Enter-AzVM
Starts an interactive SSH session to an Azure Resource (such as Azure VMs or Arc Servers). Users can login using Microsoft Entra accounts, or local user accounts via standard SSH authentication. Use Microsoft Entra account login for the best security and convenience.
Syntax
Enter-AzVM
-ResourceGroupName <String>
-Name <String>
[-PublicKeyFile <String>]
[-PrivateKeyFile <String>]
[-UsePrivateIp]
[-LocalUser <String>]
[-Port <String>]
[-ResourceType <String>]
[-CertificateFile <String>]
[-SshArgument <String[]>]
[-Rdp]
[-PassThru]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]Enter-AzVM
-Ip <String>
[-PublicKeyFile <String>]
[-PrivateKeyFile <String>]
[-LocalUser <String>]
[-Port <String>]
[-CertificateFile <String>]
[-SshArgument <String[]>]
[-Rdp]
[-PassThru]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]Enter-AzVM
-ResourceId <String>
[-PublicKeyFile <String>]
[-PrivateKeyFile <String>]
[-UsePrivateIp]
[-LocalUser <String>]
[-Port <String>]
[-CertificateFile <String>]
[-SshArgument <String[]>]
[-Rdp]
[-PassThru]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]Description
Start interactive SSH session to an Azure Resource (currently supports Azure VMs and Arc Servers). Users can login using Microsoft Entra issued certificates or using local user credentials. We recommend login using Microsoft Entra issued certificates when possible. Important note: When connecting to Azure Arc resources, this cmdlet requires the Az.Ssh.ArcProxy module to also be installed in the client machine. The cmdlet will attempt to install the module from the PowerShell Gallery, but the user also has the option to install it themselves. It is important that the user also has permission to execute the Proxy files in the Az.Ssh.ArcProxy module, or the connection will fail. You can find the Az.Ssh.ArcServer module in the PowerShell Gallery: https://aka.ms/PowerShellGallery-Az.Ssh.ArcProxy.
Examples
Example 1: Connect to Azure Resource using Microsoft Entra issued certificates
Enter-AzVM -ResourceGroupName myRg -Name myMachineWhen a -LocalUser is not supplied, the cmdlet will attempt to login using Microsoft Entra ID. This is currently only supported for resources running Linux OS.
Example 2: Connect to Local User on Azure Resource using SSH certificates for authentication
Enter-AzVM -ResourceGroupName myRg -Name myMachine -LocalUser azureuser -PrivateKeyFile ./id_rsa -CertificateFile ./certExample 3: Connect to Local User on Azure Resource using SSH private key for authentication
Enter-AzVM -ResourceGroupName myRg -Name myMachine -LocalUser azureuser -PrivateKeyFile ./id_rsaExample 4: Connect to Local User on Azure Resource using interactive username and password authentication
Enter-AzVM -ResourceGroupName myRg -Name myMachine -LocalUser azureuserExample 5: Connect to the Public Ip of an Azure Virtual Machine using Microsoft Entra issued certificates
Enter-AzVM -Ip 1.2.3.4Example 6: Provide the Resource Type of the target.
Enter-AzVM -ResourceGroupName myRg -Name myMachine -ResourceType Microsoft.HybridCompute/machinesThis parameter is useful when there is more than one supported resource with the same name in the Resource Group.
Example 7: Connect to Azure Resource using Microsoft Entra certificate issued certificates and custom key files
Enter-AzVM -ResourceGroupName myRg -Name myMachine -PrivateKeyFile ./id_rsa -PublicKeyFile ./id_rsa.pubIf custom key files are not provided, the cmdlet will generate the key pair.
Example 8: Start RDP connection over SSH connection.
Enter-AzVM -ResourceGroupName myRg -Name myMachine -LocalUser username -RdpThis parameter is useful for creating RDP session to an Arc resource via Arc Connectivity Platform.
Parameters
-CertificateFile
SSH Certificate to be used to authenticate to local user account.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Force
When connecting to Arc resources, do not prompt for confirmation before updating the allowed port for SSH connection in the Connection Endpoint to match the target port or to install Az.Ssh.ArcProxy module from the PowerShell Gallery, if needed.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Ip
IP Address of target Azure VM.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-LocalUser
Username for a local user in the target resource.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Name of the target Azure Resource.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-PassThru
Returns true if connection is successful.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Port
Port to connect to on the remote host.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PrivateKeyFile
Path to private key file.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PublicKeyFile
Path to public key file.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Rdp
Start a RDP connection over SSH connection. Only supported on Windows OS.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceGroupName
Resource group name.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceId
Resource ID of the target resource.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceType
Resource type of the target resource.
| Type: | String |
| Accepted values: | Microsoft.HybridCompute/machines, Microsoft.Compute/virtualMachines, Microsoft.ConnectedVMwarevSphere/virtualMachines, Microsoft.ScVmm/virtualMachines, Microsoft.AzureStackHCI/virtualMachines |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SshArgument
Additional SSH arguments passed to OpenSSH.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UsePrivateIp
When connecting to an Azure VM, this flag specifies that it should connect to one of the private IPs of the VM. It requires connectivity to the private IP.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
String[]
Outputs
Related Links
Azure PowerShell
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for