Opening an SSH session to a Linux container Azure App Service is an easy task (there's even a Docs article with this exact name). What isn't so straightforward is a scale out scenario where you want to connect to a specific instance out of many - for example to debug or collect dumps.

One method would be scaling down to 1 instance and just using standard ways of connecting to it. But there's also a way to select the instance out of many, if needed.

tl;dr

To SSH into a specific containerised Web App's instance, use:

$ az webapp list-instances --name <app-name> --resource-group <rg-name> -o table
$ az webapp ssh -n <app-name> -g <rg-name> -i <instance-name>

Or set the ARRAffinity cookie in the browser-based SSH.

To test this, you can use one of the official AppSvc images - they are SSH enabled. For this article, I used appsvc/node.

Method 1: Azure CLI

A fast and easy way is to use Azure CLI and let it figure out all tunelling and authentication.

You can start by getting a list of existing instances of particular Web App:

$ az webapp list-instances --name <app-name> --resource-group <rg-name> -o table

Location      Name                                                              ResourceGroup    SiteInstanceName
------------  ----------------------------------------------------------------  ---------------  ----------------------------------------------------------------
North Europe  b2a08e69fc36a7cb14d6ece68dc936341e3c3e45cd3396ab8a282617fadf137a  <rg-name>         b2a08e69fc36a7cb24d6ece68dc936341e3c3e45cd3396ab8a282617fadf137a
North Europe  3161b1ae9ca0a5f9e11e0146671e855c259b1ac7397ab581598a95aa31f15f3f  <rg-name>         3161b1ae9ca0a5f9e11e0147671e855c259b1ac7397ab581598a95aa31f15f3f

Then pick one and connect to it using the -i parameter with the value of instance name:

$ az webapp ssh -n <app-name> -g <rg-name> -i <instance-name>

This command will work only on Linux (including WSL on Windows) or Mac. See Docs for official info.

Method 2: Azure Portal

Before the Azure CLI command was introduced, there was a workaround using the Azure Portal and SSH functionality provided for containerised Web Apps. It still works.

To list all instances without Azure CLI, you can use Azure Resource Manager (ARM). Specifically this resource:

[...]/providers/Microsoft.Web/sites/<app-name>/instances?api-version=2018-02-01

Azure Resource Explorer is quite helpful when navigating ARM:

Find SSH in your web app's settings:

Or go to https://<app-name>.scm.azurewebsites.net/webssh/host directly.

Log in, wait for the terminal to load and then open browser developer tools and change the ARRAffinity cookie to reflect the right instance name:

Reload and you should get connected to the right instance.