clients that want to connect over SSH to upload files. This section helps you upload or download files from your local computer to your target VM over SSH or RDP using the az network bastion tunnel command. To learn more about the tunnel command and how to connect, see Connect from a Linux native client.
Sign in to your Azure account. If you have more than one subscription, select the subscription containing your Bastion resource.
az login az account list az account set --subscription "<subscription ID>"
Open the tunnel to your target VM using the following command:
az network bastion tunnel --name "<BastionName>" --resource-group "<ResourceGroupName>" --target-resource-id "<VMResourceId>" --resource-port "<TargetVMPort>" --port "<LocalMachinePort>"
Open a second command prompt to connect to your target VM through the tunnel. In this second command prompt window, you can specify to upload or download files. For a list of SCP commands and parameters, see SCP.
For example, you can upload files from your local computer to your target VM using the following command:
scp -P <LocalMachinePort> <local machine file path> <username>@127.0.0.1:<target VM file path>
For more VM features, see About VM connections and features.