How to change SSH ports in Microsoft Azure properly? - linux

I have a virtual machine (for testing, not a production server) based on Ubuntu 14.04 LTS. The default SSH port 22 is opened by default on Azure
I want to change it to 12131. I edited my SSH configuration file and changed port to 12131, then reloaded ssh service by:
service ssh reload
Then I logged into my Windows Azure portal and updated endpoint SSH as:
Public Port 12131
Private Port 12131
Now I'm getting timeout with SSH. What is the proper way to change SSH port in Ubuntu 14.04 in Azure?
Thanks for the help.

First of all, the most important is the Public port. This is the Internet facing port. You can absolutely safely edit just the public port to XXXX and leave private port to 22. Azure Load Balancer (there is always a Load balancer in front of your VMs in Azure) will properly route the connection to your VM's 22 Port. Thus no need to edit your SSH daemon config.
I suggest that you start over with a new VM and only change the public port of the endpoint. You will not have issues with such configuration.
The issue you faced can be caused by IPTABLES configuration which does not allow incoming 12131.
Update
ubussl.cloudapp.net is configured exactly the way I describe. I let it there for test to connect. If you cannot connect, then it is our very own ISP that is blocking this connection. Try shifting the SSH public port to 80 or 443, while living the private to 22 to make sure the connection is not intentionally blocked by ISP / CORP firewall.

Change both the public and the private ports in the Endpoints configuration page to the desired port. Here I change the ports for SSH from 22 to 993

Related

Access Ubuntu Server VM on Azure

I've setup an Ubuntu Server on Azure. On this server, an application is running on port 3000. I want to access this application external. Azure tells me my server has public ip 40.68.XXX.XXX.
When I ping this IP, there is no response, despite ssh works when connecting to this IP-address.
I want to access 40.68.XXX.XXX:3000 external, does somebody know how to get this work?
Yes, you need to open up a port on the Network Security Group (NSG) and open up the port on your firewall (on the VM itself).
Easiest way to open the port is using the portal:
https://learn.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-nsg-quickstart-portal

How to open ports on azure virtual machine?

I set a new port by Add EndPoints option but it does not open that specific port on azure virtual machine.... i checked using following link
can any one tell me how to resolve this issue?
http://postimg.org/image/wb5rid6ib/
TCPSockets endpoint is not open on my virtual machine
Add-AzureEndpoint opens a port at the Azure firewall not your at your VM's side. That means after opening the port in Azure, you have to open the port at your VM's individual firewall, too. Depending on your operating system that could be done differently. E.g. in Windows Server you would configure the Windows Firewall.
More precisely, Add-AzureEndpoint create a port forwarding rule from the specified public port to the private port you have specified for your VM.

TCP connection to windows Azure VM

I have an Azure VM that I can't connect to. I have done the following steps. What am I missing here?
Created an endpoint (port 1431) in the portal
Created a rule for port 1431 in the firewall on the VM
Started a server (TCP Test Tool) that is listening on port 1431
Tried to connect locally with a client (port 1431) on the VM - Works as expected.
Tried to connect remotely to the VM - FAILS
If I try to telnet port 3389 (rdp) it works fine.
I have restarted the machine.
Any ideas?
Thanx
Andreas
Make sure the both the public endpoint port and private endpoint port are set to 1431.
In addition, test to make sure you setup your firewall rule correctly. An easy way to do this is to temporarily disable the firewall. Can you connect if you do this? If so your rule is not configured correctly.
Also, what do you mean you "can't connect" being that RDP works?
Lastly, try a different port number and see if it works.

Windows Azure Endpoint not working

I have a problem with my windows azure virtual machine.
I need to open the Port 443 (HTTPS) on the VM.
In the Endpoint Config. of the virtual machine, I opened it and configure the ACL with the following parameters:
Permit
0.0.0.0/0
It's a Windows Server 2012 VM and I created the firewall rule for the public Connection.
A Port Check from ping.eu shows that the port 443 is closed.
The Location of the virtual machine is Western Europe.
I hope, you can help me.
Kind Regards
Sebastian
I also had this issue and it was very annoying! I thought at first I was not setting up the SSL bindings correctly or that it was a certificate issue, then moved on to firewall issues. In the end it was the Azure endpoint at fault.
I had added the 443 endpoint, disabled local firewall and got nothing nothing. I got suspicious when I added a new endpoint on 8080, bound to https and it worked fine.
I deleted the 443 endpoint, shut the Azure VM down from the webinterface after shutting down the client. Created a new 443 endpoint and restarted the VM (I had already tried restarting my win2012r2 vm). It worked.
It must be a glitch in the networking stack of azure endpoints. You are not going mad!!
Hope that helps!
P
Did you also configure the Endpoint Configuration through the web management portal to forward connections from the ext->int ports ?
Anything you change on the Win2k12 Virtual machine will just affect the VM itself. i.e. opening 443 in the firewall, or configuring routes etc...
But you also need to allow a connection forward from the cloudapp.net public IP address to the internal IP of the box. See the below screenshot.
Another gotcha. In addition to setting up the Endpoint configuration, you need to enable IP Forwarding. This is disabled by default.
IP Forwarding can be found in the IP Configuration settings of the network interface.

Connection to azure virtual machine public port is timed out

I am using Azure Virtual Machine (Windows Server 2008 R2 image) provided from the gallery and created Public port and private port using the portal. I did remote log in to VM and I run a TCP server application inside VM (TCP server binds to the private port of the VM). Problem I face is that I can not connect it through the public IP and port (from external machine). I have created a inbound rule in VM's Firewall, where I enable connection to the Private port of VM. I tried recreating the VM, also the new ports. Still problem persists. One more thing I observed is that my TCP Client is able to connect to RemoteDesktop port of the VM also the PowerShell port. But does not connect to the port that I created through the portal. Pls suggest what can be wrong?
Note: I also observed some weird behavior. I enabled all ports for my TCP Server app in Inbound rule of firewall and found that some unknown IP (was similar to azure internal IP) is connecting to my server. Why it is happening?
I would like to understand as to how you are trying to connect with the Virtual Machine, using RDP or trying to test the connectivity, for example, using Port Ping.
Endpoints for RDP and Powershell are configured by default. So if you are trying to connect using Remote Desktop, you can directly connect to the VM using MSTSC from Run and provide the IP of the VM followed by the Port Number using the below format
xx.xx.xx.xx:3389
However if you would like to test the connectivity to the VM, I suggest you to use Port Ping instead of ICMP ping since ICMP traffic is blocked by the Azure load balancer and the ping requests timeout. While Ping.exe uses ICMP, other tools such as PsPing, Nmap, or Telnet allow you to test connectivity to a specific TCP port.
On the other hand, after creating the VM, you can add endpoints additionally as needed. You can also manage incoming traffic to the public port by configuring rules for the Network Access Control List (ACL) of the endpoint.
The private port is used internally by the virtual machine to listen for traffic on that endpoint.
The public port is used by the Azure load balancer to communicate with the virtual machine from
external resources. After you create an endpoint, you can use the network access control list
(ACL) to define rules that help isolate and control the incoming traffic on the public port. For
more information, see About Network Access Control Lists.

Resources