Azure bastion ssh to target IP address fails

[awolman]

Describe the bug

I get the following error when I run:

% az network bastion ssh --name armdev-bastion-host --target-ip-address 10.2.0.4 --resource-group alecw-armdev-server --auth-type "ssh-key" --username "alecw" --ssh-key "~/.ssh/keys/id_azurevm"
Command group 'az network' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Exception in thread Thread-1 (_start_tunnel):
Traceback (most recent call last):
File "/opt/az/lib/python3.11/threading.py", line 1038, in _bootstrap_inner
self.run()
File "/opt/az/lib/python3.11/threading.py", line 975, in run
self._target(*self._args, **self._kwargs)
File "/home/alecw/.azure/cliextensions/bastion/azext_bastion/custom.py", line 358, in _start_tunnel
tunnel_server.start_server()
File "/home/alecw/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 195, in start_server
self._listen()
File "/home/alecw/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 123, in _listen
auth_token = self._get_auth_token()
^^^^^^^^^^^^^^^^^^^^^^
File "/home/alecw/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 112, in _get_auth_token
self.last_token = response_json["authToken"]
~~~~~~~~~~~~~^^^^^^^^^^^^^
KeyError: 'authToken'

If, instead of specifying the target ip address, I use target-resource-id then I am able to connect to my VM.
Poking around, the issue is that I get a 404 on the request call in _get_auth_token(). The error handling code in get_auth_token is broken (raise exp is misplaced), but that isn't the real problem. I don't know what is causing the 404 error.

Related command

az network bastion ssh

Errors

Traceback (most recent call last):
File "/opt/az/lib/python3.11/threading.py", line 1038, in _bootstrap_inner
self.run()
File "/opt/az/lib/python3.11/threading.py", line 975, in run
self._target(*self._args, **self._kwargs)
File "/home/alecw/.azure/cliextensions/bastion/azext_bastion/custom.py", line 358, in _start_tunnel
tunnel_server.start_server()
File "/home/alecw/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 195, in start_server
self._listen()
File "/home/alecw/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 123, in _listen
auth_token = self._get_auth_token()
^^^^^^^^^^^^^^^^^^^^^^
File "/home/alecw/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 112, in _get_auth_token
self.last_token = response_json["authToken"]
~~~~~~~~~~~~~^^^^^^^^^^^^^
KeyError: 'authToken'

Issue script & Debug output

cli.knack.cli: Command arguments: ['network', 'bastion', 'ssh', '--debug', '--name', 'armdev-bastion-host', '--target-ip-address', '10.2.0.4', '--resource-group', 'alecw-armdev-server', '--auth-type', 'ssh-key', '--username', 'alecw', '--ssh-key', '~/.ssh/keys/id_azurevm']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7f51ab3b1440>, <function OutputProducer.on_global_arguments at 0x7f51ab355e40>, <function CLIQuery.on_global_arguments at 0x7f51ab16b920>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'network': ['azure.cli.command_modules.network', 'azure.cli.command_modules.privatedns', 'azext_bastion']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: network 0.652 114 354
cli.azure.cli.core: privatedns 0.016 14 60
cli.azure.cli.core: Total (2) 0.668 128 414
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: bastion 0.008 2 9 /home/alecw/.azure/cliextensions/bastion
cli.azure.cli.core: Total (1) 0.008 2 9
cli.azure.cli.core: Loaded 128 groups, 423 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : network bastion ssh
cli.azure.cli.core: Command table: network bastion ssh
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7f51aa4cc360>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/alecw/.azure/commands/2023-11-21.13-15-58.network_bastion_ssh.190898.log'.
