In the debug log we can see that some request is made to the tenant of the active subscription.
DEBUG: cli.knack.cli: Command arguments: ['ssh', 'vm', '--subscription', '<TARGET SUBSCRIPTION ID>', '--ip', '<TARGET VM IP>', '--debug']
DEBUG: cli.knack.cli: __init__ debug log:
Cannot enable color.
DEBUG: cli.knack.cli: Event: Cli.PreExecute []
DEBUG: cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x710a9c19e660>, <function OutputProducer.on_global_arguments at 0x710a9bf11b20>, <function CLIQuery.on_global_arguments at 0x710a9bf47600>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
DEBUG: cli.azure.cli.core: Modules found from index for 'ssh': ['azext_ssh']
DEBUG: cli.azure.cli.core: Loading command modules:
DEBUG: cli.azure.cli.core: Name Load Time Groups Commands
DEBUG: cli.azure.cli.core: Total (0) 0.000 0 0
DEBUG: cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
DEBUG: cli.azure.cli.core: Loading extensions:
DEBUG: cli.azure.cli.core: Name Load Time Groups Commands Directory
DEBUG: cli.azure.cli.core: ssh 0.179 1 4 /home/<user>/.azure/cliextensions/ssh
DEBUG: cli.azure.cli.core: Total (1) 0.179 1 4
DEBUG: cli.azure.cli.core: Loaded 1 groups, 4 commands.
DEBUG: cli.azure.cli.core: Found a match in the command table.
DEBUG: cli.azure.cli.core: Raw command : ssh vm
DEBUG: cli.azure.cli.core: Command table: ssh vm
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x710a9b1dde40>]
DEBUG: cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/<user>/.azure/commands/2024-10-17.16-05-45.ssh_vm.44094.log'.
INFO: az_command_data_logger: command args: ssh vm --subscription {} --ip {} --debug
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x710a9b2145e0>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x710a9b036520>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x710a9b036660>, <function register_upcoming_breaking_change_info.<locals>.update_breaking_change_info at 0x710a9b036700>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x710a9bf11bc0>, <function CLIQuery.handle_query_parameter at 0x710a9bf476a0>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x710a9b0365c0>]
INFO: az_command_data_logger: extension name: ssh
INFO: az_command_data_logger: extension version: 2.0.5
DEBUG: cli.azure.cli.core.commands.client_factory: Getting management service client client_type=ComputeManagementClient
DEBUG: cli.azure.cli.core.auth.persistence: build_persistence: location='/home/<user>/.azure/msal_token_cache.json', encrypt=False
DEBUG: cli.azure.cli.core.auth.binary_cache: load: /home/<user>/.azure/msal_http_cache.bin
DEBUG: urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
DEBUG: msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/<TARGET TENANT ID>
DEBUG: msal.authority: openid_config("https://login.microsoftonline.com/<TARGET TENANT ID>/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/<TARGET TENANT ID>/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/<TARGET TENANT ID>/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/<TARGET TENANT ID>/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/<TARGET TENANT ID>/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/<TARGET TENANT ID>/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/<TARGET TENANT ID>/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/<TARGET TENANT ID>/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
DEBUG: msal.application: Broker enabled? None
DEBUG: cli.azext_ssh.ssh_utils: Running ssh-keygen command ssh-keygen -f /tmp/aadsshcertbf_lqcdb/id_rsa -t rsa -q -N
DEBUG: urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
DEBUG: msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/<ACTIVE TENANT ID>
DEBUG: msal.authority: openid_config("https://login.microsoftonline.com/<ACTIVE TENANT ID>/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/<ACTIVE TENANT ID>/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/<ACTIVE TENANT ID>/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/<ACTIVE TENANT ID>/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/<ACTIVE TENANT ID>/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/<ACTIVE TENANT ID>/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/<ACTIVE TENANT ID>/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/<ACTIVE TENANT ID>/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
DEBUG: msal.application: Broker enabled? None
