Changing SSH and XRDP ports in a Azure Linux virtual machine

 

A basic safety recommendation is to change the default connection ports of a system for the various available communications services. Let’s see how to change the ssh and xrdp ports on a Azure Linux virtual machine.

Change ssh port

Immediately after creating the virtual machine, the default port is 22. You can connect to the machine through its public IP or DNS with a client like Putty through that port. Edit the configuration file with nano for example:

sudo nano /etc/ssh/sshd_config

And we change where it says port 22 by the value we want (eg I put 40167):

20160401_CambioSSH_Paso02

Now to restart the ssh service, run:

sudo service ssh restart

We close the remote session that we are running, that still go through the port 22. Now we need to edit the security rule in the control panel of the virtual machine to reflect the change in port. To do this, we look for the machine in our Azure subscription, for example, in my case it is called f23uh4733:

20160401_CambioSSH_Paso04

Click on the entry safety rules option:

20160401_CambioSSH_Paso05

And we double click on the current rule for port 22:

20160401_CambioSSH_Paso06

And you must modify the value of the port 22 to port defined in the configuration file:

20160401_CambioSSH_Paso07

Pressing save after modification. The rule will take a few seconds to be applied.

Installing a remote desktop and xrdp port change

Now we will install a remote desktop. This will be necessary if Linux is a server image for example. Keep in mind that xrdp since Ubuntu 12.04LTS does not support Gnome Desktop, so we’ll use xfce.

First we install xrdp, executing the following command at the terminal:

sudo apt-get install xrdp

20160401_CambioSSH_Paso08

After the installation of xrdp, we must install xfce, running the command:

sudo apt-get install xfce4

20160401_CambioSSH_Paso09

The next step is to configure xrdp to use xfce. Run the following command:

echo xfce4-session >~/.xsession

20160401_CambioSSH_Paso10

Once installed the desktop, we will change the default port for remote connection. We use an editor, for example nano, to modify the xrdp configuration file. Run the command:

sudo nano /etc/xrdp/xrdp.ini

And modify the port with the desired value, in this case for example the port 40168:

20160401_CambioSSH_Paso12

We record the changes and restart the xrdp service to take effect, using the following command:

sudo service xrdp restart

20160401_CambioSSH_Paso13

Once you have configured the port, as before, we need to create the security rule that allows us to access. To do this we return to the list of rules of entry, and click the add button:

20160401_CambioSSH_Paso14

And we add a rule indicating the destination port that we have set in the previous step:

20160401_CambioSSH_Paso15

Press save button and wait for the rule to apply. After, we can open a remote desktop connection to the machine by the port:

20160401_CambioSSH_Paso16

We have to identify us with a UNIX user. If you have not created any, the administrator user serve us:

20160401_CambioSSH_Paso17

And we access the Linux desktop machine:

20160401_CambioSSH_Paso18

Linux_Azure_Creation

Creating a Linux VM in Azure

Within the Azure marketplace we have multiple images ready to deploy. Among them are several distributions of Linux created by several companies, with several preinstalled packages if necessary.

Creating a Linux virtual machine

Let’s see the entire process of provisioning a virtual machine (IaaS) with an image of Canonical Ubuntu Server 15.10.

Step 1

We entered our Azure subscription and click on virtual machines:

20160311_CreaciónVM_Paso01

Step 2

Click on add new virtual machine:

20160311_CreaciónVM_Paso02

Step 3

We search and select the image Ubuntu Ubuntu Server 15.10 Canonical:

20160311_CreaciónVM_Paso03

Step 4

The description of the VM image is showed, and we can choose whether we want in classic mode or resource manager. We will choose resource manager. You can see the differences on this link. Press create to start the process of provision:

20160311_CreaciónVM_Paso04

Step 5

Now, you can fill the basic data of the virtual machine, with special attention to the geographical area of deployment and the resource group to which to assign. Select the location closest to where you want to give the service or one where you have all your virtual data center.

With regard to the resource group, remember that everything you bring inside will not restart simultaneously in the mantenimience operations, so its use is for high availability situations.

In this step you will define the root user and password, so please assure that the data is correct.

After filling all press accept.

20160311_CreaciónVM_Paso05

Step 6

You must now select the size, which defines the cost of the machine. Choose the one you needed depending on the estimated use. The DS series, with SSDs are suitable for LAMP services for example.

20160311_CreaciónVM_Paso06

Step 7

In this step you will configure additional options, such as network, storage type and others. When you finish, please press accept. If you do not yet know these concepts in Azure, the default options will be fine to start.

20160311_CreaciónVM_Paso07

Step 8

A summary of the process is presented and a final confirmation is requested. If all is well, press accept and begin to supply the machine. If not, you can go back to correct it.

Creación VM Ubuntu

In the notification area you will have a notice of the process progress, as well in the main panel.

Once the deployment is complete, which may take about 5 to 10 minutes, you can connect via SSH with a client like Putty, using the public IP of the machine and against port 22, with root user that was defined in the basic options in step 5.

However this default setting is not the safest. In a next post we will see how to change the default ports and install a desktop for remote access. Later we will see how to configure the server to make a LAMP stack.