Unable to SSH the Azure VM using AAD

[tamilselvam-NB]

Describe the bug

I'm trying to run the command using az ssh vm but getting the error

Related command

az ssh vm --resource-group my-rg --name linux-vm -- "echo hello"

Errors

/tmp/aadsshcert6cxcpl3r/id_rsa.pub-aadcert.pub:1: invalid key: invalid format
The command failed with an unexpected error. Here is the traceback:
Command '['ssh-keygen', '-L', '-f', '/tmp/aadsshcert6cxcpl3r/id_rsa.pub-aadcert.pub']' returned non-zero exit status 1.
Traceback (most recent call last):
File "/opt/az/lib/python3.13/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 682, in execute
raise ex
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 812, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 781, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 336, in call
return self.handler(*args, **kwargs)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/command_operation.py", line 120, in handler
return op(**command_args)
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/custom.py", line 65, in ssh_vm
_do_ssh_op(cmd, ssh_session, op_call)
~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/custom.py", line 178, in _do_ssh_op
op_info.cert_file, op_info.local_user = _get_and_write_certificate(cmd, op_info.public_key_file,
~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
None, op_info.ssh_client_folder)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/custom.py", line 244, in _get_and_write_certificate
username = ssh_utils.get_ssh_cert_principals(cert_file, ssh_client_folder)[0]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/ssh_utils.py", line 216, in get_ssh_cert_principals
info = get_ssh_cert_info(cert_file, ssh_client_folder)
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/ssh_utils.py", line 180, in get_ssh_cert_info
return subprocess.check_output(command).decode().splitlines()
~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^
File "/opt/az/lib/python3.13/subprocess.py", line 472, in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**kwargs).stdout
^^^^^^^^^
File "/opt/az/lib/python3.13/subprocess.py", line 577, in run
raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['ssh-keygen', '-L', '-f', '/tmp/aadsshcert6cxcpl3r/id_rsa.pub-aadcert.pub']' returned non-zero exit status 1.

Issue script & Debug output

az ssh vm --resource-group ui-ukwest-teamnandi --name linux-vm-1 -- "echo hello" --debug
cli.knack.cli: Command arguments: ['ssh', 'vm', '--resource-group', 'ui-ukwest-teamnandi', '--name', 'linux-vm-1', '--', 'echo hello', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x768609f7e840>, <function OutputProducer.on_global_arguments at 0x768609d0e700>, <function CLIQuery.on_global_arguments at 0x768609d44860>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'ssh': ['azext_ssh']
cli.azure.cli.core: Loading command modules...
cli.azure.cli.core: Loaded command modules in parallel:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: ssh 0.281 1 4 /u/tamilsel/.azure/cliextensions/ssh
cli.azure.cli.core: Total (1) 0.281 1 4
cli.azure.cli.core: Loaded 1 groups, 4 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : ssh vm
cli.azure.cli.core: Command table: ssh vm
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x768608f17420>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/u/tamilsel/.azure/commands/2026-04-10.21-07-19.ssh_vm.1136479.log'.
az_command_data_logger: command args: ssh vm --resource-group {} --name {} -- {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x768608f68f40>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x768608f6b1a0>, <function register_cache_arguments..add_cache_arguments at 0x768608f6b380>, <function register_upcoming_breaking_change_info..update_breaking_change_info at 0x768608f6b420>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x768609d0e7a0>, <function CLIQuery.handle_query_parameter at 0x768609d44900>, <function register_ids_argument..parse_ids_arguments at 0x768608f6b240>]
az_command_data_logger: extension name: ssh
az_command_data_logger: extension version: 2.0.6
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=ResourceManagementClient
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token_info: scopes=('https://management.core.windows.net//.default',), options={}
cli.azure.cli.core.auth.msal_credentials: ManagedIdentityCredential.acquire_token: scopes=['https://management.core.windows.net//.default'], kwargs={}
msal.managed_identity: Obtaining token via managed identity on Azure Arc
urllib3.connectionpool: Starting new HTTP connection (1): localhost:40342
urllib3.connectionpool: http://localhost:40342 "GET /metadata/identity/oauth2/token?api-version=2020-06-01&resource=https%3A%2F%2Fmanagement.core.windows.net%2F HTTP/1.1" 401 253
urllib3.connectionpool: http://localhost:40342 "GET /metadata/identity/oauth2/token?api-version=2020-06-01&resource=https%3A%2F%2Fmanagement.core.windows.net%2F HTTP/1.1" 200 None
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/resources?$filter=name%20eq%20%27linux-vm-1%27&api-version=2025-04-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '4294404a-3521-11f1-bb3c-0050568d0755'
cli.azure.cli.core.sdk.policies: 'CommandName': 'ssh vm'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --name -- --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.84.0 (DEB) azsdk-python-core/1.38.0 Python/3.13.11 (Linux-6.8.0-107-generic-x86_64-with-glibc2.39)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/resources?$filter=name%20eq%20%27linux-vm-1%27&api-version=2025-04-01 HTTP/1.1" 200 952
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '952'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '1099'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '16499'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'd08f1b6f-377b-461d-9f39-2fef11ef2e6d'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'd08f1b6f-377b-461d-9f39-2fef11ef2e6d'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'EASTUS:20260410T210720Z:d08f1b6f-377b-461d-9f39-2fef11ef2e6d'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 0526D884A9834DFB87F2A64B9F9D03C0 Ref B: MNZ221060619033 Ref C: 2026-04-10T21:07:20Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 10 Apr 2026 21:07:19 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"value":[{"id":"/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1","name":"linux-vm-1","type":"Microsoft.Compute/virtualMachines","location":"ukwest","identity":{"principalId":"1dd33f93-83dd-4490-b282-addf87ad2b8b","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned, UserAssigned","userAssignedIdentities":{"/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/AzSecPackAutoConfigRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/AzSecPackAutoConfigUA-ukwest":}},"tags":{"Environment":"TESTING","ManagedBy":"terraform","AzSecPackAutoConfigReady":"true","azsecpack":"nonprod","CreatedOnDate":"2026-04-10T07:04:43.8240287Z","platformsettings.host_environment.service.platform_optedin_for_rootcerts":"true"}}]}
cli.azext_ssh.resource_type_utils: Target Resource Type: Microsoft.Compute/virtualMachines
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=ComputeManagementClient
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token_info: scopes=('https://management.core.windows.net//.default',), options={}
cli.azure.cli.core.auth.msal_credentials: ManagedIdentityCredential.acquire_token: scopes=['https://management.core.windows.net//.default'], kwargs={}
msal.managed_identity: Obtaining token via managed identity on Azure Arc
urllib3.connectionpool: Starting new HTTP connection (1): localhost:40342
urllib3.connectionpool: http://localhost:40342 "GET /metadata/identity/oauth2/token?api-version=2020-06-01&resource=https%3A%2F%2Fmanagement.core.windows.net%2F HTTP/1.1" 401 253
urllib3.connectionpool: http://localhost:40342 "GET /metadata/identity/oauth2/token?api-version=2020-06-01&resource=https%3A%2F%2Fmanagement.core.windows.net%2F HTTP/1.1" 200 None

cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1?api-version=2024-11-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '4294404a-3521-11f1-bb3c-0050568d0755'
cli.azure.cli.core.sdk.policies: 'CommandName': 'ssh vm'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --name -- --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.84.0 (DEB) azsdk-python-core/1.38.0 Python/3.13.11 (Linux-6.8.0-107-generic-x86_64-with-glibc2.39)'
cli.azure.cli.core.sdk.policies: 'Authorization': ''
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1?api-version=2024-11-01 HTTP/1.1" 200 7518
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '7518'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'ETag': '"4"'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-resource': 'Microsoft.Compute/LowCostGetSubscriptionMaximum;23999,Microsoft.Compute/LowCostGetResource;35'
cli.azure.cli.core.sdk.policies: 'x-ms-need-to-refresh-epl-cache': 'False'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '825eb2e9-9109-4c28-9181-e88e6f2f1079'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '1099'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '16499'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '7956d42d-c197-4d99-ae5e-802a69d1c05c'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'UKWEST:20260410T210720Z:7956d42d-c197-4d99-ae5e-802a69d1c05c'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 3D9CC0C2FF6B441E8DD8D0D38FBF5172 Ref B: MNZ221060618037 Ref C: 2026-04-10T21:07:20Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 10 Apr 2026 21:07:20 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"name": "linux-vm-1",
"id": "/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1",
"type": "Microsoft.Compute/virtualMachines",
"location": "ukwest",
"tags": {
"Environment": "TESTING",
"ManagedBy": "terraform",
"AzSecPackAutoConfigReady": "true",
"azsecpack": "nonprod",
"CreatedOnDate": "2026-04-10T07:04:43.8240287Z",
"platformsettings.host_environment.service.platform_optedin_for_rootcerts": "true"
},
"properties": {
"hardwareProfile": {
"vmSize": "Standard_D2a_v4"
},
"provisioningState": "Succeeded",
"vmId": "d74b7fcd-f2b8-4d97-95fd-5c2ff17d3e17",
"storageProfile": {
"imageReference": {
"exactVersion": "3.0.20260304",
"sharedGalleryImageId": "/sharedGalleries/CblMariner.1P/images/azure-linux-3-gen2/versions/latest"
},
"osDisk": {
"osType": "Linux",
"name": "linux-vm-1_OsDisk_1_c72f5ed1524a45c2a4a9e2cd51a75f9d",
"createOption": "FromImage",
"caching": "ReadWrite",
"writeAcceleratorEnabled": false,
"managedDisk": {
"storageAccountType": "StandardSSD_LRS",
"id": "/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/disks/linux-vm-1_OsDisk_1_c72f5ed1524a45c2a4a9e2cd51a75f9d"
},
"deleteOption": "Detach",
"diskSizeGB": 5
},
"dataDisks": [],
"diskControllerType": "SCSI"
},
"osProfile": {
"computerName": "linux-vm-1",
"adminUsername": "adminuser",
"linuxConfiguration": {
"disablePasswordAuthentication": false,
"ssh": {
"publicKeys": []
},
"provisionVMAgent": true,
"patchSettings": {
"patchMode": "ImageDefault",
"assessmentMode": "ImageDefault"
},
"enableVMAgentPlatformUpdates": true
},
"secrets": [],
"allowExtensionOperations": true,
"requireGuestProvisionSignal": true
},
"securityProfile": {
"uefiSettings": {
"secureBootEnabled": true,
"vTpmEnabled": true
},
"securityType": "TrustedLaunch"
},
"networkProfile": {"networkInterfaces":[{"id":"/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Network/networkInterfaces/linux-vm-1-nic","properties":{"primary":true}}]},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": false
}
},
"priority": "Regular",
"extensionsTimeBudget": "PT1H30M",
"timeCreated": "2026-04-10T07:04:45.2933131+00:00"
},
"etag": ""4"",
"resources": [
{
"name": "AADSSHLoginForLinux",
"id": "/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1/extensions/AADSSHLoginForLinux",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "ukwest",
"tags": {
"CreatedOnDate": "2026-04-10T20:53:32.3960604Z"
},
"properties": {
"autoUpgradeMinorVersion": true,
"provisioningState": "Succeeded",
"publisher": "Microsoft.Azure.ActiveDirectory",
"type": "AADSSHLoginForLinux",
"typeHandlerVersion": "1.0"
}
},
{
"name": "AzurePolicyforLinux",
"id": "/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1/extensions/AzurePolicyforLinux",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "ukwest",
"tags": {
"CreatedOnDate": "2026-04-10T07:15:28.6708407Z"
},
"properties": {
"autoUpgradeMinorVersion": true,
"provisioningState": "Succeeded",
"enableAutomaticUpgrade": true,
"publisher": "Microsoft.GuestConfiguration",
"type": "ConfigurationforLinux",
"typeHandlerVersion": "1.0",
"settings": {}
}
},
{
"name": "Microsoft.Azure.Monitor.AzureMonitorLinuxAgent",
"id": "/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1/extensions/Microsoft.Azure.Monitor.AzureMonitorLinuxAgent",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "ukwest",
"tags": {
"CreatedOnDate": "2026-04-10T07:07:57.2180279Z"
},
"properties": {
