Created
November 8, 2022 19:35
-
-
Save quintindk/0a890ef022f6436c165648dec08ea6ce to your computer and use it in GitHub Desktop.
Quick script to connect to a VM using bastion from your terminal. This uses tunnels rather than az network bastion ssh because I didn't know to install the ssh add-on in az cli.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| subscription=$1 | |
| if [[ -n $2 ]]; then | |
| vm_name=$2 | |
| fi | |
| if [[ -n $3 ]]; then | |
| vm_username=$3 | |
| fi | |
| if [[ -n $4 ]]; then | |
| vm_keyname=$4 | |
| fi | |
| if [[ -n $5 ]]; then | |
| kv_name=$5 | |
| fi | |
| bastion=$(az network bastion list --subscription "$subscription") | |
| bastion_name=$(echo "$bastion" | jq -r '.[] | [.name] | @csv' | tr -d '"') | |
| bastion_rg=$(echo "$bastion" | jq -r '.[] | [.resourceGroup] | @csv' | tr -d '"') | |
| localport=$(( "$RANDOM" % 65535 + 4000 )) | |
| if [[ -z $vm_name ]]; then | |
| PS3="Select the virtual machine: " | |
| select name in $(az vm list --subscription "$subscription" | jq -r '.[] | [ .name ] | @csv ' | tr -d '"') | |
| do | |
| read -rp "User name: " username | |
| read -rp "User SSH key in KeyVault? (y/N) " sshkey | |
| if [[ $sshkey == y ]] || [[ $sshkey == Y ]]; then | |
| read -rp "Key name: " keyname | |
| tempkey=$(mktemp) | |
| az keyvault secret show --name "$keyname" --vault-name "$kv_name" --query value -o tsv --subscription "$subscription" > "$tempkey" | |
| command="ssh -i $tempkey -p $localport -o ConnectTimeout=10 -o StrictHostKeyChecking=no $username@127.0.0.1" | |
| else | |
| command="ssh -p $localport -o ConnectTimeout=10 -o StrictHostKeyChecking=no $username@127.0.0.1" | |
| fi | |
| break 1; | |
| done | |
| else | |
| name=$vm_name | |
| if [[ -n $vm_keyname ]]; then | |
| tempkey=$(mktemp) | |
| az keyvault secret show --name "$vm_keyname" --vault-name "$kv_name" --query value -o tsv --subscription "$subscription" > "$tempkey" | |
| command="ssh -i $tempkey -p $localport -o ConnectTimeout=10 -o StrictHostKeyChecking=no $vm_username@127.0.0.1" | |
| else | |
| command="ssh -p $localport -o ConnectTimeout=10 -o StrictHostKeyChecking=no $vm_username@127.0.0.1" | |
| fi | |
| fi | |
| id=$(az vm list --subscription "$subscription" | jq -r ".[] | select (.name == \"$name\") | [ .id ] | @tsv") | |
| #echo "az network bastion tunnel --name $bastion_name --resource-group $bastion_rg --target-resource-id $id --resource-port 22 --port $localport --subscription $subscription" | |
| screen -dmSL connect-$localport -L az network bastion tunnel --name "$bastion_name" --resource-group "$bastion_rg" --target-resource-id "$id" --resource-port 22 --port $localport --subscription $subscription | |
| #az network bastion tunnel --name "$bastion_name" --resource-group "$bastion_rg" --target-resource-id "$id" --resource-port 22 --port $localport --subscription $subscription | |
| sleep 5 | |
| echo "Port $localport listening..." | |
| eval "$command" | |
| kill -15 "$(screen -ls | grep "[0-9]*\.connect-$localport*" | sed -E 's/\s+([0-9]+)\..*/\1/')" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment