Editar

Partilhar via


Export-AzSshConfig

This cmdlet exports an SSH configuration file that can be used to connect to Azure Resources through client applications that support OpenSSH config and certificates. SSH config files can be created that use Microsoft Entra ID issued certificates or local user credentials.

Syntax

Export-AzSshConfig
      -ResourceGroupName <String>
      -Name <String>
      -ConfigFilePath <String>
      [-PublicKeyFile <String>]
      [-PrivateKeyFile <String>]
      [-UsePrivateIp]
      [-LocalUser <String>]
      [-Port <String>]
      [-ResourceType <String>]
      [-CertificateFile <String>]
      [-Overwrite]
      [-KeysDestinationFolder <String>]
      [-Force]
      [-DefaultProfile <IAzureContextContainer>]
      [<CommonParameters>]
Export-AzSshConfig
      -Ip <String>
      -ConfigFilePath <String>
      [-PublicKeyFile <String>]
      [-PrivateKeyFile <String>]
      [-LocalUser <String>]
      [-Port <String>]
      [-CertificateFile <String>]
      [-Overwrite]
      [-KeysDestinationFolder <String>]
      [-Force]
      [-DefaultProfile <IAzureContextContainer>]
      [<CommonParameters>]
Export-AzSshConfig
      -ResourceId <String>
      -ConfigFilePath <String>
      [-PublicKeyFile <String>]
      [-PrivateKeyFile <String>]
      [-UsePrivateIp]
      [-LocalUser <String>]
      [-Port <String>]
      [-CertificateFile <String>]
      [-Overwrite]
      [-KeysDestinationFolder <String>]
      [-Force]
      [-DefaultProfile <IAzureContextContainer>]
      [<CommonParameters>]

Description

The exported SSH configuration file can be used to connect to Azure Resources by client applications that support OpenSSH config and certificates. Applications such as git and rsync can use configuration file by setting the command to 'ssh -F /path/to/config'. For example: rsync -e 'ssh -F /path/to/config'. Users can create ssh config files that use Microsoft Entra ID issued certificates or local user credentials. Important note: When connecting to Azure Arc resources, this cmdlet requires the Az.Ssh.ArcProxy module to also be installed in the client machine. The cmdlet will attempt to install the module from the PowerShell Gallery, but the user also has the option to install it themselves. It is important that the user also has permission to execute the Proxy files in the Az.Ssh.ArcProxy module, or the connection will fail. You can find the Az.Ssh.ArcServer module in the PowerShell Gallery: https://aka.ms/PowerShellGallery-Az.Ssh.ArcProxy.

Examples

Example 1: Export a SSH configuration file for connecting to a resource using Microsoft Entra ID issued certificates for authentication.

Export-AzSshConfig -ResourceGroupName myRg -Name myMachine -ConfigFilePath ./sshconfig.config

When a -LocalUser is not supplied, the cmdlet will attempt to create a certificate to login using Microsoft Entra ID. This is currently only supported for resources running Linux OS. When using Microsoft Entra ID to login to resource, the Host name in the configuration entry will be "{resource group name}-{resource name}", or "{ip address}" for Azure VMs.

Example 2: Export a SSH configuration file for connecting to the Public Ip of an Azure Virtual Machine using Microsoft Entra ID issued certificates.

Export-AzSshConfig -Ip 1.2.3.4 -ConfigFilePath ./sshconfig.config

Example 3: Export a SSH configuration file for connecting to Local User on Azure Resource using SSH certificates for authentication

Export-AzSshConfig -ResourceGroupName myRg -Name myVm -LocalUser azureuser -CertificateFile ./cert -PrivateKeyFile ./id_rsa -ConfigFilePath ./sshconfig.config

When using local user credentials to login, the host name in the configuration entry will be "{resource group name}-{resource name}-{username}", or "{ip address}-{username}" for Azure VMs.

Example 4: Export a SSH configuration file for connecting to Local User on Azure Resource using SSH private key for authentication

Export-AzSshConfig -ResourceGroupName myRg -Name myVm -LocalUser azureuser -PrivateKeyFile ./id_rsa -ConfigFilePath ./sshconfig.config

Example 5: Export a SSH configuration file for connecting to Local User on Azure Resource using interactive username and password for authentication

Export-AzSshConfig -ResourceGroupName myRg -Name myVm -LocalUser azureuser -ConfigFilePath ./sshconfig.config

Example 6: Determine where generated keys and certificates for the certificate will the stored.

Export-AzSshConfig -ResourceGroupName myRg -Name myVm -KeysDestinationFolder /home/user/mykeys -ConfigFilePath ./sshconfig.config

Generated keys and certificates are, by default, stored in "az_ssh_config" directory in the same directory as the config file. The -KeysDestinationFolder parameter allows user to decide where the keys will be stored.

Example 7: Create a generic config for use with any Azure VM.

Export-AzSshConfig -Ip * -ConfigFilePath ./sshconfig.config

Example 8: Provide the Resource Type of the target.

Export-AzSshConfig -ResourceGroupName myRg -Name myVm -ResourceType Microsoft.Compute/virtualMachines -ConfigFilePath ./sshconfig.config

This parameter is useful when there is more than one supported resource with the same name in the Resource Group.

Parameters

-CertificateFile

SSH Certificate to be used to authenticate to local user account.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ConfigFilePath

Path to write SSH configuration to.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

When connecting to Arc resources, do not prompt for confirmation before updating the allowed port for SSH connection in the Connection Endpoint to match the target port or to install Az.Ssh.ArcProxy module from the PowerShell Gallery, if needed.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Ip

IP Address of target Azure VM.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-KeysDestinationFolder

Directory where generated keys and certificates will be stored.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-LocalUser

Username for a local user in the target resource.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Name of the target Azure Resource.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Overwrite

Overwrite the config file, instead of appending new entry to the end of the file.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Port

Port to connect to on the remote host.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PrivateKeyFile

Path to private key file.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PublicKeyFile

Path to public key file.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResourceGroupName

Resource group name.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ResourceId

Resource ID of the target resource.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ResourceType

Resource type of the target resource.

Type:String
Accepted values:Microsoft.HybridCompute/machines, Microsoft.Compute/virtualMachines, Microsoft.ConnectedVMwarevSphere/virtualMachines, Microsoft.ScVmm/virtualMachines, Microsoft.AzureStackHCI/virtualMachines
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-UsePrivateIp

When connecting to an Azure VM, this flag specifies that it should connect to one of the private IPs of the VM. It requires connectivity to the private IP.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Outputs

PSSshConfigEntry