Enter-AzVM
Starts an interactive SSH session to an Azure Resource (such as Azure VMs or Arc Servers).
Users can login using Microsoft Entra accounts, or local user accounts via standard SSH authentication. Use Microsoft Entra account login for the best security and convenience.
Syntax
Interactive (Default)
Enter-AzVM
-ResourceGroupName <String>
-Name <String>
[-PublicKeyFile <String>]
[-PrivateKeyFile <String>]
[-UsePrivateIp]
[-LocalUser <String>]
[-Port <String>]
[-ResourceType <String>]
[-CertificateFile <String>]
[-SshArgument <String[]>]
[-Rdp]
[-PassThru]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
IpAddress
Enter-AzVM
-Ip <String>
[-PublicKeyFile <String>]
[-PrivateKeyFile <String>]
[-LocalUser <String>]
[-Port <String>]
[-CertificateFile <String>]
[-SshArgument <String[]>]
[-Rdp]
[-PassThru]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ResourceId
Enter-AzVM
-ResourceId <String>
[-PublicKeyFile <String>]
[-PrivateKeyFile <String>]
[-UsePrivateIp]
[-LocalUser <String>]
[-Port <String>]
[-CertificateFile <String>]
[-SshArgument <String[]>]
[-Rdp]
[-PassThru]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
Start interactive SSH session to an Azure Resource (currently supports Azure VMs and Arc Servers).
Users can login using Microsoft Entra issued certificates or using local user credentials. We recommend login using Microsoft Entra issued certificates when possible.
Important note: When connecting to Azure Arc resources, this cmdlet requires the Az.Ssh.ArcProxy module to also be installed in the client machine. The cmdlet will attempt to install the module from the PowerShell Gallery, but the user also has the option to install it themselves. It is important that the user also has permission to execute the Proxy files in the Az.Ssh.ArcProxy module, or the connection will fail. You can find the Az.Ssh.ArcServer module in the PowerShell Gallery: https://aka.ms/PowerShellGallery-Az.Ssh.ArcProxy .
Examples
Example 1: Connect to Azure Resource using Microsoft Entra issued certificates
Enter-AzVM -ResourceGroupName myRg -Name myMachine
When a -LocalUser is not supplied, the cmdlet will attempt to login using Microsoft Entra ID. This is currently only supported for resources running Linux OS.
Example 2: Connect to Local User on Azure Resource using SSH certificates for authentication
Enter-AzVM -ResourceGroupName myRg -Name myMachine -LocalUser azureuser -PrivateKeyFile ./id_rsa -CertificateFile ./cert
Example 3: Connect to Local User on Azure Resource using SSH private key for authentication
Enter-AzVM -ResourceGroupName myRg -Name myMachine -LocalUser azureuser -PrivateKeyFile ./id_rsa
Example 4: Connect to Local User on Azure Resource using interactive username and password authentication
Enter-AzVM -ResourceGroupName myRg -Name myMachine -LocalUser azureuser
Example 5: Connect to the Public Ip of an Azure Virtual Machine using Microsoft Entra issued certificates
Example 6: Provide the Resource Type of the target.
Enter-AzVM -ResourceGroupName myRg -Name myMachine -ResourceType Microsoft.HybridCompute/machines
This parameter is useful when there is more than one supported resource with the same name in the Resource Group.
Example 7: Connect to Azure Resource using Microsoft Entra certificate issued certificates and custom key files
Enter-AzVM -ResourceGroupName myRg -Name myMachine -PrivateKeyFile ./id_rsa -PublicKeyFile ./id_rsa.pub
If custom key files are not provided, the cmdlet will generate the key pair.
Example 8: Start RDP connection over SSH connection.
Enter-AzVM -ResourceGroupName myRg -Name myMachine -LocalUser username -Rdp
This parameter is useful for creating RDP session to an Arc resource via Arc Connectivity Platform.
Parameters
-CertificateFile
SSH Certificate to be used to authenticate to local user account.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Force
When connecting to Arc resources, do not prompt for confirmation before updating the allowed port for SSH connection in the Connection Endpoint to match the target port or to install Az.Ssh.ArcProxy module from the PowerShell Gallery, if needed.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Ip
IP Address of target Azure VM.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
IpAddress
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-LocalUser
Username for a local user in the target resource.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Name
Name of the target Azure Resource.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
Interactive
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-PassThru
Returns true if connection is successful.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Port
Port to connect to on the remote host.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-PrivateKeyFile
Path to private key file.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-PublicKeyFile
Path to public key file.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Rdp
Start a RDP connection over SSH connection. Only supported on Windows OS.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceGroupName
Resource group name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
Interactive
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ResourceId
Resource ID of the target resource.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ResourceId
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ResourceType
Resource type of the target resource.
Parameter properties
Type: String
Default value: None Accepted values: Microsoft.HybridCompute/machines, Microsoft.Compute/virtualMachines, Microsoft.ConnectedVMwarevSphere/virtualMachines, Microsoft.ScVmm/virtualMachines, Microsoft.AzureStackHCI/virtualMachines Supports wildcards: False DontShow: False
Parameter sets
Interactive
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SshArgument
Additional SSH arguments passed to OpenSSH.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-UsePrivateIp
When connecting to an Azure VM, this flag specifies that it should connect to one of the private IPs of the VM. It requires connectivity to the private IP.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
Interactive
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ResourceId
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
