Open kirat-singh opened 1 year ago
route to CXP team
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.
Author: | kirat-singh |
---|---|
Assignees: | - |
Labels: | `customer-reported`, `Network`, `Service Attention`, `feature-request`, `Network - Bastion`, `Auto-Assign` |
Milestone: | Backlog |
+1
I am pretty surprised so few voted/asked for this. Anyway, any feedback on the topic, please? @aznetsuppgithub
whoa, more than a year. sad, so very sad
@0x416e746f6e you can wrap it with something like:
#!/usr/bin/env bash
SUBSCRIPTION="$1"
BASTION="$2"
RESOURCE_GROUP="$3"
VM_ID="$4"
TUNNEL_PORT="${5:-50022}"
echo "Opening a proxy tunnel to $VM_ID on port $TUNNEL_PORT and exposing it to stdin/stdout for ssh." > /dev/stderr
az network bastion tunnel \
--subscription "$SUBSCRIPTION" \
--name "$BASTION" \
--resource-group "$RESOURCE_GROUP" \
--target-resource-id "$VM_ID" \
--resource-port 22 \
--port "$TUNNEL_PORT" &
tunnel_pid="$!"
function kill_tunnel() {
kill $tunnel_pid
echo "Tunnel Killed $?" > /dev/stderr
}
trap kill_tunnel INT
echo "Tunnel pid: $tunnel_pid" > /dev/stderr
sleep 4
socat "TCP:localhost:$TUNNEL_PORT" -
echo "END" > /dev/stderr
t.w.i.m.c. I ended up with this atrocity in my ssh_config:
Host name-of-the-instance-in-azure
HostName name-of-the-instance-in-azure
ProxyCommand bash -c "port=$(( 4096 + $RANDOM %% 1024 )) ; pgid=$( ps -o pgid= -p $$ ) ; az network bastion tunnel --resource-group REDACTED --name REDACTED --resource-port %p --port \$port --target-resource-id /subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Compute/virtualMachines/%h & trap \"kill -- -\$pgid\" INT QUIT TERM EXIT ; sleep 2 ; nc 127.0.0.1 \$port"
User azureuser
Related command
az network bastion tunnel
Extension name (the extension in question)
ssh-extension
Description of issue (in as much detail as possible)
It would be great if the CLI would have an option to behave like netcat, read from stdin and forward to the tunnel, and read from the tunnel and write to stdout.
This would avoid hardcoding a local port which prevents any useful scripting.
It would also allow it to be used as ProxyCommand within ssh to seamlessly ssh into an azure virtual machine.
As it stands, this requires running a persistent tunnel in one window, and then ssh in another window. And it's impossible to script it in a unix environment.
And thank you for looking into this.