az_command_data_logger: command args: network bastion ssh --debug --name {} --target-ip-address {} --resource-group {} --auth-type {} --username {} --ssh-key {}
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x7f51aa286840>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7f51aa3085e0>, <function register_cache_arguments..add_cache_arguments at 0x7f51aa308720>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7f51ab355ee0>, <function CLIQuery.handle_query_parameter at 0x7f51ab16b9c0>, <function register_ids_argument..parse_ids_arguments at 0x7f51aa308680>]
az_command_data_logger: extension name: bastion
az_command_data_logger: extension version: 0.2.6
Command group 'az network' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
cli.azure.cli.core.auth.persistence: build_persistence: location='/home/alecw/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /home/alecw/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/kerberos', 'tenant_region_scope': 'WW', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 8707f475-8804-4b6f-8162-8ec7851d21f8
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/e594f0cc-7915-4ef7-ab8f-9de56fb28d42/resourceGroups/alecw-armdev-server/providers/Microsoft.Network/bastionHosts/armdev-bastion-host?api-version=2022-01-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '298d79f9-88b3-11ee-a1fb-edc8893f4b9a'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network bastion ssh'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--debug --name --target-ip-address --resource-group --auth-type --username --ssh-key'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.54.0 (DEB) (AAZ) azsdk-python-core/1.26.0 Python/3.11.5 (Linux-5.15.133.1-microsoft-standard-WSL2-x86_64-with-glibc2.35)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/e594f0cc-7915-4ef7-ab8f-9de56fb28d42/resourceGroups/alecw-armdev-server/providers/Microsoft.Network/bastionHosts/armdev-bastion-host?api-version=2022-01-01 HTTP/1.1" 200 1688
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '1688'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'ETag': 'W/"ebb4310b-fafd-491c-8626-98913b5386f4"'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '0308ff30-840e-4193-9526-0e1f67d8b714'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '74aa9d8b-a143-4f1c-800f-1528a7d10871'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': '7996e96f-237b-4d74-a625-168fc1d8f233'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '11999'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'WESTUS2:20231121T211558Z:74aa9d8b-a143-4f1c-800f-1528a7d10871'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 9840BBBE9B8E43E384884AA724B55EBA Ref B: CO6AA3150217033 Ref C: 2023-11-21T21:15:57Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Tue, 21 Nov 2023 21:15:57 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"name": "armdev-bastion-host",
"id": "/subscriptions/e594f0cc-7915-4ef7-ab8f-9de56fb28d42/resourceGroups/alecw-armdev-server/providers/Microsoft.Network/bastionHosts/armdev-bastion-host",
"etag": "W/"ebb4310b-fafd-491c-8626-98913b5386f4"",
"type": "Microsoft.Network/bastionHosts",
"location": "westus2",
"properties": {
"provisioningState": "Succeeded",
