Skip to content

Typo in execution sh file (at AADSSHLoginForLinux extension installation) #32121

Description

@rrron

Describe the bug

Hello, recently we've noticed an issue at AADSSHLoginForLinux extension installation, our environment is obligated to use no_proxy, https_proxy and http_proxy env variables, all attempts ends with the connection error specified below...

Related command

az vm extension set --publisher Microsoft.Azure.ActiveDirectory --name AADSSHLoginForLinux --resource-group example-rg-01 --vm-name example-vm-01

Errors

(VMExtensionHandlerNonTransientError) The handler for VM extension type 'Microsoft.Azure.ActiveDirectory.AADSSHLoginForLinux' has reported terminal failure for VM extension 'AADSSHLoginForLinux' with error message: '[ExtensionOperationError] Non-zero exit code: 20, /var/lib/waagent/Microsoft.Azure.ActiveDirectory.AADSSHLoginForLinux-1.0.3162.1/./installer.sh install
[stdout]
Machine OS: rocky v9.6 x86_64
OS similar to: rhel
Installing...
This is an Azure machine
Configuring microsoft-prod repo

[stderr]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 16 100 16 0 0 1333 0 --:--:-- --:--:-- --:--:-- 1454
curl: (28) Failed to connect to packages.microsoft.com port 443: Connection timed out
Cannot access https://packages.microsoft.com. Make sure this URL is not blocked by a firewall

'.

'Install handler failed for the extension. More information on troubleshooting is available at https://aka.ms/vmextensionlinuxtroubleshoot'

Issue script & Debug output

/var/lib/waagent/Microsoft.Azure.ActiveDirectory.AADSSHLoginForLinux-1.0.3162.1/./installer.sh line 346:
local httpCode=$(curl -f -sL -w "%{http_code}\n" -I "$1" -o /dev/nul)

check_url_exists has a bug that can mask or misclassify network/proxy issues. Line: local httpCode=$(curl -f -sL -w "%{http_code}\n" -I "$1" -o /dev/nul) Typo: /dev/nul (should be /dev/null).

This makes curl fail opening the output file, returning a nonzero exit code; httpCode becomes empty.
The function then interprets it as an access issue and may exit with ERROR_DOWNLOAD or wrongly treat the repo as unsupported.
Under a proxy this can appear as “cannot access” even if connectivity would have worked.

Expected behavior

az extension should be installed without issues using system proxy environment variables

Environment Summary

azure-cli 2.77.0

core 2.77.0
telemetry 1.1.0

Dependencies:
msal 1.34.0b1
azure-mgmt-resource 23.3.0

Python location '/usr/bin/python3.12'
Config directory '/root/.azure'
Extensions directory '/root/.azure/cliextensions'

Python (Linux) 3.12.9 (main, Aug 14 2025, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-5)]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

Additional context

The research is already completed and the solution is described, using the fix locally - worked for us, but it should be fixed from the azure-cli side to minimize the possible issues.
Thanks!

Metadata

Metadata

Assignees

Labels

Computeaz vm/vmss/image/disk/snapshotService AttentionThis issue is responsible by Azure service team.act-observability-squadquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions