search

Azure / azure-cli-extensions

Public Repository for Extensions of Azure CLI.
https://docs.microsoft.com/en-us/cli/azure
MIT License
381 stars 1.21k forks source link

[Bug]: `az network bastion ssh` does not allow configuration of ssh-client-folder #7744

Open DanielWaite-glano opened 3 months ago

DanielWaite-glano commented 3 months ago

Describe the bug

If OpenSSH is not installed at the default location, then commands to create an ssh tunnel via az network bastion ssh do not work, since ssh commands are unvailable. The returned error states that one can specify the ssh-client-folder, but this is incorrect.

az ssh commands allows for the specification of the --ssh-client-folder, but this is not recognised as a vaild parameter to az network bastion ssh.

More specifically, the function _get_ssh_path could be modified (see this code snippet) to allow the specification of another folder for ssh.exe, instead of hardcoding the path to ssh as SYSTEMROOT/System32/OpenSSH/ssh.exe.

Linux and Darwin implementations use which in order to find the location of ssh using shutil, which could be extended to Windows if shutil.which(ssh_command) returns a valid path.

Related command

az ssh

Errors

Could not find ssh-keygen.exe on path C:\WINDOWS\System32\openSSH\ssh-keygen.exe. Make sure OpenSSH is installed correctly: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse . Or use --ssh-client-folder to provide folder path with ssh executables.

Issue script & Debug output

az network bastion ssh --name **** --resource-group **** --auth-type AAD --target-resource-id /subscriptions/****/resourceGroups/****/providers/Microsoft.Compute/virtualMachines/**vm_name** --debug

DEBUG: cli.knack.cli: Command arguments: ['network', 'bastion', 'ssh', '--name', '', '--resource-group', '', '--auth-type', 'AAD', '--target-resource-id', '/subscriptions//resourceGroups//providers/Microsoft.Compute/virtualMachines/vm_name', '--debug'] DEBUG: cli.knack.cli: init debug log: Cannot enable color. DEBUG: cli.knack.cli: Event: Cli.PreExecute [] DEBUG: cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x000001AB016BF880>, <function OutputProducer.on_global_arguments at 0x000001AB01846020>, <function CLIQuery.on_global_arguments at 0x000001AB01873BA0>] DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate [] DEBUG: cli.azure.cli.core: Modules found from index for 'network': ['azure.cli.command_modules.network', 'azure.cli.command_modules.privatedns', 'azext_bastion'] DEBUG: cli.azure.cli.core: Loading command modules: DEBUG: cli.azure.cli.core: Name Load Time Groups Commands DEBUG: cli.azure.cli.core: network 1.225 115 454 DEBUG: cli.azure.cli.core: privatedns 0.075 14 60 DEBUG: cli.azure.cli.core: Total (2) 1.300 129 514 DEBUG: cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next'] DEBUG: cli.azure.cli.core: Loading extensions: DEBUG: cli.azure.cli.core: Name Load Time Groups Commands Directory DEBUG: cli.azure.cli.core: bastion 0.040 2 9 C:\Users**USER.azure\cliextensions\bastion DEBUG: cli.azure.cli.core: Total (1) 0.040 2 9 DEBUG: cli.azure.cli.core: Loaded 129 groups, 523 commands. DEBUG: cli.azure.cli.core: Found a match in the command table. DEBUG: cli.azure.cli.core: Raw command : network bastion ssh DEBUG: cli.azure.cli.core: Command table: network bastion ssh DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [] DEBUG: cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\USER.azure\commands\2024-06-25.14-01-58.network_bastion_ssh.27492.log'. INFO: az_command_data_logger: command args: network bastion ssh --name {} --resource-group {} --auth-type {} --target-resource-id {} --debug REDACTED CLI AUTH INFO DEBUG: cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/SUBSCRIPTION/resourceGroups/**/providers/Microsoft.Network/bastionHosts/*?api-version=2022-01-01' DEBUG: cli.azure.cli.core.sdk.policies: Request method: 'GET' DEBUG: cli.azure.cli.core.sdk.policies: Request headers: REDACTED REQUEST HEADERS* DEBUG: cli.azure.cli.core.sdk.policies: Request body: DEBUG: cli.azure.cli.core.sdk.policies: This request has no body DEBUG: urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443 DEBUG: urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/SUBSCRIPTION/resourceGroups/**/providers/Microsoft.Network/bastionHosts/*?api-version=2022-01-01 HTTP/1.1" 200 2156 DEBUG: cli.azure.cli.core.sdk.policies: Response status: 200 REDACTED INFO ON RESPONSE HEADERS DEBUG: cli.azure.cli.core.sdk.policies: Response content: DEBUG: cli.azure.cli.core.sdk.policies: { REDACTED* } INFO: cli.azext_bastion.tunnel: Creating a socket on port: 0 INFO: cli.azext_bastion.tunnel: Setting socket options INFO: cli.azext_bastion.tunnel: Binding to socket on local address and port INFO: cli.azext_bastion.tunnel: Auto-selecting port: 49239 INFO: cli.azext_bastion.tunnel: Finished initialization DEBUG: cli.azext_ssh.ssh_utils: Platform architecture: 64bit DEBUG: cli.azext_ssh.ssh_utils: OS architecture: 64bit DEBUG: cli.azext_ssh.ssh_utils: System Root: C:\WINDOWS DEBUG: cli.azext_ssh.ssh_utils: Attempting to run ssh-keygen from path C:\WINDOWS\System32\openSSH\ssh-keygen.exe DEBUG: cli.azure.cli.core.azclierror: Traceback (most recent call last): File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 664, in execute File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 731, in _run_jobs_serially File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 701, in _run_job File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 334, in call File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler File "C:\Users\USER.azure\cliextensions\bastion\azext_bastion\custom.py", line 184, in ssh_bastion_host azssh.ssh_cert(cmd, cert_path=os.path.join(cert_folder, "REDACTED")) File "C:\Users\USER.azure\cliextensions\ssh\azext_ssh\custom.py", line 127, in ssh_cert public_keyfile, , _ = _check_or_create_public_private_files(public_key_file, None, keys_folder, ssh_client_folder) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\USER.azure\cliextensions\ssh\azext_ssh\custom.py", line 319, in _check_or_create_public_private_files ssh_utils.create_ssh_keyfile(private_key_file, ssh_client_folder) File "C:\Users\USER.azure\cliextensions\ssh\azext_ssh\ssh_utils.py", line 164, in create_ssh_keyfile sshkeygen_path = get_ssh_client_path("ssh-keygen", ssh_client_folder) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\USER**.azure\cliextensions\ssh\azext_ssh\ssh_utils.py", line 324, in get_ssh_client_path raise azclierror.UnclassifiedUserFault( azure.cli.core.azclierror.UnclassifiedUserFault: Could not find ssh-keygen.exe on path C:\WINDOWS\System32\openSSH\ssh-keygen.exe.

