0

We are trying to implement remote development model with project specific VMs in Azure and allow users to connect from VS code using Azure AD authentication with MFA. It works great with Public keys but not with Azure AD authentication.

There were some recommendations of disabling localserver option and enable console, so users can click on the device login link and enter code. However, that model is deprecated by Microsoft. So option currently usable is using az ssh module (or something I couldn't find)

https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-linux

Appreciate any guidance on how to configure authentication for this model

Bhuvan
  • 1,523
  • 4
  • 23
  • 49
  • May i know if all the configuration steps are performed from the document , like have you assigned the user/users who will be logging in to the VM have VM admin login role or VM user login role assigned ? – UserP Oct 18 '21 at 04:57
  • Followed complete setup - VM can be logged in using AAD using az ssh command without any login prompts. – Bhuvan Oct 19 '21 at 12:01

1 Answers1

2

You need to follow the steps to enable AD login for users as already mentioned in the Microsoft Document.

Steps which are mandatory or required to perform a ssh from vscode using az-cli:

  1. While creating a VM , Please ensure you have the Login with Azure AD preview Enabled and please open the SSH, HTTP and HTTPS port :

    enter image description here

  2. In Visual Studio Code , Please ensure to have Azure CLI has the extension ssh installed for az module. To install you can follow the below 2 commands:

    az login # login using your Azure AD user credentials
az extension add --name ssh # install the ssh extension

  3. Please make sure before using the user to signin to Azure AD you must have that user a rbac role assigned i.e. Virtual Machine Administrator Login/ Virtual Machine User Login

    If you don't provide the user the role you will face the below error :

    enter image description here

    To assign the roles , you can go the VM in Portal >> Access Control(IAM)>>add role assignment>> select VM admin login /VM user login >> add the users and assign.

    enter image description here

  4. Once the above is done you will be able to SSH to the VM using az module from vscode like below:

    Commands:

    az login # user who will login need to authenticate
az ssh vm -n vmname -g resourcegroupname # SSH to the VM

    enter image description here

Update:

Second Part of the question after the above is how to use remote desktop from VSCODE using azure ad credentials:

  1. Run these 2 commands in vscode:

    az login
az ssh config --ip VMPublicIP --file C:\Users\user\terraform\sshconfig # saves the config file with your azureadcredentials

    enter image description here

  2. Copy the whole context of the file which was downloaded using the above command to remote-ssh config files for the VM.

    enter image description here

  3. After the above is done do connect to host for the same file that you have configured for the above step.

    enter image description here

Ansuman Bal
  • 9,705
  • 2
  • 10
  • 27
  • This is an excellent step by step step instructions for setting up AAD auth for a Linux VM in Azure. However this doesn't address the the problem of making VSCode Remote tools work with the configured VM. Original question refers to these instructions and want VSCode to work after setting up these. Thank you though - these are better instructions than the original docs. – Bhuvan Oct 19 '21 at 11:59
  • 1
    Hello @Bhuvan, updated the answer . Please take a look and let me know if it resolves your issue. – Ansuman Bal Oct 19 '21 at 16:44
  • This works great. Wondering if this can be automated for the workspace. Appreciate your help. – Bhuvan Oct 19 '21 at 21:35