Make `az network bastion tunnel` suitable for use with OpenSSH's `ProxyCommand`

[em-]

Related command az network bastion tunnel

Is your feature request related to a problem? Please describe. The current az network bastion tunnel command listens on a local TCP ports and forward the traffic. However, the most common way to work with generic bastion hosts with OpenSSH is to use the ProxyCommand directive, which uses stdin/stdout to tunnel the traffic to be forwarded.

The lack of this ability causes people to do weird things to make it suitable, see for instance this gist that ends up calling nc to provide the stdin/stdout interface: https://gist.github.com/akisys/23e7f0d4d98154b3067a6a6914dcb483

Describe the solution you'd like Add a --stdin option (or whatever better name) that is mutually exclusive with --port and can be used in the OpenSSH client config like this:

ProxyCommand=az network bastion tunnel --name MyBastionHost --resource-group MyResourceGroup --target-ip-address %h --resource-port %p --stdin

Describe alternatives you've considered Something like https://gist.github.com/akisys/23e7f0d4d98154b3067a6a6914dcb483 but it is really unnecessary.

Additional context Being able to use ProxyCommand would make the usage from Ansible more straighforward.

[yonzhan]

Thank you for opening this issue, we will look into it.

[stellaraccident]

This is a really important feature for native ssh tool integration. I've worked with other providers who have this kind of thing and it lets you set up very transparent access policies.

Having used the bastion cli, it would really benefit from being developed with a view towards integration. This stuff has been done a certain way for a very long time and should integrate better.

[diogocp]

Dupe: Azure/azure-cli-extensions#5807