@dcuenot Thanks for the feedback! In order to best address your question, could you provide us with the URL of the MS Doc that you were following, if any?

Sure, I'm using this documentation: https://docs.microsoft.com/en-us/azure/bastion/bastion-create-host-portal

@dcuenot Thank you for the response! I've routed this to the appropriate Team to investigate and update.

@ashjain - can you please help with this question?

Hi, any update on that?

Hi @dcuenot ,

You can only connect to bastion through the Azure portal. It was designed this way because exposing RDP and SSH ports to the internet is a HUGE security risk.
To execute local scripts, you will need to get them to the remote machines some how.
I would recommend git repositories or Azure DevOps. You can direct deploy to the machines.

Does this answer your question?

Thanks!

Hi @elliot-labs,

I would like to set up a socks tunnel to bastion host from my laptop so that I could view the UIs in the VMs. Any tips for this use case?

Thanks!

Hi Cegganesh84,

The bastion host resource only offers HTML to RDP/SSH.
It does not expose the RDP/SSH to you directly.
It runs only from the web browser.
Because of this a socks tunel (ssh tunnel) is not possible to a bastion host from an admin machine.

Thanks!

please-close

If it only uses the Azure infrastructure to connect why does in need to expose port 443 on a public Internet IP? What protocol does it expose on 443 and what makes this more secure than SSH on 22?

@samartzidis It doesnt, but there is this idea in infosec/devops circle that a 2048 bit TLS certificate is alot more safe than 4096 AES+DES certificate over SSH - The fact that it would take 15x more time to brute force the later one is not takein into consideration, that both protocols can be middle man attacked is not taken into consideration either. Its a good scare tactic to make people pay for extra services tho.