Skip to content

Instantly share code, notes, and snippets.

@deangrant
Last active May 26, 2022 07:00
Show Gist options
  • Save deangrant/a9614447d82f580b68872d803c69cbbc to your computer and use it in GitHub Desktop.
Save deangrant/a9614447d82f580b68872d803c69cbbc to your computer and use it in GitHub Desktop.
Sample terminal session and ssh configuration to be used in combination with Pomerium and Microsoft Azure
# ~/.bashrc
# exported variable for SSH jump host
export SSH_JUMPHOST='{{ hostname }}'
# Creates a short lived SSH certificate signed by AAD.
# Requires public key file creating using the command - ssh-keygen -t rsa -b 4096
alias az_ssh_cert='az ssh cert --public-key-file ~/.ssh/id_rsa.pub --file ~/.ssh/id_rsa-aadcert.pub'
# Connects to the target host first by making a connection to the jump host and then establishing
# tcp forwarding to the destination.
# $1 - username, $2 - destination address
alias ssh_j='function _(){ ssh -J $1@$SSH_JUMPHOST $1@$2; }; _'
# Connects to the target host first by making a connection to the host and then establishing a SSH tunnel
# from the destination to the localhost.
# $1 - local listening port, $2 - destination address, $3 - destination port, $4 - username
alias ssh_l='function _(){ ssh -L localhost:$1:$2:$3 $4@$SSH_JUMPHOST -N; }; _'
# ~/.ssh/config
Host {{ ssh jump host }}
User {{ username }}
ProxyCommand /usr/bin/pomerium-cli tcp --listen - %h:%p
CertificateFile /home/{{ username }}/.ssh/id_rsa-aadcert.pub
IdentityFile /home/{{ username }}/.ssh/id_rsa
Host {{ destination }}
User {{ username }}
CertificateFile /home/{{ username }}/.ssh/id_rsa-aadcert.pub
IdentityFile /home/{{ username }}/.ssh/id_rsa
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment