Azure SSH Config (azuresshconfig)
=================================
Generate SSH config file from Azure ARM VM inventry in subscription
Introduction
------------
azuresshconfig is a simple script that collects Azure ARM Virtual
Machine(VM) inventry in subscription and generate a SSH config entries
to be appended to $HOME/.ssh/config (the file is newly created if no
exist). This is like an Azure version of `ec2ssh`_ or `aws-ssh-config`_
that strongly inspired this initiative. This would be very helpful when
you manage lots of VMs that have dynamic IP assignment settings and need
frequent VM up-and-down operations for them which causes the change of
IPs assigned to VMs. In such a case, azuresshconfig will definitly make
your SSH life easy.
Installation
------------
::
pip install azuresshconfig
Configuration
-------------
Generate client profile template file by executing the following
command.
::
azuresshconfig --init
Configure the client profile file, in which you add your service
principal account info to access your resources in Azure via Azure APIs.
::
vi $HOME/.azure/azuresshconfig.json
{
"subscription_id": "<YOUR SUBSCRIPTION ID>",
"client_id": "<YOUR APPLICATION CLIENT IP>",
"client_scret": "<YOUR APPLICATION CLIENT SCRET>",
"tenant_id": "<YOUR TENANT ID>"
}
For those who don’t know how to create service principal, there is a
great instruction: `Use Azure CLI to create a service principal to
access resources`_. If you have Azure CLI 2.0 command installed on your
evironment, you can create your service principal and configure its
access to your azure resources with a single command ‘az ad sp
create-for-rbac’.
Suppose your app id uri is ‘http://unofficialism.info’ and role you want
to give for the app is ‘Reader’, you can create your service principal
like this:
::
az ad sp create-for-rbac -n "http://unofficialism.info" --role reader
You will get an output like this, and with them you can fill out the
client profile file:
::
{
"appId": "c36x4b4f-bef6-422e-bd3b-65057e7ab065", # -> client_id in client profile file
"displayName": "azure-cli-2017-03-30-05-16-59",
"name": "http://unofficialism.info",
"password": "32126d32-7453-4053-3353-c420d4ffef2e", # -> client_scret in client profile file
"tenant": "72f988bf-86f1-41af-91cb-2d7cd011db47" # -> tenant_id in client profile file
}
For the detail of service principal role, please refer to `Built-in
roles for Azure Role-Based Access Control`_.
Usage
-----
Assuming all required packages are installed and rightly configured,
you’re ready to run azuresshconfig
\`\`\` azuresshconfig –help
usage: azuresshconfig.py [-h] [–version] [–init] [–profile PROFILE]
[–output OUT
.. _ec2ssh: https://github.com/mirakui/ec2ssh
.. _aws-ssh-config: https://github.com/gianlucaborello/aws-ssh-config
.. _Use Azure CLI to create a service principal to access resources: https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal-cli/
.. _Built-in roles for Azure Role-Based Access Control: https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-built-in-roles
