Tobias Weisserth
My feedback
-
4 votesTobias Weisserth
supported this idea
·
An error occurred while saving the comment -
25 votes2 comments · Azure Active Directory » Role-based Access Control · Flag idea as inappropriate… · Admin →
An error occurred while saving the comment Tobias Weisserth
commented
I agree. The main issue with the devicelogin method is its interactive nature that rules out most use cases for SSH in the first place.
AAD gated jumpbox setups used for devops automation through Ansible and other tools require a friction-less, non-interactive workflow based on SSH public key authentication. The benefit of AAD in this scenario is tying the eligibility of logins to the existence of a valid AAD account with a saved key. If a user is terminated in AAD (because their employment ends or other reasons), the jumpbox requires no extra clean-up/management or configuration to clean up after local Linux users, their home directories and keys stored there.
In the current form, AAD Login in Linux is a gimmick. :(
Tobias Weisserth
supported this idea
·
-
241 votes
valid suggestion subject to upvote
An error occurred while saving the comment Tobias Weisserth
commented
If love to see Letsencrypt supported as well. Thanks!
Tobias Weisserth
supported this idea
·
Hey there,
I second this request.
Scenario: on-premises Linux VMs in edge compute locations outside of Azure with LUKS/dm-crypt volumes.
Desired solution: Tang server in Azure that leverages Azure Key Vault to manage secrets used by on-premises VMs using clevis client to unlock LUKS volumes at boot while VM is able to talk to Tang server in Azure via a private VPN connection.
thanks!