Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,678 questions
SSH with AAD creds doesn't work on Linux VM in Azure (permission denied or timeout)
anonanonanon
1
Reputation point
I'm following the instructions on https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-linux but cannot log in with my AAD creds. I created the VM with a username and password, not with an SSH cert. I keep getting:
Permission denied (publickey)
I cannot log in with my AAD account that has been given the "Virtual Machine Administrator Login" role. When I try via the Azure Cloud Shell, it just times out.
This works if I use the username/password set when the VM was created. If I generate an SSH key and use the "reset password" function on the VM, I can log in by passing my key files.
What am I missing? I've tried this with two different Linux VMs, created from scratch for this purpose.
Full details here: https://github.com/MicrosoftDocs/azure-docs/issues/106462
{count} votes
-
vipullag-MSFT 18,136 Reputation points Microsoft Employee2023-03-15T05:04:37.75+00:00 Hello anonanonanon
Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.
The error message you shared indicates that SSH authentication method being used is public key authentication. Ansd you also mentioned, you created the VM with a username and password, not with an SSH cert. This suggests that the SSH key authentication method is not properly configured for your Azure AD account.
Try the below troubleshooting steps to see if it helps:
-Log in to the VM using the username/password which you mentioned is successfully working for you. Verify if the SSH SSH configuration is set to allow password authentication. You can check the SSH configuration file (/etc /ssh/ sshd_config) and make sure that the "PasswordAuthentication" setting is set to "yes".
-Ensure that your Azure AD account has been assigned the "Virtual Machine Administrator Login" role for the VM. Do this by checking the VM's Access control (IAM) settings from the Azure portal.
-Try resetting the SSH public key for your Azure AD account. Generate an SSH key pair and add the public key to your Azure AD account. Then, try logging in using SSH with the new key pair.
Use correct username for your Azure AD account (username@domain.com).
Hope this helps.
Sign in to comment
Hi, yes I already verified that the "PasswordAuthentication" setting in my ssd_config file is set to "yes." There are also settings in that file specifically added by Azure as labeled "# Added by aadsshlogin installer:"
If I comment the two publickey lines out and restart ssh, then I start to be prompted for a password when logging in, but this password never works.
The Virtual Machine Administrator Login role is assigned to my account.
Resetting the SSH public key and then logging int with an SSH key pair has always worked fine. But I want to log in via AAD, so this method is not a solution.
Hello anonanonanon
Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.
This issue needs deeper investigation. Support team will be able to check and help on this. I would recommend you to open a azure support case.