Open bpasham opened 2 years ago
@roblourens - this is not duplicate. It is a similar issue. #2538 is no longer relevant as Microsoft deprecated the method - documented here - whereas the problem I am referring to is the new method Microsoft introduced, which requires VSCode remote to work with Azure CLI command az ssh and the login process documented here
Thanks for the details
@bpasham Don't these instructions work? https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-linux#exporting-ssh-configuration-for-use-with-ssh-clients-that-support-openssh
az ssh config --file ~/.ssh/config --ip <your IP>
Should set up the same SSH config file VS Code uses. From there you can open in Remote - SSH.
@Chuxel - they work for one session.. doesn't persist between sessions. A ps script with the following sequence should work - if launched from PowerShell .. not from vscode Az login Az account set subscription Az ssh config Code .
This launched the code and remote will initiate with he generated cert in the ssh config step... Problem is that a record will be added to the config file each time.. and creates an unreliable process
A more reliable process is required..that can cleanup on exit or persist cert longer and detect when cert is expired and go for reauthentication.
@bpasham, but what happens when the key is expired? Do I need to regenerate the key every 60 minutes?
@bpasham, but what happens when the key is expired? Do I need to regenerate the key every 60 minutes?
I think so. I wonder how other authentication schemes are working ...
I am sure I am missing technical details here, but would it be feasible to leverage this extension alongside the Microsoft-Account extension? https://github.com/microsoft/vscode/tree/main/extensions/microsoft-authentication
The Microsoft Account extension should be able to utilize refresh tokens to keep the jwt active (similar to azure-cli and other tools) and avoid the re-signin each hour.
Additionally, if this extension added an Entra ID specific ssh option; it would greatly streamline usage. Basically it would need to run this command and verify that azure-cli is installed on the workstation.
az ssh vm --ip
We are trying to implement remote development model with project specific VMs in Azure and allow users to connect from VS code using Azure AD authentication with MFA. It works great with Public keys but not with Azure AD authentication.
There were some recommendations of disabling localserver option and enable console, so users can click on the device login link and enter code. However, that model is deprecated by Microsoft. So option currently usable is using az ssh module (or something I couldn't find)
https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-linux
Appreciate any guidance on how to configure authentication for this model