azure-cli-extensions icon indicating copy to clipboard operation
azure-cli-extensions copied to clipboard
verified publisher icon Azure

Add support for custom ports when using ssh tunnel

Open mikeblakeuk opened this issue 3 months ago • 2 comments

Add support for custom ports to bastion ssh.

The use case is that we want to connect to a Private AKS cluster. We have bastion setup and VM we connect to.

It would be nice to force the custom ports, and let az do the ssh key management.

az network bastion ssh --name "bastion" --resource-group "$group" --target-resource-id "$vmId" --resource-port 22 --auth-type AAD -- -L $customPort:our-cluster-abcde.dev-eus.privatelink.eastus.azmk8s.io:443

https://github.com/Azure/azure-cli-extensions/blob/a2dc8d7661670d56c92115092725214710f4a9ab/src/bastion/azext_bastion/custom.py

Instead we have to create the tunnel, the create ssh keys, then run ssh with port forwarding.

kubectl config set "clusters.$name.server" "https://localhost:$clusterPort"

az network bastion tunnel --name bastion --resource-group $group--target-resource-id '$vmId' --resource-port 22 --port $bastionPort

az ssh config --ip localhost --port $bastionPort --file $sshConfigPath --overwrite --yes-without-prompt #--debug

ssh -NTf -v $sshParams localhost -p $bastionPort -F $sshConfigPath -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null

mikeblakeuk avatar Sep 17 '25 08:09 mikeblakeuk

Thank you for opening this issue, we will look into it.

yonzhan avatar Sep 17 '25 08:09 yonzhan

@yonzhan / @necusjz any more thoughts on this?

mikeblakeuk avatar Sep 26 '25 09:09 mikeblakeuk