azure-cli-extensions
azure-cli-extensions copied to clipboard
Azure
Support netcat like behaviour for az network bastion tunnel
Related command
az network bastion tunnel
Extension name (the extension in question)
ssh-extension
Description of issue (in as much detail as possible)
It would be great if the CLI would have an option to behave like netcat, read from stdin and forward to the tunnel, and read from the tunnel and write to stdout.
This would avoid hardcoding a local port which prevents any useful scripting.
It would also allow it to be used as ProxyCommand within ssh to seamlessly ssh into an azure virtual machine.
As it stands, this requires running a persistent tunnel in one window, and then ssh in another window. And it's impossible to script it in a unix environment.
And thank you for looking into this.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.
Issue Details
Related command
az network bastion tunnel
Extension name (the extension in question)
ssh-extension
Description of issue (in as much detail as possible)
It would be great if the CLI would have an option to behave like netcat, read from stdin and forward to the tunnel, and read from the tunnel and write to stdout.
This would avoid hardcoding a local port which prevents any useful scripting.
It would also allow it to be used as ProxyCommand within ssh to seamlessly ssh into an azure virtual machine.
As it stands, this requires running a persistent tunnel in one window, and then ssh in another window. And it's impossible to script it in a unix environment.
And thank you for looking into this.
| Author: | kirat-singh |
|---|---|
| Assignees: | - |
| Labels: |
|
| Milestone: | Backlog |
I am pretty surprised so few voted/asked for this. Anyway, any feedback on the topic, please? @aznetsuppgithub
@0x416e746f6e you can wrap it with something like:
#!/usr/bin/env bash
SUBSCRIPTION="$1"
BASTION="$2"
RESOURCE_GROUP="$3"
VM_ID="$4"
TUNNEL_PORT="${5:-50022}"
echo "Opening a proxy tunnel to $VM_ID on port $TUNNEL_PORT and exposing it to stdin/stdout for ssh." > /dev/stderr
az network bastion tunnel \
--subscription "$SUBSCRIPTION" \
--name "$BASTION" \
--resource-group "$RESOURCE_GROUP" \
--target-resource-id "$VM_ID" \
--resource-port 22 \
--port "$TUNNEL_PORT" &
tunnel_pid="$!"
function kill_tunnel() {
kill $tunnel_pid
echo "Tunnel Killed $?" > /dev/stderr
}
trap kill_tunnel INT
echo "Tunnel pid: $tunnel_pid" > /dev/stderr
sleep 4
socat "TCP:localhost:$TUNNEL_PORT" -
echo "END" > /dev/stderr
And then in ~/.ssh/config:
Host *
ControlMaster auto
ControlPersist 10m
ControlPath ~/.ssh/ctl/%h:%p:%r
Host vm
Hostname localhost
Port 50023
ProxyCommand /path/to/azbastiontunnel /subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Compute/virtualMachines/REDACTED 50023
LocalForward 8000 127.0.0.1:8000
Enabling ControlMaster/multiplexing is somewhat important to let it reuse the same tunnel between ssh connections.
t.w.i.m.c. I ended up with this atrocity in my ssh_config:
Host name-of-the-instance-in-azure
HostName name-of-the-instance-in-azure
ProxyCommand bash -c "port=$(( 4096 + $RANDOM %% 1024 )) ; pgid=$( ps -o pgid= -p $$ ) ; az network bastion tunnel --resource-group REDACTED --name REDACTED --resource-port %p --port \$port --target-resource-id /subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Compute/virtualMachines/%h & trap \"kill -- -\$pgid\" INT QUIT TERM EXIT ; sleep 2 ; nc 127.0.0.1 \$port"
User azureuser