From bc0fc4088d4710ec09978e3fb6a1ef4bfa14b4d3 Mon Sep 17 00:00:00 2001 From: Vivian Thiebaut Date: Wed, 10 Dec 2025 16:03:06 -0500 Subject: [PATCH 1/2] Change the scope of AT request to MSAL to AADSSHLoginForLinux app id --- src/ssh/azext_ssh/custom.py | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/src/ssh/azext_ssh/custom.py b/src/ssh/azext_ssh/custom.py index 13baf9e3388..6cda73a2d2a 100644 --- a/src/ssh/azext_ssh/custom.py +++ b/src/ssh/azext_ssh/custom.py @@ -205,18 +205,12 @@ def _do_ssh_op(cmd, op_info, op_call): def _get_and_write_certificate(cmd, public_key_file, cert_file, ssh_client_folder): - cloudtoscope = { - "azurecloud": "https://pas.windows.net/CheckMyAccess/Linux/.default", - "azurechinacloud": "https://pas.chinacloudapi.cn/CheckMyAccess/Linux/.default", - "azureusgovernment": "https://pasff.usgovcloudapi.net/CheckMyAccess/Linux/.default" - } - scope = cloudtoscope.get(cmd.cli_ctx.cloud.name.lower(), None) - if not scope: - raise azclierror.InvalidArgumentValueError( - f"Unsupported cloud {cmd.cli_ctx.cloud.name.lower()}", - "Supported clouds include azurecloud,azurechinacloud,azureusgovernment") + scope = 'ce6ff14a-7fdc-4685-bbe0-f6afdfcfa8e0' scopes = [scope] + + logger.debug(scopes) + data = _prepare_jwk_data(public_key_file) from azure.cli.core._profile import Profile profile = Profile(cli_ctx=cmd.cli_ctx) From 306e9610f8c9e404f39b3f41cbdda28db0de4b4f Mon Sep 17 00:00:00 2001 From: Vivian Thiebaut Date: Thu, 26 Feb 2026 14:24:18 -0500 Subject: [PATCH 2/2] Add EntraID SSH Login for Linux Server App ID to constants --- src/ssh/azext_ssh/constants.py | 1 + src/ssh/azext_ssh/custom.py | 5 +---- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/ssh/azext_ssh/constants.py b/src/ssh/azext_ssh/constants.py index b75c616cf7c..485504bb754 100644 --- a/src/ssh/azext_ssh/constants.py +++ b/src/ssh/azext_ssh/constants.py @@ -5,6 +5,7 @@ from colorama import Fore from colorama import Style +AADSSHLOGINFORLINUX_SERVER_APP_ID = 'ce6ff14a-7fdc-4685-bbe0-f6afdfcfa8e0' AGENT_MINIMUM_VERSION_MAJOR = 1 AGENT_MINIMUM_VERSION_MINOR = 31 CLIENT_PROXY_VERSION = "1.3.026973" diff --git a/src/ssh/azext_ssh/custom.py b/src/ssh/azext_ssh/custom.py index 6cda73a2d2a..0123fff6121 100644 --- a/src/ssh/azext_ssh/custom.py +++ b/src/ssh/azext_ssh/custom.py @@ -205,12 +205,9 @@ def _do_ssh_op(cmd, op_info, op_call): def _get_and_write_certificate(cmd, public_key_file, cert_file, ssh_client_folder): - scope = 'ce6ff14a-7fdc-4685-bbe0-f6afdfcfa8e0' - + scope = f'{const.AADSSHLOGINFORLINUX_SERVER_APP_ID}/.default' scopes = [scope] - logger.debug(scopes) - data = _prepare_jwk_data(public_key_file) from azure.cli.core._profile import Profile profile = Profile(cli_ctx=cmd.cli_ctx)