Tobias Weisserth

My feedback

  1. 4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security and Compliance  ·  Flag idea as inappropriate…  ·  Admin →
    Tobias Weisserth supported this idea  · 
    An error occurred while saving the comment
    Tobias Weisserth commented  · 

    Hey there,

    I second this request.

    Scenario: on-premises Linux VMs in edge compute locations outside of Azure with LUKS/dm-crypt volumes.

    Desired solution: Tang server in Azure that leverages Azure Key Vault to manage secrets used by on-premises VMs using clevis client to unlock LUKS volumes at boot while VM is able to talk to Tang server in Azure via a private VPN connection.

    thanks!

  2. 25 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Tobias Weisserth commented  · 

    I agree. The main issue with the devicelogin method is its interactive nature that rules out most use cases for SSH in the first place.

    AAD gated jumpbox setups used for devops automation through Ansible and other tools require a friction-less, non-interactive workflow based on SSH public key authentication. The benefit of AAD in this scenario is tying the eligibility of logins to the existence of a valid AAD account with a saved key. If a user is terminated in AAD (because their employment ends or other reasons), the jumpbox requires no extra clean-up/management or configuration to clean up after local Linux users, their home directories and keys stored there.

    In the current form, AAD Login in Linux is a gimmick. :(

    Tobias Weisserth supported this idea  · 
  3. 241 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    15 comments  ·  Networking » Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Tobias Weisserth commented  · 

    If love to see Letsencrypt supported as well. Thanks!

    Tobias Weisserth supported this idea  · 

Feedback and Knowledge Base