Support Azure CLI (SSH via Microsoft Entra ID) #17791
Description
Is your feature request related to a problem? Please describe.
SSH via Microsoft Entra ID is that the Azure CLI will request Azure Active Directory to generate & issue a short-lived certificate right before the SSH connection, which means Cyberduck needs to support:
- Supplying an invalid path in the "SSH Private Key" field (
IdentityFile). This file will be created via the command line later. - Supplying a "Client Certificate" (
CertificateFile). This is currently gray and disabled. - Allow running a command line before establishing connections.
Describe alternatives you've considered
In the ~/.ssh/config file, to support using ssh the-azvm instead of az ssh vm -n {resource_name} -g {group_name} --port {port}, a workaround is to use the Match host the-azvm exec feature, which looks like this:
Match host the-azvm exec "rm -rf /tmp/ssh-the-azvm && rm -rf ~/.ssh/az_ssh_config/the-azvm/id_rsa.pub-aadcert.pub && rm -rf ~/.ssh/az_ssh_config/the-azvm/id_rsa && rm -rf ~/.ssh/az_ssh_config/the-azvm/id_rsa.pub && az ssh config --name the-azvm --resource-group The-Resource-Group --port 22 --file /tmp/ssh-the-azvm --keys-dest-folder ~/.ssh/az_ssh_config/the-azvm --overwrite --yes"
Host the-azvm
HostName 123.123.123.123
User [email protected]
Port 22
CertificateFile "~/.ssh/az_ssh_config/the-azvm/id_rsa.pub-aadcert.pub"
IdentityFile "~/.ssh/az_ssh_config/the-azvm/id_rsa"
It would be great if Cyberduck could read and respect these Match host XXX exec parts if allow running a command before the connection isn't too feasible at the moment.