Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/tg123/azbastion

go version of az network bastion tunnel
https://github.com/tg123/azbastion

Last synced: 2 months ago
JSON representation

go version of az network bastion tunnel

Awesome Lists containing this project

README 

          
# Azure Bastion tunnel client



## Basic Usage



```

bastion-tunnel --subscription  --group  --name  --target-addr  --target-port  --local-port 

```



## Advanced: Use a non-exportable ssh key in azure key vault



Traditional SSH client key-authenticatio requires a `PRIVATE` key at client side to establish connection to ssh server. 

Nonetheless, sharing the private key poses a significant security risk. Even placing the key in a key vault as a secret does not mitigate this risk, as individuals might still retain a local copy of the key despite their access to the key vault being revoked.



Conversely, the `bastion-tunnel` approach allows the utilization of a non-exportable RSA key stored in the key vault to authenticate with the ssh server located behind the bastion. This implementation significantly enhances the security level of the bastion, further safeguarding sensitive access.



### Generate Key 



 * Azure Portal

   ![image](https://github.com/tg123/azbastion/assets/170430/a4020256-69e4-49e1-884a-3d7c0c115006)



 * Powershell



   `Add-AzKeyVaultKey -VaultName  -Name  -Destination Software -KeyType RSA`



### Connection sshd behind bastion using the key



 _NOTE_: public key will be in stdout after your first run, you can add it to ssh server's `~/.ssh/authorized_keys`

 

```

bastion-tunnel --subscription  --group  --name  --target-addr  --run-ssh --ssh-user  --ssh-keyvault-url "https://.vault.azure.net" --ssh-keyvault-keyname 

```  



## Limitation



You bastion must be Standard SKU and enable `Native client support` and `IP-based connection`