SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Successfully reported this slideshow.
Activate your 14 day free trial to unlock unlimited reading.
Log in to a Linux VM in Azure using AAD authentication
Log in to a Linux VM in Azure using AAD authentication
1.
Log in to a Linux virtual
machine in Azure using
AAD authentication
Takayoshi Tanaka, Software Maintenance Engineer
tatanaka@redhat.com
2.
What’s this?
Log in to the RHEL server with a user authenticated by Azure
AD
Azure Administrator can also manage who can login to Linux
server in Azure.
This authentication is not “Kerberos” integration.
This is a Preview feature. See detail for the doc:
https://docs.microsoft.com/ja-jp/azure/virtual-machines/linux/login-
using-aad
3.
Benefits
Improved security
◦ No need to create a local administrator
◦ Centralize the authentication to AAD, world-level secure IDP
◦ You can configure a multi factor authentication
Seamless collaboration
◦ You can specify who can sign in to a given VM as a regular user or with
administrator privileges
◦ Their user account is disabled or removed from Azure AD, they no
longer have access to your resources
4.
Supported Azure regions and
Linux distributions
Distribution Version
CentOS CentOS 6.9 and CentOS 7.4
RedHat Enterprise Linux RHEL 7
Ubuntu Server Ubuntu 14.04 LTS, Ubuntu Server 16.04, and
Ubuntu Server 17.10
5.
How to use?
1. Create a VM as a usual step. Be sure to install the latest WALinuxAgent.
2. Install the Azure AD login VM extension
$ az vm extension set --publisher Microsoft.Azure.ActiveDirectory.LinuxSSH
--name AADLoginForLinux --resource-group myResourceGroup --vm-name myVM
6.
How to use?
3. Configure role assignments for the VM
$ username=<your_ms_accounr_name_for_azure>
$ vm=$(az vm show --resource-group myResourceGroup --name myVM --query id -o tsv)
$ az role assignment create --role "Virtual Machine Administrator Login"
--assignee $username --scope $vm
7.
NOTE
If your MS account is the same domain of AAD,
you can use email for username.
If not, you should use Object ID which you can see in AAD portal.
email
Object ID
8.
Login to VM
$ ssh -l <user_account> <public_ip_or_host>
Type ssh with specifying user account (=your Microsoft account) as usual.
Then the console ask you to visit the Microsoft device login URL and enter the specified code.
9.
Login to VM
Open a browser and visit the device login URL and input the code.
If you haven’t logged in as your Microsoft Account, please login.
10.
Login to VM
Now you can log in as a user.
If your account has “Virtual Machine Administrator Login” role,
you can “sudo” with the same way.
When you try “sudo”, the same login flow will be executed.
11.
Inside VM Login
The VM extension manages the authentication.
It also creates the home directory and makes required configuration.
0 likes
Be the first to like this
Views
Total views
1,961
On SlideShare
0
From Embeds
0
Number of Embeds
1,132
You have now unlocked unlimited access to 20M+ documents!
Unlimited Reading
Learn faster and smarter from top experts
Unlimited Downloading
Download to take your learnings offline and on the go
You also get free access to Scribd!
Instant access to millions of ebooks, audiobooks, magazines, podcasts and more.
Read and listen offline with any device.
Free access to premium services like Tuneln, Mubi and more.