Azure — SSH into AKS Nodes

The K8S service provided by Azure is called AKS. There are times where you need to ssh into the nodes for debugging. In this post, I will go through the step of how to do it, base from this post.

Due to the reason that AKS nodes are created under VMSS, therefore we need to do some configuration to VMSS.


  1. Have your RSA key ready
  2. Gather information for VMSS configuration
  3. Configuring VMSS and update VMs under it
  4. Have a instance(VM/container/etc) that can connect to node
  5. Copy RSA key to the above instance using kubectl command
  6. Now, your instance is ready to SSH into node!


For RSA key, you use command below to generate one if you don’t have it yet.


We need two information here

  1. AKS cluster resource group name
  2. AKS node VMSS name

For NO. 1, you can get it from portal or us command line.

Replace the “YOUR_XXX” part with corresponding information

For NO.2, you can get it from portal or us command line. If using command line, you must run NO.1 command line to get the value for $CLUSTER_RESOURCE_GROUP variable.


To add your RSA key to nodes in VMSS, we need to use az vmss extension set and az vmss update-instances command. Pay attention to setup your SSH login name and location of your RSA key.

Next, update your VMSS instances.


I am going to create a pod called aks-ssh using image alpine, which will be in the same network segment as nodes. By default apline doesn’t have ssh client so I will install it. From there, I will SSH into node.


Now I am going to copy the RSA key from my kubectl client using kubectl command to pod created in Step4. Login into pod and verify RSA key is copied.


Get the node IP.

From pod, SSH into node, use the username specific in Step3.

Switch to root using command sudo su - and you can start doing whatever you wanted/supposed to do : )



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


AWS Certified SA, SysOps & Developer Associate, Alibaba Cloud certified SA. Focusing on Azure, Prometheus w/ Grafana, ELK and K8S now.