Connect to Windows or Linux worker nodes with SSH
Applies to: AKS on Azure Local, version 23H2
During your AKS Arc cluster's lifecycle, you might need to directly access cluster nodes for maintenance, log collection, or troubleshooting operations. For security purposes, you must use a Secure Shell Protocol (SSH) connection to access Windows or Linux worker nodes. You sign in using the node's IP address.
This article explains how to use SSH to connect to both Windows and Linux nodes.
Use SSH to connect to worker nodes
To access the Kubernetes cluster with the specified permissions, you must retrieve the certificate-based admin kubeconfig file using the az aksarc get-credentials command. For more information, see Retrieve certificate-based admin kubeconfig:
az aksarc get-credentials --resource-group $<resource_group_name> --name $<aks_cluster_name> --adminRun kubectl get to obtain the node's IP address and capture its IP value in order to sign in to a Windows or Linux worker node using SSH:
kubectl --kubeconfig /path/to/aks-cluster-kubeconfig get nodes -o wide |Run
sshto connect to a worker node:Note
You must pass the correct location to your SSH private key. The following example uses the default location of ~/.ssh/id_rsa, but you might need to change this location if you requested a different path. To change the location, see Configure SSH keys to specify the
--ssh-key-valueparameter when you create an AKS Arc cluster.For a Linux worker node, run the following command:
ssh -i $env:USERPROFILE\.ssh\id_rsa clouduser@<IP address of the node>For a Windows worker node, run the following command:
ssh -i $env:USERPROFILE\.ssh\id_rsa Administrator@<IP address of the node>
If you encounter SSH login issues, verify that your IP address is included in the --ssh-auth-ip list. To check this list, run az aksarc show --name "$<aks_cluster_name>" --resource-group "$<resource_group_name>" and look for authorizedIpRanges under clusterVmAccessProfile.