"autoUpgradeMinorVersion": true,
"provisioningState": "Succeeded",
"enableAutomaticUpgrade": true,
"suppressFailures": true,
"publisher": "Microsoft.Azure.Monitor",
"type": "AzureMonitorLinuxAgent",
"typeHandlerVersion": "1.0",
"settings": {"GCS_AUTO_CONFIG":true}
}
},
{
"name": "Microsoft.Azure.Security.LinuxAttestation",
"id": "/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1/extensions/Microsoft.Azure.Security.LinuxAttestation",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "ukwest",
"properties": {
"autoUpgradeMinorVersion": true,
"provisioningState": "Succeeded",
"enableAutomaticUpgrade": true,
"suppressFailures": true,
"publisher": "Microsoft.Azure.Security.LinuxAttestation",
"type": "GuestAttestation",
"typeHandlerVersion": "1.0",
"settings": {"AttestationConfig":{"MaaSettings":{"maaEndpoint":"","maaTenantName":"GuestAttestation"},"AscSettings":{"ascReportingEndpoint":"","ascReportingFrequency":""},"useCustomToken":"false","disableAlerts":"false"}}
}
},
{
"name": "Microsoft.Azure.Security.Monitoring.AzureSecurityLinuxAgent",
"id": "/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1/extensions/Microsoft.Azure.Security.Monitoring.AzureSecurityLinuxAgent",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "ukwest",
"tags": {
"CreatedOnDate": "2026-04-10T07:07:57.2299769Z"
},
"properties": {
"autoUpgradeMinorVersion": true,
"provisioningState": "Succeeded",
"enableAutomaticUpgrade": true,
"suppressFailures": true,
"publisher": "Microsoft.Azure.Security.Monitoring",
"type": "AzureSecurityLinuxAgent",
"typeHandlerVersion": "2.0",
"settings": {"enableGenevaUpload":true,"enableAutoConfig":true,"reportSuccessOnUnsupportedDistro":true}
}
}
]
}
cli.azext_ssh.target_os_utils: Target OS Type: Linux
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=ComputeManagementClient
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token_info: scopes=('https://management.core.windows.net//.default',), options={}
cli.azure.cli.core.auth.msal_credentials: ManagedIdentityCredential.acquire_token: scopes=['https://management.core.windows.net//.default'], kwargs={}
msal.managed_identity: Obtaining token via managed identity on Azure Arc
urllib3.connectionpool: Starting new HTTP connection (1): localhost:40342
urllib3.connectionpool: http://localhost:40342 "GET /metadata/identity/oauth2/token?api-version=2020-06-01&resource=https%3A%2F%2Fmanagement.core.windows.net%2F HTTP/1.1" 401 253
urllib3.connectionpool: http://localhost:40342 "GET /metadata/identity/oauth2/token?api-version=2020-06-01&resource=https%3A%2F%2Fmanagement.core.windows.net%2F HTTP/1.1" 200 None
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1?api-version=2024-11-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '4294404a-3521-11f1-bb3c-0050568d0755'
cli.azure.cli.core.sdk.policies: 'CommandName': 'ssh vm'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --name -- --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.84.0 (DEB) azsdk-python-core/1.38.0 Python/3.13.11 (Linux-6.8.0-107-generic-x86_64-with-glibc2.39)'
cli.azure.cli.core.sdk.policies: 'Authorization': ''
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1?api-version=2024-11-01 HTTP/1.1" 200 7518
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '7518'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'ETag': '"4"'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-resource': 'Microsoft.Compute/LowCostGetSubscriptionMaximum;23998,Microsoft.Compute/LowCostGetResource;34'
cli.azure.cli.core.sdk.policies: 'x-ms-need-to-refresh-epl-cache': 'False'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'd2f2c44d-59e5-43d3-8bad-86493cf876f2'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '1099'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '16499'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'e0bf52ee-0f4e-47ec-a366-3a047f0be7eb'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'UKWEST:20260410T210721Z:e0bf52ee-0f4e-47ec-a366-3a047f0be7eb'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 30950A8860DF4995AAA76D3B52C95B90 Ref B: MNZ221060609017 Ref C: 2026-04-10T21:07:21Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 10 Apr 2026 21:07:20 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"name": "linux-vm-1",
"id": "/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1",
"type": "Microsoft.Compute/virtualMachines",
"location": "ukwest",
"tags": {
"Environment": "TESTING",
"ManagedBy": "terraform",
"AzSecPackAutoConfigReady": "true",
"azsecpack": "nonprod",
"CreatedOnDate": "2026-04-10T07:04:43.8240287Z",
"platformsettings.host_environment.service.platform_optedin_for_rootcerts": "true"
},
"properties": {
"hardwareProfile": {
"vmSize": "Standard_D2a_v4"
},
"provisioningState": "Succeeded",
"vmId": "d74b7fcd-f2b8-4d97-95fd-5c2ff17d3e17",
"storageProfile": {
"imageReference": {
"exactVersion": "3.0.20260304",
"sharedGalleryImageId": "/sharedGalleries/CblMariner.1P/images/azure-linux-3-gen2/versions/latest"
},
"osDisk": {
