azure-cli: az network bastion cannot connect with native client.

In #19240, I recognizes that Azure Bastion native client is supported, but running the command doesn’t work. Would like to know if it is a potential bug, a limited offer, or a mistake in the command option argument.

Describe the bug

Command Name az network bastion ssh and az network bastion rdp

Errors: When I run az network bastion ssh, I get the following message and cannot connect through Bastion.

Exception in thread Thread-1:
Traceback (most recent call last):
  File "threading.py", line 932, in _bootstrap_inner
  File "threading.py", line 870, in run
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/network/custom.py", line 7757, in _start_tunnel
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/network/tunnel.py", line 183, in start_server
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/network/tunnel.py", line 118, in _listen
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/network/tunnel.py", line 105, in _get_auth_token
msrestazure.azure_exceptions.CloudError: Tunneling is disabled

Bastion-ssh-connect

When I run az network bastion rdp, I get the following dialog box and cannot connect through Bastion.

Bastion-rdp-connect

To Reproduce: An error will occur when you execute a command that includes the following command options.

az network bastion ssh --name {} --resource-group {} --target-resource-id {} --auth-type {} --username {} --resource-port 22 --verbose
az network bastion rdp --name {} --resource-group {} --target-resource-id {} --resource-port 3389 --verbose

Expected Behavior When I execute az network bastion ssh or az network bastion rdp, will be able to login and operate through Bastion.

Environment Summary

Windows-10-10.0.19041-SP0
Python 3.8.9
Installer: MSI

azure-cli 2.28.0

Extensions:
azure-firewall 0.12.0
ssh 0.1.6
stream-analytics 0.1.0

About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 1
Comments: 17 (6 by maintainers)

Commits related to this issue

[Network] Fix #19482: Azure Bastion AAD fix for new CLI core changes (#20648) * making changes to aad based on latest changes t ssh library and cli core * pylint fixes * pylint fixes * pyli... — committed to Azure/azure-cli by aavalang 3 years ago

Most upvoted comments

Sure, I’ve just emailed you these details.

Update: Just tried the same RDP command as in the documentation, which was not working as recently as December 9th. It works now. No changes to AZ CLI, Bastion configuration, destination VM or anything else on our end. There must’ve been some kind of an update in Azure that made it work.

VitalyMCT on Dec 13, 2021

@aavalang Are you referring to the setting in the screenshot below? It’s already enabled.

I am going by the instructions at https://docs.microsoft.com/en-ca/azure/bastion/connect-native-client-windows and believe everything is configured per them.

VitalyMCT on Dec 9, 2021

@VitalyMCT looks like TUnneling is not enabled on your bastion. You should be able to enable it from the configuration page of the Bastion on the azure portal. Please reach out if you are still blocked.

aavalang on Dec 9, 2021

@aavalang az-bastion-ssh works for me with version 2.31.

bobbyc on Dec 8, 2021

@aavalang, Thanks. I want to try it because it was a feature wanted in Bastion, but I’ll wait for the opportunity to make it available in public preview.

YuKogasaka on Sep 9, 2021

This command is actually behind a feature flag for the bastion called Tunneling. Let me update the error returned. Also, note that the feature is in preview.

aavalang on Sep 9, 2021