The following forum(s) have migrated to Microsoft Q&A (Preview): Azure App Service - Web Apps!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

WEBAPP and SSH Access RRS feed

  • Question

  • Hey Everyone we are setting up a webapp and mysql database with scale out for a website. Everything is set up, but how can i set up ssh externally for the developers to login without authenticating the Azure AD.


    Wednesday, August 14, 2019 6:01 PM

All replies

  • Just to confirm, are you setting up this app as a Azure Cloud Service? I ask as I don't remember being able to setup Linux nodes for a cloud services.

    Else, are you setting this up as a Web App or Virtual machine? 

    Here are some links to help tell the differences

    Wednesday, August 14, 2019 7:06 PM
  • Yes i set it up as an Web App. The third link you mentioned.


    • Edited by ageless40 Thursday, August 15, 2019 1:52 PM
    Thursday, August 15, 2019 1:51 PM
  • Thanks for confirming. 

    For Web Apps, that is a PaaS solution which means MSFT manages all the underlying Guest OS. So we don't allow users to SSH into the physical nodes where the web apps are hosted. 

    Can you elaborate a bit on your ask here? What is the end goal? 

    Thursday, August 15, 2019 4:06 PM
  • I could use the web browser to log in with ssh

    But it requires authentication, which isnt a problem for me but I dont want to give an account for each dev that will be working on the project. Also i am curious if there is away to use there ssh client to log into it without use the browser


    Thursday, August 15, 2019 7:00 PM
  • Thanks for that. I moved your question to the correct forum and asked for assistance from our Web App engineers. They can provide more info as Web Apps are a bit out of my norm :) 
    Thursday, August 15, 2019 7:21 PM
  • About a year ago, we made it easier to SSH into your Web App running on Linux. We used to allow SSH only using WebSSH, so for those who wanted to use Putty, SSH from a console, etc. were out of luck. We now allow you to use any SSH client you want, and the process is much simpler.


    FYI, because SFTP is FTP over SSH, this capability also enables the ability to SFTP into the Web App.


    Note: Make sure that you follow the steps in "Additional Steps for Custom Images" if you are using WAF.


    Steps for SSH



    Note: Steps 1-4 will only have to be done once, assuming you don't log out of the Azure CLI.


    Step 1: Ensure you have the latest Azure CLI installed.

    You can install the Azure CLI from Note that the Azure CLI can be installed on Windows, MacOS, or Linux.


    Step 2: Run the Azure CLI and Log In

    After you've installed the Azure CLI, you need to run it and log into your Azure account. You can run the Azure CLI from either a command line or from PowerShell. To log in, run the following command:


    az login


    After you run this, you'll be walked through authenticating via a website.


    Step 3: Make sure you have the proper subscription set as the active subscription.

    If you have more than one subscription under your Azure account, you will need to set the subscription your Web App is in as the active subscription. To do that, enter the following command:


    az account set -s <subscription_name_or_ID>


    For example, if my Web App is in the subscription named jameschesub, I would enter the following command:


    az account set -s jameschesub


    Step 4: Make sure you have the latest webapp CLI extension installed.

    The webapp CLI extension allows you to interact with Web Apps using the Azure CLI. If you don't currently have the extension installed, run the following command to install it:


    az extension add --name webapp


    If you already have the webapp extension installed, you'll need to ensure you have the latest version. Do that using the following command:


    az extension update --name webapp


    Step 5: Open a TCP tunnel to your Web App

    In order to enable SSH access to your app, the webapp extension is used to open a TCP tunnel from your development machine. To open the TCP tunnel, use the following command:


    az webapp remote-connection create -g <resource_group> -n <web_app_name> -p <local_port>


    The resource group must be the one in which your Web App is running. The local port is any ephemeral port that is currently not being used on your development machine.


    As an example, assume I have a Web App named jwcwordpress and it's in a resource group named jwcblogs. If I want to SSH into that Web App using port 9000, I would enter the following command:


    az webapp remote-connection create -g jwcblogs -n jwcwordpress -p 9000


    I should see the following output after doing this:


    Port 9000 is open

    SSH is available { username: root, password: Docker! }

    Start your favorite client and connect to port 9000


    Step 6: SSH into your Web App.

    Now that the tunnel is open, you're ready to connect. Remember, you are connecting using a TCP tunnel open on your development machine, so you are actually going to connect to the host localhost on the port you specified. Here's an example screenshot in Putty.


    When you connect, you'll be prompted for a username and password. Use:


    Username: root

    Password: Docker!


    Note: The Azure CLI window must remain open when you are using SSH. If you close the Azure CLI window, you'll have to run the command to create the remote connection again. (You will also notice that diagnostic information is output to this window if things go wrong.)

    Thursday, August 15, 2019 11:12 PM