scarstens/azure-cli-jumphost-setup.md

## azure-cli-jumphost-setup.md

      
    Raw
  

              azure-cli-jumphost-setup.md
            
          
    Azure CLI and Jumphost Setup

Powered by https://4sysops.com/archives/deploying-an-azure-jumpbox-jump-server/
Install Azure CLI

brew update && brew install azure-cli
then login
az login
Configure Defaults

Determine location

https://app.cacher.io/ az account list-locations --output table
Set config (https://docs.microsoft.com/en-us/cli/azure/azure-cli-configuration)

az config set defaults.location=eastus2 defaults.group=MyResourceGroup
Create VM for Jumnphost

Template:
az vm create --image UbuntuLTS --generate-ssh-keys --admin-username CHANGEME --location useast2 --name CHANGEME --resource-group CHANGEME --size Standard_D3_v2 --vnet-name CHANGEME --subnet CHANGEME --public-ip-sku Standard --nsg "" --output table
Sample:
az vm create --image UbuntuLTS --generate-ssh-keys --admin-username fliposadmin --location eastus2 --name flipos.jumphost.1 --resource-group flipos-primary --size Standard_D3_v2 --vnet-name FlipOSnet --subnet jumpbox --public-ip-sku Standard --nsg "" --output table
Install Azure AD to the VM

Template:
az vm extension set --publisher Microsoft.Azure.ActiveDirectory.LinuxSSH --name AADLoginForLinux --resource-group CHANGEME --vm-name CHANGEME
Example:
az vm extension set --publisher Microsoft.Azure.ActiveDirectory.LinuxSSH --name AADLoginForLinux --resource-group flipos-primary --vm-name flipos.jumphost.1
Setup Resource Group PErmissions for AzureAD Access

Browse to the Access Control (IAM) tab and select Add role assignment. The role you are after is either Virtual Machine Administrator Login or Virtual Machine User Login. I am going to select the admin permission, but both work. Now select your AAD user, likely the one you are currently logged in as. Click Save and then head back to the Cloud Shell or any SSH client you have access to. Remember the public IP? Good.