Enabled UFW, now can't connect to my ubuntu azure vm

Question

I turned on UFW on my ubuntu linux vm in azure, and now I can't connect to it over ssh (or anything). On both the private and public IP.

Is there any way for me to connect to my vm now? e.g. the equivalent of like an iLo interface for physical machines?

Given that you locked yourself out due to firewall, you might need to delete the vm (keeping the vhd), create a new linux vm, and attach your old vm's os disk vhd as a data disk. At least then, you can either recover content or modify the firewall setting config files as needed. — David Makogon, Aug 08 '16 at 02:55

score 15 · Accepted Answer · answered Feb 15 '18 at 15:44

15

Here is an msdn blog describing exactly this situation.

In a nutshell:

Logon to the Azure portal
VM Name > Extensions > Add > Select “Custom Script for Linux” > Create
Upload the bash script I've appended below. Call it ufw_disable.sh
Set the command as sh ufw_disable.sh
Click OK, and wait for the script to deploy and execute.

The script will be run as root, so there is no need to do sudo inside the script (in fact this will cause things to fail).

ufw_disable.sh:

ufw disable
ufw status

answered Feb 15 '18 at 15:44

Vince

955
1
10
22

Fantastic! This is exactly what I was looking for, but somehow couldn't find it on my own. FWIW, i'm now using aws in favor of azure, and I believe they have a similar capability there :) – danielpops Feb 16 '18 at 19:57

score 5 · Answer 2 · answered Mar 19 '22 at 19:17

5

Even simpler with the latest Azure...what a lifesaver:

Azure Portal > Your VM > Run command > RunShellScript

In the textbox for Linux Shell Script, type:

ufw disable

ufw status

Click Run button. Done.

answered Mar 19 '22 at 19:17

Rey Parma

51
1
1

This is definitely the easiest way. – CSquared Aug 03 '23 at 13:57

score 3 · Answer 3 · answered Aug 23 '18 at 18:57

3

You can add your new IP from the cloud shell.

az vm run-command invoke -g VMResourceGroup -n VM --command-id RunShellScript --scripts "ufw allow from 74.125.90.78 to anyport 22"

Change the ip address and the port to your own values.

answered Aug 23 '18 at 18:57

ra213

61
4

This should be the preferred option over creating a custom extension, as it is both the easier and faster method, and you're not left with a custom extension on your VM you'll need to cleanup. But I'll note for clarity, that you must replace `VMResourceGroup` and `VM` with your resource specific names. – Crayons Mar 15 '19 at 02:07

score 3 · Answer 4 · answered Jan 18 '19 at 10:07

Azure portal provides the easiest way to get into the serial console through its portal. Follow these steps

Azure Portal > Your VM > Support + Troubleshooting > Serial Console.

Now even if you firewall is blocking ssh, you can access this serial console and simply disable it using sudo ufw disable or add the 22 ssh port to the firewall

score 0 · Answer 5 · answered Oct 21 '20 at 08:19

Method Provided by @Vince somehow did not work for me

even further simple solution

Setup your serial console Pic for serial console path

first setup Username and password by going to support& trobleshott -> reset password
open serial console -> log in
sudo ufw disable [bamm...]

score -3 · Answer 6 · answered Aug 07 '16 at 22:01

-3

Run this on the machine as root:

ufw allow ssh

A more strict approach would be:

ufw limit ssh

answered Aug 07 '16 at 22:01

Awn

817
1
16
33

But how can I run this on the machine? Chicken egg situation. – danielpops Aug 07 '16 at 22:05
Some hosts provide a console on the web interface. If not, you can contact them and explan the situation. – Awn Aug 08 '16 at 03:10

Enabled UFW, now can't connect to my ubuntu azure vm

6 Answers6