Azure CLI SSH Config

Posted on October 2, 2021
Tags: azure, linux, cloud

Azure support Azure AD managed SSHing into Linux VMs using a command such as az ssh vm --ip 10.1.1.1. This includes controlling sudo access using Azure AD groups. Super useful.

However, in order to get the file transfer component of ssh (scp) to work, we need to jump through a couple of poorly documented hoops.

First, we need to generate an ssh config for each VM we want to scp into. This will include the Azure certificate which is required to connect, in addition to the SSH key

az ssh config --ip 10.1.1.1 --file azuressh.config

This can now be used for vanilla SSH, and for scp using the -F flag.

ssh -F azuressh.config 10.1.1.1
scp -F azuressh.config 10.1.1.1:somefile .

Note, this command generates the keys and certificates into a temporary directory, so they will be cleaned up on reboot. It is possible to specify the output path for these files as part of the az ssh config command, but I’ll leave that up to you to figure our.

Just remember to secure these files, as they provide passwordless access to a remote machine.