Create a Virtual Machine with Private IP from a Virtual Network that’s in a Different Subscription in Azure

Create SSH Key Pairs

SSH keys are going to be used for security connection to the Azure VM. You can run the following command in PowerShell or the Cloud Shell to generate the SSH Key Pairs. Feel free to change the capitalized USERANME in the command, I always keep it the same to the username I will use in the VM that is going to be created next.

ssh-keygen -t rsa -b 4096 -C "USERNAME" -f $HOME/.ssh/azure_vm

What is a Virtual Network(VNet)

VNet is a logically isolated network from each other in Azure. You can configure its IP address ranges, subnets, route tables, gateways, and security settings, much like a traditional network in a data center. Virtual Machines in the same VNet can access each other by default. VNet enables Azure resources, such as VMs, to securely communicate with each other, to the internet, and to on-premises networks.

Settings in Azure Portal

If you prefer to use the Portal to create a VM, the following picture shows how to configure the Networking settings for the VM.

  • Virtual network: select an existing virutal network or create a new one.
  • Subnet: select a subnet associated with the selected virtual network.
  • Public IP: use a public IP address if you want to connect to the VM from outside internet. Choose None if you only need to communicate with the VM within the virtual network or your company networks.

Create from Azure CLI

You can run the following commands to create a Linux VM with a private IP address assigned automatically from the SUBNETID. The SUBNETID is obtained through running the command of az network vnet subnet show and passing the names of VNet Resource Group, VNet, and Subnet.

export SUBNETID=$(az network vnet subnet show -g VNET-RESOURCE-GROUP-NAME --vnet-name VNET-NAME -n SUBNET-NAME -o tsv --query id)

az vm create \
--resource-group RESOURCE-GROUP-NAME \
--name VM-NAME \
--image UbuntuLTS \
--subnet "$SUBNETID" \
--admin-username USERNAME \
--public-ip-address "" \
--location eastus2 \
--ssh-key-values ~/.ssh/

Connect to VM throguh WinSCP

Once you created the VM either through portal or Cli, you use WinSCP/PuTTY to connect to the VM using the private ip within your privated network. You can download and install both WinSCP and PuTTY through this link.

  • Make sure New site node is selected.
  • On the New site node, make sure SFTP protocol is selected.
  • Enter Host name with the public IP address of the created VM.
  • Enter User name with the admin username when you create the VM.
  • Click the Advanced… button to set up a public key authentication.
  • Select Authentication under SSH, click the to browse the private file path.
  • Select the azure_vm file created from the command of ssh-keygen
  • Select OK when it prompts to change OpenSSH private key format to PuTTY private key format.
  • Save the transfered .ppk file to the .ssh folder.
  • Save your site settings using the Save button.
  • Login using the Login button.




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Lei Feng

Lei Feng

Big Data, Google Cloud Platform, Machine Learning, Operations Research