SSHArc Public Preview improvements

src/ssh/azext_ssh/_help.py

@@ -13,13 +13,13 @@
 helps['ssh vm'] = """
     type: command
     short-summary: SSH into Azure VMs or Arc Servers.
-    long-summary: Users can login using AAD issued certificates or using local user credentials. We recommend login using AAD issued certificates. To SSH as a local user in the target machine, you must provide the local user name using the --local-user argument.
+    long-summary: Users can login using AAD issued certificates or using local user credentials. We recommend login using AAD issued certificates. To SSH using local user credentials, you must provide the local user name using the --local-user parameter.
     examples:
-        - name: Give a resource group and VM to SSH using AAD issued certificates
+        - name: Give a resource group name and machine name to SSH using AAD issued certificates
           text: |
-            az ssh vm --resource-group myResourceGroup --vm-name myVM
+            az ssh vm --resource-group myResourceGroup --name myVM
 
-        - name: Give the public IP (or hostname) of a VM to SSH to SSH using AAD issued certificates
+        - name: Give the public IP (or hostname) of a VM to SSH using AAD issued certificates
           text: |
             az ssh vm --ip 1.2.3.4
             az ssh vm --hostname example.com
@@ -32,37 +32,51 @@
           text: |
             az ssh vm --ip 1.2.3.4 -- -A -o ForwardX11=yes
 
-        - name: Give the Resource Type of a VM to SSH using AAD issued certificates. Using the resource type is useful when there is an Azure VM and a Arc Server with the same name in the same resource group.
+        - name: Give the Resource Type of the target. Useful when there is an Azure VM and an Arc Server with the same name in the same resource group. Resource type can be either "Microsoft.HybridCompute" for Arc Servers or "Microsoft.Compute" for Azure Virtual Machines.
           text: |
-            az ssh vm --resource-type Microsoft.Compute --resource-group myResourceGroup --vm-name myVM
+            az ssh vm --resource-type [Microsoft.Compute|Microsoft.HybridCompute] --resource-group myResourceGroup --name myVM
 
-        - name: Give a local user name to SSH using local user credentials on the target machine using certificate based authentication.
+        - name: Give a local user name to SSH with local user credentials using certificate based authentication.
           text: |
             az ssh vm --local-user username --ip 1.2.3.4 --certificate-file cert.pub --private-key key
 
-        - name: Give a local user name to SSH using local user credentials on the target machine using key based authentication.
+        - name: Give a local user name to SSH with local user credentials using key based authentication.
           text: |
-            az ssh vm --local-user username --resource-group myResourceGroup --vm-name myVM --private-key-file key
+            az ssh vm --local-user username --resource-group myResourceGroup --name myVM --private-key-file key
 
-        - name: Give a local user name to SSH using local user credentials on the target machine using password based authentication.
+        - name: Give a local user name to SSH with local user credentials using password based authentication.
           text: |
-            az ssh vm --local-user username --resource-group myResourceGroup --vm-name myArcServer
+            az ssh vm --local-user username --resource-group myResourceGroup --name myArcServer
+
+        - name: Give a SSH Client Folder to use the ssh executables in that folder, like ssh-keygen.exe and ssh.exe. If not provided, the extension attempt to use pre-installed OpenSSH client (in that case, ensure OpenSSH client is installed and the Path environment variable is set correctly).
+          text: |
+            az ssh vm --resource-group myResourceGroup --name myVM --ssh-client-folder "C:\\Program Files\\OpenSSH"
 """
 
 helps['ssh config'] = """
     type: command
-    short-summary: Create an SSH config for resources (Azure VMs, etc) which can then be used by clients that support OpenSSH configs and certificates
-    long-summary: Other software (git/rsync/etc) that support setting an SSH command can be set to use the config file by setting the command to 'ssh -F /path/to/config' e.g. rsync -e 'ssh -F /path/to/config'
+    short-summary: Create an SSH config for resources (Azure VMs, Arc Servers, etc) which can then be used by clients that support OpenSSH configs and certificates
+    long-summary: Other software (git/rsync/etc) that support setting an SSH command can be set to use the config file by setting the command to 'ssh -F /path/to/config' e.g. rsync -e 'ssh -F /path/to/config'.  Users can create ssh config files that use AAD issued certificates or local user credentials.
     examples:
-        - name: Give a resource group and VM for which to create a config, and save in a local file
+        - name: Give the resource group and machine name for which to create a config using AAD issued certificates, save in a local file, and then ssh into that resource
           text: |
-            az ssh config --resource-group myResourceGroup --vm-name myVm --file ./sshconfig
+            az ssh config --resource-group myResourceGroup --name myVm --file ./sshconfig
+            ssh -F ./sshconfig myResourceGroup-myVM
 
-        - name: Give the public IP (or hostname) of a VM for which to create a config and then ssh
+        - name: Give the public IP (or hostname) of an Azure VM for which to create a config and then ssh into that VM
           text: |
             az ssh config --ip 1.2.3.4 --file ./sshconfig
             ssh -F ./sshconfig 1.2.3.4
 
+        - name: Give a local user to create a config using local user credentials, save in local file, and then ssh into that resource
+          text: |
+            az ssh config --resource-group myResourceGroup --name myMachine --local-user username --certificate-file cert --private-key-file key --file ./sshconfig
+            ssh -F ./sshconfig MyResourceGroup-myMachine-username
+
+        - name: Give Keys Destination Folder to store the generated keys and certificates. If not provided, SSH keys are stored in new folder "az_ssh_config" next to the config file.
+          text: |
+            az ssh config --ip 1.2.3.4 --file ./sshconfig --keys-destination-folder /home/user/mykeys
+
         - name: Create a generic config for use with any host
           text: |
             #Bash
@@ -76,6 +90,14 @@
             az ssh config --ip \\* --file ./sshconfig
             rsync -e 'ssh -F ./sshconfig' -avP directory/ myvm:~/directory
             GIT_SSH_COMMAND="ssh -F ./sshconfig" git clone myvm:~/gitrepo
+
+        - name: Give SSH Client Folder to use the ssh executables in that folder. If not provided, the extension attempt to use pre-installed OpenSSH client (in that case, ensure OpenSSH client is installed and the Path environment variable is set correctly).
+          text: |
+            az ssh vm --resource-group myResourceGroup --name myMachine --ssh-client-folder "C:\\Program Files\\OpenSSH"
+
+        - name: Give the Resource Type of the target. Useful when there is an Azure VM and an Arc Server with the same name in the same resource group. Resource type can be either "Microsoft.HybridCompute" for Arc Servers or "Microsoft.Compute" for Azure Virtual Machines.
+          text: |
+            az ssh config --resource-type [Microsoft.Compute|Microsoft.HybridCompute] --resource-group myResourceGroup --name myVM --file ./myconfig
 """
 
 helps['ssh cert'] = """
@@ -90,25 +112,33 @@
 helps['ssh arc'] = """
     type: command
     short-summary: SSH into Azure Arc Servers
-    long-summary: Users can now login using AAD issued certificates or using local user credentials. We recommend login using AAD issued certificates as azure automatically rotate SSH CA keys. To SSH as a local user in the target machine, you must provide the local user name using the --local-user argument.
+    long-summary: Users can login using AAD issued certificates or using local user credentials. We recommend login using AAD issued certificates as azure automatically rotate SSH CA keys. To SSH as a local user in the target machine, you must provide the local user name using the --local-user argument.
     examples:
-        - name: Give a resource group and Arc Server Name to SSH using AAD issued certificates
+        - name: Give a resource group name and machine name to SSH using AAD issued certificates
           text: |
-            az ssh arc --resource-group myResourceGroup --vm-name myArcServer
+            az ssh vm --resource-group myResourceGroup --name myMachine
 
         - name: Using a custom private key file
           text: |
-            az ssh arc --resource-group myResourceGroup --vm-name myArcServer --private-key-file key --public-key-file key.pub
+            az ssh vm --resource-group myResourceGroup --name myMachine --private-key-file key --public-key-file key.pub
+
+        - name: Using additional ssh arguments
+          text: |
+            az ssh vm --resource-group myResourceGroup --name myMachine -- -A -o ForwardX11=yes
+
+        - name: Give a local user name to SSH with local user credentials using certificate based authentication.
+          text: |
+            az ssh vm --local-user username --resource-group myResourceGroup --name myMachine --certificate-file cert.pub --private-key key
 
-        - name: Give a local user name to SSH to a local user using certificate-based authentication
+        - name: Give a local user name to SSH with local user credentials using key based authentication.
           text: |
-            az ssh arc  --resource-group myResourceGroup --vm-name myArcServer --certificate-file cert.pub --private-key key --local-user name
+            az ssh vm --local-user username --resource-group myResourceGroup --name myMachine --private-key-file key
 
-        - name: Give a local user name to SSH to a local user using key-based authentication
+        - name: Give a local user name to SSH with local user credentials using password based authentication.
           text: |
-            az ssh arc --resource-group myRG --vm-name myVM --local-user name --private-key-file key
+            az ssh vm --local-user username --resource-group myResourceGroup --name myMachine
 
-        - name: Give a local user name to SSH to a local user using password-based authentication
+        - name: Give a SSH Client Folder to use the ssh executables in that folder, like ssh-keygen.exe and ssh.exe. If not provided, the extension attempt to use pre-installed OpenSSH client (ensure OpenSSH client is installed and the Path environment variable is set correctly).
           text: |
-            az ssh arc --resource-group myResourceGroup --vm-name myArcServer --local-user username
+            az ssh vm --resource-group myResourceGroup --name myMachine --ssh-client-folder "C:\\Program Files\\OpenSSH"
 """

src/ssh/azext_ssh/connectivity_utils.py

@@ -53,14 +53,8 @@ def get_relay_information(cmd, resource_group, vm_name, certificate_validity_in_
             time_elapsed = time.time() - t0
             telemetry.add_extension_event('ssh', {'Context.Default.AzureCLI.SSHListCredentialsTime': time_elapsed})
         except Exception as e:
-            telemetry.set_exception(exception='Call to listCredentials failed',
-                                    fault_type=consts.LIST_CREDENTIALS_FAILED_FAULT_TYPE,
-                                    summary=f'listCredentials failed with error: {str(e)}.')
             raise azclierror.ClientRequestError(f"Request for Azure Relay Information Failed:\n{str(e)}")
     except Exception as e:
-        telemetry.set_exception(exception='Call to listCredentials failed',
-                                fault_type=consts.LIST_CREDENTIALS_FAILED_FAULT_TYPE,
-                                summary=f'listCredentials failed with error: {str(e)}.')
         raise azclierror.ClientRequestError(f"Request for Azure Relay Information Failed:\n{str(e)}")
     return result
 
@@ -91,8 +85,6 @@ def get_client_side_proxy(arc_proxy_folder):
                 response_content = response.read()
                 response.close()
         except Exception as e:
-            telemetry.set_exception(exception=e, fault_type=consts.PROXY_DOWNLOAD_FAILED_FAULT_TYPE,
-                                    summary=f'Failed to download proxy from {request_uri}')
             raise azclierror.ClientRequestError(f"Failed to download client proxy executable from {request_uri}. "
                                                 "Error: " + str(e)) from e
         time_elapsed = time.time() - t0
@@ -136,9 +128,6 @@ def _get_proxy_filename_and_url(arc_proxy_folder):
     elif machine == '':
         raise azclierror.BadRequestError("Couldn't identify the platform architecture.")
     else:
-        telemetry.set_exception(exception='Unsuported architecture for installing proxy',
-                                fault_type=consts.PROXY_UNSUPPORTED_ARCH_FAULT_TYPE,
-                                summary=f'{machine} is not supported for installing client proxy')
         raise azclierror.BadRequestError(f"Unsuported architecture: {machine} is not currently supported")
 
     # define the request url and install location based on the os and architecture
@@ -153,9 +142,6 @@ def _get_proxy_filename_and_url(arc_proxy_folder):
         install_location = install_location + ".exe"
         older_location = older_location + ".exe"
     elif operating_system not in ('Linux', 'Darwin'):
-        telemetry.set_exception(exception='Unsuported OS for installing ssh client proxy',
-                                fault_type=consts.PROXY_UNSUPPORTED_OS_FAULT_TYPE,
-                                summary=f'{operating_system} is not supported for installing client proxy')
         raise azclierror.BadRequestError(f"Unsuported OS: {operating_system} platform is not currently supported")
 
     if not arc_proxy_folder:

src/ssh/azext_ssh/constants.py

@@ -10,8 +10,7 @@
 CLEANUP_TIME_INTERVAL_IN_SECONDS = 10
 CLEANUP_AWAIT_TERMINATION_IN_SECONDS = 30
 RELAY_INFO_MAXIMUM_DURATION_IN_SECONDS = 3600
-PROXY_UNSUPPORTED_ARCH_FAULT_TYPE = 'client-proxy-unsupported-architecture-error'
-PROXY_UNSUPPORTED_OS_FAULT_TYPE = 'client-proxy-unsupported-os-error'
-PROXY_DOWNLOAD_FAILED_FAULT_TYPE = 'client-proxy-download-failed-error'
-LIST_CREDENTIALS_FAILED_FAULT_TYPE = 'get-relay-information-failed-error'
 WINDOWS_INVALID_FOLDERNAME_CHARS = "\\/*:<>?\"|"
+RECOMMENDATION_SSH_CLIENT_NOT_FOUND = ("Ensure OpenSSH is installed and the PATH Environment "
+                                       "Variable is set correctly.\nAlternatively, use "
+                                       "--ssh-client-folder to provide OpenSSH folder path.")

src/ssh/azext_ssh/custom.py

@@ -412,6 +412,9 @@ def _decide_resource_type(cmd, op_info):
         raise azclierror.RequiredArgumentMissingError("SSH Login to AAD user is not currently supported for Windows. "
                                                       "Please provide --local-user.")
 
+    if os_type:
+        telemetry.add_extension_event('ssh', {'Context.Default.AzureCLI.TargetOSType': os_type})
+
     if is_arc_server:
         return "Microsoft.HybridCompute"
     return "Microsoft.Compute"

src/ssh/azext_ssh/ssh_info.py

@@ -116,7 +116,7 @@ def get_config_text(self, is_aad):
             # default to all hosts for config
             if not self.ip:
                 self.ip = "*"
-            lines = lines + self._get_ip_entry()
+            lines = lines + self._get_ip_entry(is_aad)
         return lines
 
     def _get_arc_entry(self, is_aad):
@@ -154,9 +154,13 @@ def _get_rg_and_vm_entry(self, is_aad):
             lines.append("\tPort " + self.port)
         return lines
 
-    def _get_ip_entry(self):
+    def _get_ip_entry(self, is_aad):
         lines = []
-        lines.append("Host " + self.ip)
+        if is_aad:
+            lines.append("Host " + self.ip)
+        else:
+            lines.append("Host " + self.ip + "-" + self.local_user)
+            lines.append("\tHostName " + self.ip)
         lines.append("\tUser " + self.local_user)
         if self.cert_file:
             lines.append("\tCertificateFile \"" + self.cert_file + "\"")