Share via

trying to ssh into an Azure Linux VM using a AAD user (email address)

Jean Morissette 40 Reputation points
2023-12-11T01:05:06.4533333+00:00

Is it possible to allow a AAD user account (and NOT as a local user) to ssh into a Linux VM without going through the CLI?

The account is in the aadpasswd in an email format.

There is no issue ssh into the VM using the CLI (azure-cli 2.55.0)

Goal is to:

  1. have the client to install just the minimum required, like a vpn client to connect to Azure
  2. Use the existing ssh coming from Windows 10/11 w/s or maybe putty (existing for most users)
  3. Use user account + password + Microsoft Authenticator
  4. Do not want to manage ssh keys
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,013 questions
Microsoft Security Microsoft Entra Microsoft Entra ID
Microsoft Security Microsoft Authenticator
0 comments
Accepted answer
  1. deherman-MSFT 38,021 Reputation points Microsoft Employee Moderator
    2023-12-11T20:51:21.9533333+00:00

    @Jean Morissette

    Yes, it is possible to allow an AAD user account to ssh into a Linux VM without going through the CLI. You will need to export the configuration to do so.

    The process to export the config is found here in the documentation.

    Export the SSH configuration for use with SSH clients that support OpenSSH

    Login to Azure Linux VMs with Microsoft Entra ID supports exporting the OpenSSH certificate and configuration. That means you can use any SSH clients that support OpenSSH-based certificates to sign in through Microsoft Entra ID. The following example exports the configuration for all IP addresses assigned to the VM:

    az ssh config --file ~/.ssh/config -n myVM -g AzureADLinuxVM

    Alternatively, you can export the configuration by specifying just the IP address. Replace the IP address in the following example with the public or private IP address for your VM. (You must bring your own connectivity for private IPs.) Enter az ssh config -h for help with this command.

    az ssh config --file ~/.ssh/config --ip 10.11.123.456

    You can then connect to the VM through normal OpenSSH usage. Connection can be done through any SSH client that uses OpenSSH.

    You can find more details and instructions on how to use this feature on this page:

    Log in to a Linux virtual machine in Azure by using Microsoft Entra ID and OpenSSH

    Hope this helps! Let me know if you are still facing issues or have further questions.

    If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

    If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

    Thank you for helping to improve Microsoft Q&A!

    User's image

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.