Single Click SSH in Azure Cloud Shell

[jiasli]

Requirement

Using Azure Cloud Shell account to SSH into an Azure VM is currently not supported:

azure-cli/src/azure-cli-core/azure/cli/core/auth/adal_authentication.py

Line 23 in 2e0a42f

raise AuthenticationError("VM SSH currently doesn't support managed identity or Cloud Shell.")

We are working with MSAL and VM team to implement Single Click SSH in Azure Cloud Shell.

Workaround

As pointed out by #22057 (comment), a workaround is to run az login in Cloud Shell to replace the default Cloud Shell account with a user/service principal account. Then az ssh vm will work as expected.

References

• acquire_token_interactive(..., prompt="none") acquires token via Cloud Shell's IMDS-like interface AzureAD/microsoft-authentication-library-for-python#420
• A PoC of support SSH Cert inside Cloud Shell azure-cli-extensions#4641
• Error message: VM SSH currently doesn't support managed identity or Cloud Shell. #22057
• https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-linux

[yonzhan]

Single Click SSH