SSH
Configure SSH for your Azure Arc-enabled Servers.
Linux
Host setup
-
Log onto each host
E.g.
ssh onpremadmin@onprem-193a18cb-ubuntu-01.northeurope.cloudapp.azure.com -i ~/.ssh/citadel -
Install aadsshlogin (optional)
Can login on with local ID without this by the way.
sudo apt update && sudo apt install aadsshloginWill add a custom policy to install the extension.
-
Add port 22 to incoming connections list
sudo azcmagent config set incomingconnections.ports 22 -
Exit
exit
Create the endpoint
-
Variables
vm=ubuntu-01vmId=$(az connectedmachine show --name $vm --resource-group arc_pilot --query id --output tsv) -
Create the endpoint
az rest --method \ put --uri $vmId/providers/Microsoft.HybridConnectivity/endpoints/default?api-version=2021-10-06-preview \ --body '{"properties": {"type": "default"}}'
Local ID
-
Connect with local
az ssh arc --local-user onpremadmin --resource-group arc_pilot --name ubuntu-01 --private-key-file ~/.ssh/citadelExpected prompt:
onpremadmin@ubuntu-01:~$.Set the private key file to the right one.
AAD auth
-
RBAC assignment
Need either of these on the Arc VM
- Virtual Machine Administrator Login
- Virtual Machine User Login
-
Connect with AAD
az ssh arc --resource-group arc_pilot --name ubuntu-01Expected prompt:
richeney@azurecitadel.com@ubuntu-01:~$
Stretch
Follow the Code Tunnels as a bonus.
-
Install & configure
wget https://code.visualstudio.com/sha/download?build=stable\&os=cli-alpine-x64 -O /tmp/code.tar.gz sudo tar -zxvf /tmp/code.tar.gz -C /usr/local/bin && rm /tmp/code.tar.gz code tunnel --name $(hostname) --accept-server-license-terms
If they ask, we can delete the public IP, or remove them from the array of permitted source IP addresses.
Help us improve
Azure Citadel is a community site built on GitHub, please contribute and send a pull request
Make a change