CloudShell is a great tool for performing command line work against resources in Azure. One of the challenges around using CloudShell to remotely SSH or use PowerShell Remoting into IaaS VM resources, especially when you have a locked down configuration. This is because each time you start a new CloudShell session, a container is spun up to host that session. This container is assigned a new private and public IP address.

If you are requesting a Just in Time session to a VM, you need to know the IP address that you are going to grant access to. The connection will use the CloudShell session’s public IP address, which means you need to know that.

If you’ve played around with CloudShell, you know that you can determine the local IP address of the container that hosts your cloudshell session using ifconfig -a as shown in the exhibit.

Unfortunately this doesn’t help when it comes to determining the remote IP address. Luckily you can determine the public IP address assigned to the CloudShell session using the following command as shown in the exhibit:

curl -s checkip.dyndns.org | sed -e 's/.*Current IP Address: //' -e 's/<.*$//'

Once you have this public IP address, you can use it when configuring your JiT session, or when creating a temporary NSG rule. This allows you to have remote access to your IaaS VM from CloudShell without creating a rule that allows remote access to every public IP address that is available to Azure hosts.