"dnsName": "bst-5e2eec44-2362-43fd-af90-d2dbf37dbc20.bastion.azure.com",
"scaleUnits": 2,
"enableTunneling": true,
"enableIpConnect": true,
"disableCopyPaste": false,
"enableShareableLink": false,
"enableKerberos": false,
"ipConfigurations": [
{
"name": "IpConf",
"id": "/subscriptions/e594f0cc-7915-4ef7-ab8f-9de56fb28d42/resourceGroups/alecw-armdev-server/providers/Microsoft.Network/bastionHosts/armdev-bastion-host/bastionHostIpConfigurations/IpConf",
"etag": "W/"ebb4310b-fafd-491c-8626-98913b5386f4"",
"type": "Microsoft.Network/bastionHosts/bastionHostIpConfigurations",
"properties": {
"provisioningState": "Succeeded",
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "/subscriptions/e594f0cc-7915-4ef7-ab8f-9de56fb28d42/resourceGroups/alecw-armdev-server/providers/Microsoft.Network/publicIPAddresses/armdev-bastion-pip"
},
"subnet": {
"id": "/subscriptions/e594f0cc-7915-4ef7-ab8f-9de56fb28d42/resourceGroups/alecw-armdev-server/providers/Microsoft.Network/virtualNetworks/armdev-vnet/subnets/AzureBastionSubnet"
}
}
}
]
},
"sku": {
"name": "Standard"
}
}
cli.azext_bastion.tunnel: Creating a socket on port: 0
cli.azext_bastion.tunnel: Setting socket options
cli.azext_bastion.tunnel: Binding to socket on local address and port
cli.azext_bastion.tunnel: Auto-selecting port: 34763
cli.azext_bastion.tunnel: Finished initialization
cli.azext_bastion.custom: Running ssh command /usr/bin/ssh alecw@localhost -i ~/.ssh/keys/id_azurevm -p 34763 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Error
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/kerberos', 'tenant_region_scope': 'WW', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 819e42dc-d3a3-41e2-bd5a-648b0d6555fd
cli.azext_bastion.tunnel: Content: {'resourceId': '/subscriptions/e594f0cc-7915-4ef7-ab8f-9de56fb28d42/resourceGroups/alecw-armdev-server', 'protocol': 'tcptunnel', 'workloadHostPort': 22, 'aztoken': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlQxU3QtZExUdnlXUmd4Ql82NzZ1OGtyWFMtSSIsImtpZCI6IlQxU3QtZExUdnlXUmd4Ql82NzZ1OGtyWFMtSSJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuY29yZS53aW5kb3dzLm5ldC8iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83MmY5ODhiZi04NmYxLTQxYWYtOTFhYi0yZDdjZDAxMWRiNDcvIiwiaWF0IjoxNzAwNjAwOTQ4LCJuYmYiOjE3MDA2MDA5NDgsImV4cCI6MTcwMDYwNDk2NSwiX2NsYWltX25hbWVzIjp7Imdyb3VwcyI6InNyYzEifSwiX2NsYWltX3NvdXJjZXMiOnsic3JjMSI6eyJlbmRwb2ludCI6Imh0dHBzOi8vZ3JhcGgud2luZG93cy5uZXQvNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3L3VzZXJzL2Y4OGMyMzQ1LWIzNTEtNDE4OS05MTYxLWQwMTkwZWYxMWRkYS9nZXRNZW1iZXJPYmplY3RzIn19LCJhY3IiOiIxIiwiYWlvIjoiQVZRQXEvOFZBQUFBQ3gzSC82THQyTHZxL2VGUy9MMkpjS2E1T0toK2pQQ01sMVNHR3lmd2U0NVF0OElCa25OZzRYTnR5bit0VFh5NzF3MkpWZWIrYzFyTEVQOFZSS3BZdU9CM2ZLZEhFUUhPbzVDbTJZTkJoMms9IiwiYW1yIjpbInJzYSIsIm1mYSJdLCJhcHBpZCI6IjA0YjA3Nzk1LThkZGItNDYxYS1iYmVlLTAyZjllMWJmN2I0NiIsImFwcGlkYWNyIjoiMCIsImNhcG9saWRzX2xhdGViaW5kIjpbIjI5Mzk5Y2Y5LTliNmItNDIwNS1iNWIzLTEzYTEzNGU5YjIzMyJdLCJmYW1pbHlfbmFtZSI6IldvbG1hbiIsImdpdmVuX25hbWUiOiJBbGVjIiwiaWR0eXAiOiJ1c2VyIiwiaXBhZGRyIjoiNzEuMjMxLjEzOS44MSIsIm5hbWUiOiJBbGVjIFdvbG1hbiIsIm9pZCI6ImY4OGMyMzQ1LWIzNTEtNDE4OS05MTYxLWQwMTkwZWYxMWRkYSIsIm9ucHJlbV9zaWQiOiJTLTEtNS0yMS0yMTI3NTIxMTg0LTE2MDQwMTI5MjAtMTg4NzkyNzUyNy03Mzc0MzkiLCJwdWlkIjoiMTAwM0JGRkQ4MDFCRDM1NiIsInJoIjoiMC5BUUVBdjRqNWN2R0dyMEdScXkxODBCSGJSMFpJZjNrQXV0ZFB1a1Bhd2ZqMk1CTWFBTGsuIiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwic3ViIjoia29MT1BjczZMTzNZeFpCXzRfdDE5UGkxM25ESzFHYTI2VHZPQjRVeHZaRSIsInRpZCI6IjcyZjk4OGJmLTg2ZjEtNDFhZi05MWFiLTJkN2NkMDExZGI0NyIsInVuaXF1ZV9uYW1lIjoiYWxlY3dAbWljcm9zb2Z0LmNvbSIsInVwbiI6ImFsZWN3QG1pY3Jvc29mdC5jb20iLCJ1dGkiOiJwTWdJZXBSZExFMkVUalVVVlRzN0FBIiwidmVyIjoiMS4wIiwid2lkcyI6WyJiNzlmYmY0ZC0zZWY5LTQ2ODktODE0My03NmIxOTRlODU1MDkiXSwieG1zX2NhZSI6IjEiLCJ4bXNfY2MiOlsiQ1AxIl0sInhtc19maWx0ZXJfaW5kZXgiOlsiMSJdLCJ4bXNfcmQiOiIwLjQyTGxZQlJpWkFRQSIsInhtc19zc20iOiIxIiwieG1zX3RjZHQiOjEyODkyNDE1NDd9.dbf_F9hE-nu6fuaW4jpULoKcFeN8RvfKQ2LEt0AKrFfC0qF6AUuARiPZi-Dc6ChMaccKgVGpNkiDYZUx3oIeAwioyBxO8yUZ1L3zMHmbbFt8GFqpnv-OWI0-j3Jewz5PUox2WA8c7pVUmXSDtNAzrr9pjAcFPP2jvbSKcp81hhQcSl-irAX2Jw50WR1tEOp-Q_YfMKVsEAsQNuRAzJhxN3NN3SGLpcp5noteLqZgfbFBbNaa76mbEaMgj7Y8-uw3HKHfah_dgIpKOUPbKjbYegJQpuk0qcK0Mxs_gMVVhe48FojHcWWJFqXb3mea6t6Rw3iuhXqIHPFQzkWo64lf7A', 'token': None, 'hostname': '10.2.0.4'}
urllib3.connectionpool: Starting new HTTPS connection (1): bst-5e2eec44-2362-43fd-af90-d2dbf37dbc20.bastion.azure.com:443
urllib3.connectionpool: https://bst-5e2eec44-2362-43fd-af90-d2dbf37dbc20.bastion.azure.com:443 "POST /api/tokens HTTP/1.1" 404 None
msrest.exceptions: Resource type cannot be detected: /subscriptions/e594f0cc-7915-4ef7-ab8f-9de56fb28d42/resourceGroups/alecw-armdev-server
Exception in thread Thread-1 (_start_tunnel):
Traceback (most recent call last):
File "/opt/az/lib/python3.11/threading.py", line 1038, in _bootstrap_inner
self.run()
File "/opt/az/lib/python3.11/threading.py", line 975, in run
self._target(*self._args, **self._kwargs)
File "/home/alecw/.azure/cliextensions/bastion/azext_bastion/custom.py", line 358, in _start_tunnel
tunnel_server.start_server()
File "/home/alecw/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 195, in start_server
self._listen()
File "/home/alecw/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 123, in _listen
auth_token = self._get_auth_token()
^^^^^^^^^^^^^^^^^^^^^^
File "/home/alecw/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 112, in _get_auth_token
self.last_token = response_json["authToken"]
~~~~~~~~~~~~~^^^^^^^^^^^^^
KeyError: 'authToken'

Expected behavior

I expected the ssh connection to succeed in connecting to the azure vm.

Environment Summary

azure-cli 2.54.0

core 2.54.0
telemetry 1.1.0

Extensions:
bastion 0.2.6
ssh 2.0.2

Dependencies:
msal 1.24.0b2
azure-mgmt-resource 23.1.0b2

Python location '/opt/az/bin/python3'
Extensions directory '/home/alecw/.azure/cliextensions'

Python (Linux) 3.11.5 (main, Nov 8 2023, 05:20:54) [GCC 11.4.0]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

Additional context

No response

[yonzhan]

Thank you for opening this issue, we will look into it.

[microsoft-github-policy-service]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.

[microsoft-github-policy-service]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @bastionsuppgithub.

[11lein]

same issue with version 0.2.6 and auth-type AAD
az extension add -n bastion --version 0.2.5 --upgrade worked for me

[aavalang]

fixed by #7023, please use 0.2.7