DEBUG: cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://pas.windows.net/CheckMyAccess/Linux/.default',), kwargs={'data': {'token_type': 'ssh-cert', 'req_cnf': '{"kty": "RSA", "n": "*****", "e": "AQAB", "kid": "*****"}', 'key_id': '*****'}}
DEBUG: cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('https://pas.windows.net/CheckMyAccess/Linux/.default',), claims=None, kwargs={'data': {'token_type': 'ssh-cert', 'req_cnf': '{"kty": "RSA", "n": "*****", "e": "AQAB", "kid": "*****"}', 'key_id': '*****'}}
DEBUG: msal.application: Found 1 RTs matching {'environment': 'login.microsoftonline.com', 'home_account_id': '********.e0cb408c-c0f8-4164-819b-6bbca860207b', 'family_id': '1'}
DEBUG: msal.telemetry: Generate or reuse correlation_id: 60e11f6f-4514-46c4-900c-59218814cc05
DEBUG: msal.application: Cache attempts an RT
DEBUG: urllib3.connectionpool: Starting new HTTPS connection (1): login.microsoftonline.com:443
DEBUG: urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /<ACTIVE TENANT ID>/oauth2/v2.0/token HTTP/1.1" 200 5257
DEBUG: msal.token_cache: event={
"client_id": "04b07795-8ddb-461a-bbee-02f9e1bf7b46",
"data": {
"claims": "{\"access_token\": {\"xms_cc\": {\"values\": [\"CP1\"]}}}",
"key_id": "*****",
"refresh_token": "********",
"req_cnf": "{\"kty\": \"RSA\", \"n\": \"*****\", \"e\": \"AQAB\", \"kid\": \"*****\"}",
"scope": [
"profile",
"https://pas.windows.net/CheckMyAccess/Linux/.default",
"openid",
"offline_access"
],
"token_type": "ssh-cert"
},
"environment": "login.microsoftonline.com",
"grant_type": "refresh_token",
"params": null,
"response": {
"access_token": "********",
"client_info": "*****",
"expires_in": 3599,
"ext_expires_in": 3599,
"foci": "1",
"id_token": "********",
"scope": "https://pas.windows.net/CheckMyAccess/Linux/user_impersonation https://pas.windows.net/CheckMyAccess/Linux/.default",
"token_type": "ssh-cert"
},
"scope": [
"https://pas.windows.net/CheckMyAccess/Linux/user_impersonation",
"https://pas.windows.net/CheckMyAccess/Linux/.default"
],
"skip_account_creation": true,
"token_endpoint": "https://login.microsoftonline.com/<ACTIVE TENANT ID>/oauth2/v2.0/token"
}
DEBUG: cli.azext_ssh.custom: Generating certificate /tmp/aadsshcertbf_lqcdb/id_rsa.pub-aadcert.pub
DEBUG: cli.azext_ssh.ssh_utils: Running ssh-keygen command ssh-keygen -L -f /tmp/aadsshcertbf_lqcdb/id_rsa.pub-aadcert.pub
DEBUG: cli.azext_ssh.ssh_utils: Running ssh command ssh <TARGET VM IP> -l <username> -i /tmp/aadsshcertbf_lqcdb/id_rsa -o CertificateFile="/tmp/aadsshcertbf_lqcdb/id_rsa.pub-aadcert.pub" -vvv
OpenSSH_8.9p1 Ubuntu-3ubuntu0.10, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/<user>/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/<user>/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/<user>/.ssh/known_hosts2'
debug2: resolving "<TARGET VM IP>" port 22
debug3: resolve_host: lookup <TARGET VM IP>:22
debug3: ssh_connect_direct: entering
debug1: Connecting to <TARGET VM IP> [20.73.103.32] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /tmp/aadsshcertbf_lqcdb/id_rsa type 0
debug1: certificate file /tmp/aadsshcertbf_lqcdb/id_rsa.pub-aadcert.pub type 4
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.10 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to <TARGET VM IP>:22 as '<username>'
debug3: record_hostkey: found key type ED25519 in file /home/<user>/.ssh/known_hosts:4
debug3: record_hostkey: found key type RSA in file /home/<user>/.ssh/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file /home/<user>/.ssh/known_hosts:6
debug3: load_hostkeys_file: loaded 3 keys from <TARGET VM IP>
debug1: load_hostkeys: fopen /home/<user>/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,kex-strict-s-v00@openssh.com
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: kex_choose_conf: will use strict KEX ordering
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:BqmrW23nPe3FKGKuT8crKt7r1vy/gkcvXpVxmf6wXHo
debug3: record_hostkey: found key type ED25519 in file /home/<user>/.ssh/known_hosts:4
debug3: record_hostkey: found key type RSA in file /home/<user>/.ssh/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file /home/<user>/.ssh/known_hosts:6
debug3: load_hostkeys_file: loaded 3 keys from <TARGET VM IP>
debug1: load_hostkeys: fopen /home/<user>/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '<TARGET VM IP>' is known and matches the ED25519 host key.
