search

Azure / azure-cli-extensions

Public Repository for Extensions of Azure CLI.
https://docs.microsoft.com/en-us/cli/azure
MIT License
373 stars 1.16k forks source link

Support netcat like behaviour for az network bastion tunnel #5807

Open kirat-singh opened 1 year ago

kirat-singh commented 1 year ago

Related command

az network bastion tunnel

Extension name (the extension in question)

ssh-extension

Description of issue (in as much detail as possible)

It would be great if the CLI would have an option to behave like netcat, read from stdin and forward to the tunnel, and read from the tunnel and write to stdout.

This would avoid hardcoding a local port which prevents any useful scripting.

It would also allow it to be used as ProxyCommand within ssh to seamlessly ssh into an azure virtual machine.

As it stands, this requires running a persistent tunnel in one window, and then ssh in another window. And it's impossible to script it in a unix environment.

And thank you for looking into this.

yonzhan commented 1 year ago

route to CXP team

ghost commented 1 year ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.

Issue Details
### Related command az network bastion tunnel ### Extension name (the extension in question) ssh-extension ### Description of issue (in as much detail as possible) It would be great if the CLI would have an option to behave like netcat, read from stdin and forward to the tunnel, and read from the tunnel and write to stdout. This would avoid hardcoding a local port which prevents any useful scripting. It would also allow it to be used as ProxyCommand within ssh to seamlessly ssh into an azure virtual machine. As it stands, this requires running a persistent tunnel in one window, and then ssh in another window. And it's impossible to script it in a unix environment. And thank you for looking into this. -----
Author: kirat-singh
Assignees: -
Labels: `customer-reported`, `Network`, `Service Attention`, `feature-request`, `Network - Bastion`, `Auto-Assign`
Milestone: Backlog
kurarrr commented 10 months ago

+1

msapitree commented 7 months ago

I am pretty surprised so few voted/asked for this. Anyway, any feedback on the topic, please? @aznetsuppgithub

0x416e746f6e commented 1 month ago

whoa, more than a year. sad, so very sad

mpcusack-sequelae commented 1 month ago

@0x416e746f6e you can wrap it with something like:

#!/usr/bin/env bash

SUBSCRIPTION="$1"
BASTION="$2"
RESOURCE_GROUP="$3"
VM_ID="$4"
TUNNEL_PORT="${5:-50022}"

echo "Opening a proxy tunnel to $VM_ID on port $TUNNEL_PORT and exposing it to stdin/stdout for ssh." > /dev/stderr

az network bastion tunnel \
    --subscription "$SUBSCRIPTION" \
    --name "$BASTION" \
    --resource-group "$RESOURCE_GROUP" \
    --target-resource-id "$VM_ID" \
    --resource-port 22 \
    --port "$TUNNEL_PORT" &
tunnel_pid="$!"

function kill_tunnel() {
    kill $tunnel_pid
    echo "Tunnel Killed $?" > /dev/stderr
}
trap kill_tunnel INT

echo "Tunnel pid: $tunnel_pid" > /dev/stderr
sleep 4
socat "TCP:localhost:$TUNNEL_PORT" -
echo "END" > /dev/stderr
0x416e746f6e commented 3 weeks ago

t.w.i.m.c. I ended up with this atrocity in my ssh_config:

Host name-of-the-instance-in-azure
    HostName      name-of-the-instance-in-azure
    ProxyCommand  bash -c "port=$(( 4096 + $RANDOM %% 1024 )) ; pgid=$( ps -o pgid= -p $$ ) ; az network bastion tunnel --resource-group REDACTED --name REDACTED --resource-port %p --port \$port --target-resource-id /subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Compute/virtualMachines/%h & trap \"kill -- -\$pgid\" INT QUIT TERM EXIT ; sleep 2 ; nc 127.0.0.1 \$port"
    User          azureuser