circle-info
See Stacksync in action with a solution architect.
Book a demoarrow-up-right
search
StacksyncCommunityBook a demoContact Support

Accessing Private Azure Resource via a Jumpbox

hashtag
Overview

This guide explains how to set up a secure Azure Jumpbox that allows Stacksync to connect to your private resources, such as your database.

hashtag
1. Create Static Public IP

  1. In the Azure Portal, search Public IP addresses.

  2. Click Create.

  3. Configure:

    • Name: stacksync-jumpbox-ip

    • SKU: Standard (the Basic SKU is deprecated and not recommended)

    • Assignment: Static

    • Tier: Regional

  4. Click Review + Create, then Create.

hashtag
2. Create a Network Security Group

Create a Network Security Group (NSG) to tightly control access to the jumpbox so that only Stacksync can connect to it, and the jumpbox can only reach the private resources you authorize.

  1. Search “Network security groups”.

  2. Click Create.

  3. Name it: stacksync-jumpbox-nsg.

  4. Create.

hashtag
Add SSH Allow Rule

  1. Open the NSG.

  2. Click Inbound security rulesAdd.

  3. Fill:

    • Source: IP Addresses

    • Source IPs: Stacksync’s IP (Stacksync IParrow-up-right)

    • Destination port: 22

    • Protocol: TCP

    • Action: Allow

    • Priority: 100

    • Name: Allow-SSH-From-Stacksync

  4. Click Add.

The default Azure rule already blocks everything else.

hashtag
3. Create the Jumpbox VM

  1. Search Virtual MachinesCreate.

  2. Under Basics:

    • Name: stacksync-jumpbox

    • Image: Ubuntu LTS

    • Size: B1ms (recommended)

    • Authentication: SSH key only

  3. Under Networking:

    • Virtual network: choose your Virtual Network

    • Subnet: choose the subnet where the jumpbox will be created

    • Public IP: select the static Public IP you created earlier

    • NIC network security group: Select the NSG you created earlier

  4. Create the VM.

This VM will serve as the outbound access point to your systems.

hashtag
4. Harden the Jumpbox

To harden the jumpbox, you must log in to the VM using SSH. This means you run the following SSH command in your terminal:

SSH into the VM using your allowed IP.

ssh stacksync@<PUBLIC_IP>

hashtag
1. Add the Stacksync Public SSH Key

This allows Stacksync to log in securely.

Find the SSH Public Key here: app.stacksync.com → Add Connection → SSH Tunnel → Public Key

hashtag
2. Enable auto‑security updates

hashtag
3. Disable root login

hashtag
5. Test SSH Connectivity

From a Stacksync-approved IP:

If the connection fails, verify:

  • The Public IP address you created is using the Standard SKU (not Basic)

  • The Network Security Group (NSG) is attached to the subnet, not the network interface

  • The network interface (NIC) for the virtual machine does not have its own NSG applied

  • Your company firewall or VPN is not blocking outbound SSH connections

Example: Tunnel to a private Azure PostgreSQL instance.

Then access locally at:

From the jumpbox, verify it can reach your private resources:

If nc (netcat) is not installed, install it first:

Then test connectivity:

PreviousAccessing a Private GCP Database via a JumpboxNextZero-Trust Network Access

Last updated