debug1: Found key in /home/<user>/.ssh/known_hosts:4
debug3: send packet: type 21
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 2 keys
debug1: Will attempt key: /tmp/aadsshcertbf_lqcdb/id_rsa.pub-aadcert.pub RSA-CERT SHA256:3AFdxeW/Z2RY8RCXOgZBp+Sn2voBePfXWxR2eO64Wpo explicit
debug1: Will attempt key: /home/<user>/.ssh/id_rsa RSA SHA256:ZSnrcCoZ7UM1vt3mA0QGtXLiZR+wsh/G2xjYmfD2hVY agent
debug1: Will attempt key: keys/jenkins RSA SHA256:epUyuPLLZQwl2RiCDLxQDgDV20LvDxO0aB522rOAJlQ agent
debug1: Will attempt key: /tmp/aadsshcertbf_lqcdb/id_rsa RSA SHA256:3AFdxeW/Z2RY8RCXOgZBp+Sn2voBePfXWxR2eO64Wpo explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /tmp/aadsshcertbf_lqcdb/id_rsa.pub-aadcert.pub RSA-CERT SHA256:3AFdxeW/Z2RY8RCXOgZBp+Sn2voBePfXWxR2eO64Wpo explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Offering public key: /home/<user>/.ssh/id_rsa RSA SHA256:ZSnrcCoZ7UM1vt3mA0QGtXLiZR+wsh/G2xjYmfD2hVY agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Offering public key: keys/jenkins RSA SHA256:epUyuPLLZQwl2RiCDLxQDgDV20LvDxO0aB522rOAJlQ agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Offering public key: /tmp/aadsshcertbf_lqcdb/id_rsa RSA SHA256:3AFdxeW/Z2RY8RCXOgZBp+Sn2voBePfXWxR2eO64Wpo explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
<username>@<TARGET VM IP>: Permission denied (publickey).
DEBUG: cli.knack.cli: Event: CommandInvoker.OnTransformResult [<function _resource_group_transform at 0x710a9b2174c0>, <function _x509_from_base64_to_hex_transform at 0x710a9b217560>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnFilterResult []
DEBUG: cli.knack.cli: Event: Cli.SuccessfulExecute []
DEBUG: cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x710a9b1de0c0>]
INFO: az_command_data_logger: exit code: 0
INFO: cli.__main__: Command ran in 2.465 seconds (init: 0.147, invoke: 2.317)
INFO: telemetry.main: Begin splitting cli events and extra events, total events: 1
INFO: telemetry.client: Accumulated 0 events. Flush the clients.
INFO: telemetry.main: Finish splitting cli events and extra events, cli events: 1
INFO: telemetry.save: Save telemetry record of length 4276 in cache file under /home/<user>/.azure/telemetry/20241017160547931
INFO: telemetry.main: Begin creating telemetry upload process.
INFO: telemetry.process: Creating upload process: "/opt/az/bin/python3 /opt/az/lib/python3.11/site-packages/azure/cli/telemetry/__init__.py /home/<user>/.azure /home/<user>/.azure/telemetry/20241017160547931"
INFO: telemetry.process: Return from creating process 44103
INFO: telemetry.main: Finish creating telemetry upload process.
should also work.
Describe the bug
When using the
--subscriptionflag withaz ssh vm, I can't access a VM that lives inside a subscription of a different tenant than the tenant of the active subscription.Related command
az ssh vmErrors
Issue script & Debug output
In the debug log we can see that some request is made to the tenant of the active subscription.
Expected behavior
If this works:
then
should also work.
Environment Summary
Additional context
No response