Sample terminal session and ssh configuration to be used in combination with Pomerium and Microsoft Azure

.bashrc

# ~/.bashrc 

# exported variable for SSH jump host
export SSH_JUMPHOST='{{ hostname }}'

# Creates a short lived SSH certificate signed by AAD. 
# Requires public key file creating using the command - ssh-keygen -t rsa -b 4096 
alias az_ssh_cert='az ssh cert --public-key-file ~/.ssh/id_rsa.pub --file ~/.ssh/id_rsa-aadcert.pub'

# Connects to the target host first by making a connection to the jump host and then establishing
# tcp forwarding to the destination.
# $1 - username, $2 - destination address
alias ssh_j='function _(){ ssh -J $1@$SSH_JUMPHOST $1@$2; }; _'

# Connects to the target host first by making a connection to the host and then establishing a SSH tunnel 
# from the destination to the localhost.
# $1 - local listening port, $2 - destination address, $3 - destination port, $4 -  username 
alias ssh_l='function _(){ ssh -L localhost:$1:$2:$3 $4@$SSH_JUMPHOST -N; }; _'

config

# ~/.ssh/config 

Host {{ ssh jump host }} 
  User {{ username }}
  ProxyCommand /usr/bin/pomerium-cli tcp --listen - %h:%p
  CertificateFile /home/{{ username }}/.ssh/id_rsa-aadcert.pub
  IdentityFile /home/{{ username }}/.ssh/id_rsa

Host {{ destination }}
  User {{ username }}
  CertificateFile /home/{{ username }}/.ssh/id_rsa-aadcert.pub
  IdentityFile /home/{{ username }}/.ssh/id_rsa