0
0
Azurecloud~15 mins

SSH and RDP access in Azure - Deep Dive

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Overview - SSH and RDP access
What is it?
SSH (Secure Shell) and RDP (Remote Desktop Protocol) are ways to connect to and control computers or servers from far away. SSH is mainly used for Linux or Unix systems and lets you type commands securely. RDP is mostly for Windows systems and shows you the computer screen so you can click and type as if you were there. Both help manage cloud servers without being physically present.
Why it matters
Without SSH and RDP, managing servers would mean being physically near them, which is slow and costly. These tools let people fix problems, install software, and check settings instantly from anywhere. This speeds up work, saves money, and helps keep systems safe by controlling who can connect.
Where it fits
Before learning SSH and RDP, you should understand basic networking and what servers are. After this, you can learn about securing connections, managing keys and passwords, and automating remote tasks in cloud environments.
Mental Model
Core Idea
SSH and RDP are secure remote control tools that let you safely access and manage computers from anywhere.
Think of it like...
Imagine SSH as a secret tunnel where you send typed instructions to a friend’s computer, and RDP as a video call where you see and control their desktop screen directly.
┌─────────────┐          ┌─────────────┐
│ Your Device │─────────▶│ Remote Host │
│ (Client)    │          │ (Server)    │
└─────────────┘          └─────────────┘
       │                        │
       │ SSH: command line      │ RDP: graphical desktop
       │ encrypted text         │ encrypted screen and input
       ▼                        ▼
Build-Up - 7 Steps
1
FoundationWhat is SSH and How It Works
🤔
Concept: SSH is a secure way to connect to a remote computer using text commands.
SSH stands for Secure Shell. It creates a safe, encrypted connection between your computer and a remote server. You open a terminal, type ssh followed by the server address, and then you can run commands on that server as if you were sitting in front of it.
Result
You can control the remote server securely by typing commands.
Understanding SSH as a secure command line connection is the base for managing Linux servers remotely.
2
FoundationWhat is RDP and How It Works
🤔
Concept: RDP lets you see and control a remote Windows computer’s screen over the network.
RDP stands for Remote Desktop Protocol. It sends the remote computer’s screen to your device and sends your mouse and keyboard actions back. This way, you interact with the remote computer’s desktop as if you were physically there.
Result
You get a graphical interface to control the remote Windows machine.
Knowing RDP as a remote screen sharing and control tool helps manage Windows servers visually.
3
IntermediateAuthentication Methods for SSH and RDP
🤔Before reading on: Do you think SSH and RDP use the same way to prove who you are? Commit to your answer.
Concept: SSH and RDP use different ways to check your identity before allowing access.
SSH commonly uses keys (like digital ID cards) or passwords to verify you. RDP usually uses usernames and passwords. SSH keys are more secure because they are harder to guess or steal. Both methods prevent unauthorized people from connecting.
Result
You learn how to safely prove your identity to remote servers.
Knowing the difference in authentication helps choose safer methods and avoid common security mistakes.
4
IntermediateNetwork Ports and Firewalls for Access
🤔Before reading on: Do you think SSH and RDP use the same network port number? Commit to your answer.
Concept: SSH and RDP use specific network ports that must be open to connect through firewalls.
SSH usually uses port 22, and RDP uses port 3389. Firewalls block unwanted traffic, so these ports must be allowed for your device to reach the server. Opening only necessary ports reduces security risks.
Result
You can configure network settings to enable remote access safely.
Understanding ports and firewalls is key to controlling who can connect and protecting servers.
5
IntermediateUsing SSH Keys for Passwordless Login
🤔Before reading on: Do you think SSH keys make logging in faster or slower? Commit to your answer.
Concept: SSH keys let you log in without typing a password every time, improving security and convenience.
You create a pair of keys: a private key you keep safe and a public key you put on the server. When you connect, the server checks your private key without needing a password. This avoids password theft and speeds up access.
Result
You can connect securely and quickly without typing passwords.
Knowing how SSH keys work helps prevent common password-related security problems.
6
AdvancedSecuring RDP with Network Level Authentication
🤔Before reading on: Do you think RDP connections are secure by default? Commit to your answer.
Concept: Network Level Authentication (NLA) adds a security step before the full RDP connection starts.
NLA requires you to prove your identity before the remote desktop screen appears. This reduces the chance of attacks that try to guess passwords or overload the server. It is recommended to enable NLA on all Windows servers.
Result
RDP connections become safer against unauthorized access and attacks.
Understanding NLA helps protect servers from common RDP security threats.
7
ExpertAzure-Specific Access Controls and Best Practices
🤔Before reading on: Do you think Azure allows direct SSH/RDP access without extra security layers? Commit to your answer.
Concept: Azure provides tools like Network Security Groups and Just-In-Time access to control SSH and RDP connections tightly.
In Azure, you can restrict SSH and RDP access to specific IP addresses using Network Security Groups (firewall rules). Just-In-Time (JIT) access lets you open ports only when needed and closes them automatically. This reduces exposure to attacks and follows best security practices.
Result
You manage remote access in Azure securely and efficiently.
Knowing Azure’s access controls prevents common cloud security mistakes and protects your servers.
Under the Hood
SSH works by creating an encrypted tunnel between client and server using cryptographic keys. It authenticates the user and encrypts all data sent, preventing eavesdropping. RDP transmits graphical screen updates and user input over a secure channel, often using TLS encryption. Both rely on network ports and protocols to establish and maintain connections.
Why designed this way?
SSH was designed to replace insecure remote login methods like Telnet by adding encryption and strong authentication. RDP was created to provide a full graphical remote desktop experience for Windows users. Both balance usability and security, evolving with new encryption standards and network practices.
┌─────────────┐       ┌───────────────┐       ┌─────────────┐
│ Client App  │──────▶│ Encrypted     │──────▶│ Server App  │
│ (SSH/RDP)   │       │ Network Tunnel│       │ (SSH/RDP)   │
└─────────────┘       └───────────────┘       └─────────────┘
       ▲                     ▲                      ▲
       │                     │                      │
   User Input           Encryption             Server Response
   (commands or          & Decryption          (command output
    mouse/keyboard)                             or screen updates)
Myth Busters - 4 Common Misconceptions
Quick: Do you think SSH is only for Linux and RDP only for Windows? Commit to yes or no.
Common Belief:SSH is only useful for Linux servers, and RDP only works with Windows machines.
Tap to reveal reality
Reality:SSH can be used on Windows too, especially with modern Windows versions supporting OpenSSH. RDP clients exist for Linux and macOS to connect to Windows servers.
Why it matters:Believing this limits your options and can cause you to miss simpler or more secure ways to connect across different systems.
Quick: Do you think using passwords for SSH is as secure as using SSH keys? Commit to yes or no.
Common Belief:Using a strong password for SSH is just as secure as using SSH keys.
Tap to reveal reality
Reality:SSH keys are more secure because they are much harder to guess or steal than passwords, which can be cracked or phished.
Why it matters:Relying on passwords increases risk of unauthorized access and breaches.
Quick: Do you think opening RDP port 3389 to the internet is safe if you have a strong password? Commit to yes or no.
Common Belief:If I have a strong password, it’s safe to open RDP port 3389 to the internet.
Tap to reveal reality
Reality:Exposing RDP port publicly invites automated attacks and exploits, even with strong passwords. Additional protections like VPNs or JIT access are needed.
Why it matters:Ignoring this leads to frequent hacking attempts and potential server compromise.
Quick: Do you think SSH encrypts only the password or the entire session? Commit to your answer.
Common Belief:SSH only encrypts the password during login, but the rest of the session is unencrypted.
Tap to reveal reality
Reality:SSH encrypts the entire session, including all commands and data sent between client and server.
Why it matters:Misunderstanding this can cause users to send sensitive data insecurely, risking interception.
Expert Zone
1
Azure’s Just-In-Time access reduces attack surface by opening SSH/RDP ports only when needed and automatically closing them.
2
SSH agent forwarding allows you to use your local SSH keys on multiple remote servers without copying private keys around.
3
RDP supports multiple security layers like Network Level Authentication and TLS encryption, but misconfiguration can still expose vulnerabilities.
When NOT to use
Avoid direct SSH or RDP access over the public internet without additional security layers like VPNs or Azure Bastion. For automated tasks, use APIs or configuration management tools instead of manual remote sessions.
Production Patterns
In production, teams use SSH keys with passphrases, restrict access via Network Security Groups, and enable Just-In-Time access in Azure. RDP is often accessed through Azure Bastion or VPNs to avoid exposing port 3389. Monitoring and logging remote access is standard practice.
Connections
Virtual Private Network (VPN)
VPNs provide a secure network tunnel that can protect SSH and RDP traffic by hiding it inside a private network.
Understanding VPNs helps grasp how to add extra security layers around remote access tools.
Public Key Cryptography
SSH keys rely on public key cryptography to authenticate users without sharing private secrets.
Knowing public key cryptography clarifies why SSH keys are more secure than passwords.
Remote Collaboration Tools
RDP shares the remote desktop like video conferencing shares screens, enabling remote teamwork.
Seeing RDP as a remote collaboration tool highlights its role beyond just server management.
Common Pitfalls
#1Leaving SSH port 22 open to all IP addresses without restrictions.
Wrong approach:Allow inbound SSH traffic from 0.0.0.0/0 in Azure Network Security Group.
Correct approach:Restrict inbound SSH traffic to specific trusted IP addresses only.
Root cause:Not understanding the risk of exposing SSH to the entire internet invites brute force attacks.
#2Using weak or default passwords for RDP access.
Wrong approach:Setting RDP user password as 'password123' or leaving it blank.
Correct approach:Use strong, unique passwords and enable Network Level Authentication for RDP.
Root cause:Underestimating how easily attackers can guess or crack weak passwords.
#3Copying private SSH keys to multiple servers instead of using agent forwarding.
Wrong approach:Manually copying ~/.ssh/id_rsa private key file to every server.
Correct approach:Use SSH agent forwarding to securely use your local keys without copying them.
Root cause:Lack of knowledge about SSH agent forwarding leads to insecure key distribution.
Key Takeaways
SSH and RDP are essential tools for securely accessing and managing remote servers from anywhere.
SSH uses encrypted command-line connections, while RDP provides a graphical desktop experience.
Using SSH keys and Network Level Authentication greatly improves security over passwords alone.
Azure offers advanced controls like Network Security Groups and Just-In-Time access to protect remote connections.
Proper configuration and understanding of ports, authentication, and network rules prevent common security risks.