Skip to main content



SSH to Azure HDInsight Premium cluster nodes

With HDInsight Standard cluster any user can SSH to the cluster nodes. In comparison HDInsight Premium cluster nodes by default restricts SSH access to two groups sudo and root. My initial assumption was that Microsoft may have done this for security reasons but then why allow the root user to login over SSH - this is something that most sysadmins disable.

HDInsight Premium cluster nodes have the following line in the /etc/ssh/sshd_config:

AllowGroups  sudo root

This line states that members of the group sudo and root (e.g. in the later case that's the root user) are permitted to login via SSH. If you would like to allow any user to login via SSH simply remove this line.

A better approach is to create a group in AD (and ensure this group is synchronised to the HDInsight cluster - this is something that you must configure when you deploy the cluster) and use that instead.

There seems to be a limitation that AllowGroups does not work with AD groups other than those shown via id <…

Latest posts

How to enable LZO compression on HDInsight

Displaying HDInsight cluster information at login time

Azure HDInsight Premium

How to configure Apache Zeppelin to use LDAP Authentication on HDInsight

How to create user specific databases on HDInsight Standard

Modifying the PAM Configuration on HDInsight Standard

HDInsight Creating Local OS and Ambari users via the REST API

How to create an Azure AD Application and Service Principal that uses certificate authentication

Checkpoint firewalls vs. Azure Network Security Groups (NSGs)

How to make a user an admin in Hue