ERROR: cli.azure.cli.core.azclierror: Could not find ssh-keygen.exe on path C:\WINDOWS\System32\openSSH\ssh-keygen.exe. ERROR: az_command_data_logger: Could not find ssh-keygen.exe on path C:\WINDOWS\System32\openSSH\ssh-keygen.exe. Make sure OpenSSH is installed correctly: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse . Or use --ssh-client-folder to provide folder path with ssh executables. DEBUG: cli.knack.cli: Event: Cli.PostExecute [] INFO: az_command_data_logger: exit code: 1 INFO: cli.main: Command ran in 4.515 seconds (init: 0.839, invoke: 3.676) INFO: telemetry.main: Begin splitting cli events and extra events, total events: 1 INFO: telemetry.client: Accumulated 0 events. Flush the clients. INFO: telemetry.main: Finish splitting cli events and extra events, cli events: 1 INFO: telemetry.save: Save telemetry record of length 3878 in cache INFO: telemetry.main: Begin creating telemetry upload process. INFO: telemetry.process: Creating upload process: "C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry__init__.pyc C:\Users**USER**.azure" INFO: telemetry.process: Return from creating process INFO: telemetry.main: Finish creating telemetry upload process.

Expected behavior

Expected behaviour is that one can specify the parameter for ssh-client-folder, as used in the az ssh extension.

Environment Summary

azure-cli 2.59.0 *

core 2.59.0 * telemetry 1.1.0

Extensions: amg 1.3.2 bastion 1.0.1 ssh 2.0.3

Dependencies: msal 1.27.0 azure-mgmt-resource 23.1.0b2

Python location C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe Extensions directory C:\Users\USER\.azure\cliextensions

Python (Windows) 3.11.8 (tags/v3.11.8:db85d51, Feb 6 2024, 22:03:32) [MSC v.1937 64 bit (AMD64)]

Additional context

No response

yonzhan commented 3 months ago

Thank you for opening this issue, we will look into it.

microsoft-github-policy-service[bot] commented 3 months ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.

microsoft-github-policy-service[bot] commented 3 months ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @bastionsuppgithub.