Azure support Azure AD managed SSHing into Linux VMs using a command such as
az ssh vm --ip 10.1.1.1. This includes controlling
sudo access using Azure AD groups. Super useful.
However, in order to get the file transfer component of ssh (
scp) to work, we need to jump through a couple of poorly documented hoops.
First, we need to generate an ssh config for each VM we want to
scp into. This will include the Azure certificate which is required to connect, in addition to the SSH key
az ssh config --ip 10.1.1.1 --file azuressh.config
This can now be used for vanilla SSH, and for scp using the
ssp -F acuressh.config 10.1.1.1
scp -F acuressh.config 10.1.1.1:somefile .
Note, this command generates the keys and certificates into a temporary directory, so they will be cleaned up on reboot. It is possible to specify the output path for these files as part of the
az ssh config command, but I’ll leave that up to you to figure our.
Just remember to secure these files, as they provide passwordless access to a remote machine.