"osType": "Linux",
"name": "linux-vm-1_OsDisk_1_c72f5ed1524a45c2a4a9e2cd51a75f9d",
"createOption": "FromImage",
"caching": "ReadWrite",
"writeAcceleratorEnabled": false,
"managedDisk": {
"storageAccountType": "StandardSSD_LRS",
"id": "/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/disks/linux-vm-1_OsDisk_1_c72f5ed1524a45c2a4a9e2cd51a75f9d"
},
"deleteOption": "Detach",
"diskSizeGB": 5
},
"dataDisks": [],
"diskControllerType": "SCSI"
},
"osProfile": {
"computerName": "linux-vm-1",
"adminUsername": "adminuser",
"linuxConfiguration": {
"disablePasswordAuthentication": false,
"ssh": {
"publicKeys": []
},
"provisionVMAgent": true,
"patchSettings": {
"patchMode": "ImageDefault",
"assessmentMode": "ImageDefault"
},
"enableVMAgentPlatformUpdates": true
},
"secrets": [],
"allowExtensionOperations": true,
"requireGuestProvisionSignal": true
},
"securityProfile": {
"uefiSettings": {
"secureBootEnabled": true,
"vTpmEnabled": true
},
"securityType": "TrustedLaunch"
},
"networkProfile": {"networkInterfaces":[{"id":"/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Network/networkInterfaces/linux-vm-1-nic","properties":{"primary":true}}]},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": false
}
},
"priority": "Regular",
"extensionsTimeBudget": "PT1H30M",
"timeCreated": "2026-04-10T07:04:45.2933131+00:00"
},
"etag": ""4"",
"resources": [
{
"name": "AADSSHLoginForLinux",
"id": "/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1/extensions/AADSSHLoginForLinux",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "ukwest",
"tags": {
"CreatedOnDate": "2026-04-10T20:53:32.3960604Z"
},
"properties": {
"autoUpgradeMinorVersion": true,
"provisioningState": "Succeeded",
"publisher": "Microsoft.Azure.ActiveDirectory",
"type": "AADSSHLoginForLinux",
"typeHandlerVersion": "1.0"
}
},
{
"name": "AzurePolicyforLinux",
"id": "/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1/extensions/AzurePolicyforLinux",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "ukwest",
"tags": {
"CreatedOnDate": "2026-04-10T07:15:28.6708407Z"
},
"properties": {
"autoUpgradeMinorVersion": true,
"provisioningState": "Succeeded",
"enableAutomaticUpgrade": true,
"publisher": "Microsoft.GuestConfiguration",
"type": "ConfigurationforLinux",
"typeHandlerVersion": "1.0",
"settings": {}
}
},
{
"name": "Microsoft.Azure.Monitor.AzureMonitorLinuxAgent",
"id": "/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1/extensions/Microsoft.Azure.Monitor.AzureMonitorLinuxAgent",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "ukwest",
"tags": {
"CreatedOnDate": "2026-04-10T07:07:57.2180279Z"
},
"properties": {
"autoUpgradeMinorVersion": true,
"provisioningState": "Succeeded",
"enableAutomaticUpgrade": true,
"suppressFailures": true,
"publisher": "Microsoft.Azure.Monitor",
"type": "AzureMonitorLinuxAgent",
"typeHandlerVersion": "1.0",
"settings": {"GCS_AUTO_CONFIG":true}
}
},
{
"name": "Microsoft.Azure.Security.LinuxAttestation",
"id": "/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1/extensions/Microsoft.Azure.Security.LinuxAttestation",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "ukwest",
"properties": {
"autoUpgradeMinorVersion": true,
"provisioningState": "Succeeded",
"enableAutomaticUpgrade": true,
"suppressFailures": true,
"publisher": "Microsoft.Azure.Security.LinuxAttestation",
"type": "GuestAttestation",
"typeHandlerVersion": "1.0",
"settings": {"AttestationConfig":{"MaaSettings":{"maaEndpoint":"","maaTenantName":"GuestAttestation"},"AscSettings":{"ascReportingEndpoint":"","ascReportingFrequency":""},"useCustomToken":"false","disableAlerts":"false"}}
}
},
{
"name": "Microsoft.Azure.Security.Monitoring.AzureSecurityLinuxAgent",
"id": "/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1/extensions/Microsoft.Azure.Security.Monitoring.AzureSecurityLinuxAgent",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "ukwest",
"tags": {
"CreatedOnDate": "2026-04-10T07:07:57.2299769Z"
},
"properties": {
"autoUpgradeMinorVersion": true,
"provisioningState": "Succeeded",
"enableAutomaticUpgrade": true,
"suppressFailures": true,
"publisher": "Microsoft.Azure.Security.Monitoring",
"type": "AzureSecurityLinuxAgent",
"typeHandlerVersion": "2.0",
"settings": {"enableGenevaUpload":true,"enableAutoConfig":true,"reportSuccessOnUnsupportedDistro":true}
}
}
]
}
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_credentials: ManagedIdentityCredential.acquire_token: scopes=['https://management.core.windows.net//.default'], kwargs={}
msal.managed_identity: Obtaining token via managed identity on Azure Arc
urllib3.connectionpool: Starting new HTTP connection (1): localhost:40342
urllib3.connectionpool: http://localhost:40342 "GET /metadata/identity/oauth2/token?api-version=2020-06-01&resource=https%3A%2F%2Fmanagement.core.windows.net%2F HTTP/1.1" 401 253
urllib3.connectionpool: http://localhost:40342 "GET /metadata/identity/oauth2/token?api-version=2020-06-01&resource=https%3A%2F%2Fmanagement.core.windows.net%2F HTTP/1.1" 200 None

cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Network/networkInterfaces/linux-vm-1-nic?api-version=2022-01-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '4294404a-3521-11f1-bb3c-0050568d0755'
cli.azure.cli.core.sdk.policies: 'CommandName': 'ssh vm'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --name -- --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.84.0 (DEB) azsdk-python-core/1.38.0 Python/3.13.11 (Linux-6.8.0-107-generic-x86_64-with-glibc2.39)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Network/networkInterfaces/linux-vm-1-nic?api-version=2022-01-01 HTTP/1.1" 200 1938
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '1938'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'ETag': 'W/"01d6715b-7e05-4f0d-b18d-23d115df8be9"'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'bdeae29c-ee07-408c-915e-1e01580bdeac'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '8f6585d2-0973-4895-9830-bab993089a2f'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': '1ea2efa9-67e5-4361-8fe1-15bd825156d6'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '1099'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '16499'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'UKWEST:20260410T210721Z:8f6585d2-0973-4895-9830-bab993089a2f'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 318046BE2B9E45689B926F9FD3A8430D Ref B: BL2AA2011004040 Ref C: 2026-04-10T21:07:21Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 10 Apr 2026 21:07:20 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"name":"linux-vm-1-nic","id":"/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Network/networkInterfaces/linux-vm-1-nic","etag":"W/"01d6715b-7e05-4f0d-b18d-23d115df8be9"","tags":{"Environment":"TESTING","ManagedBy":"terraform","CreatedOnDate":"2026-04-10T07:04:32.4566168Z"},"properties":{"provisioningState":"Succeeded","resourceGuid":"18123d98-ec04-4d76-b666-9afcbecaa6ae","ipConfigurations":[{"name":"internal","id":"/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Network/networkInterfaces/linux-vm-1-nic/ipConfigurations/internal","etag":"W/"01d6715b-7e05-4f0d-b18d-23d115df8be9"","type":"Microsoft.Network/networkInterfaces/ipConfigurations","properties":{"provisioningState":"Succeeded","privateIPAddress":"10.100.1.5","privateIPAllocationMethod":"Dynamic","publicIPAddress":{"id":"/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Network/publicIPAddresses/linux-vm-1-pip"},"subnet":{"id":"/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Network/virtualNetworks/ui-ukwest-teamnandi-VNET/subnets/vm"},"primary":true,"privateIPAddressVersion":"IPv4"}}],"dnsSettings":{"dnsServers":[],"appliedDnsServers":[],"internalDomainNameSuffix":"lxbocxhkgowudh1dq5un23gwlh.cwx.internal.cloudapp.net"},"macAddress":"60-45-BD-0D-34-CD","enableAcceleratedNetworking":false,"vnetEncryptionSupported":false,"enableIPForwarding":false,"primary":true,"virtualMachine":{"id":"/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Compute/virtualMachines/linux-vm-1"},"hostedWorkloads":[],"tapConfigurations":[],"nicType":"Standard","allowPort25Out":true,"auxiliaryMode":"None"},"type":"Microsoft.Network/networkInterfaces","location":"ukwest","kind":"Regular"}
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_credentials: ManagedIdentityCredential.acquire_token: scopes=['https://management.core.windows.net//.default'], kwargs={}
msal.managed_identity: Obtaining token via managed identity on Azure Arc
urllib3.connectionpool: Starting new HTTP connection (1): localhost:40342
urllib3.connectionpool: http://localhost:40342 "GET /metadata/identity/oauth2/token?api-version=2020-06-01&resource=https%3A%2F%2Fmanagement.core.windows.net%2F HTTP/1.1" 401 253
urllib3.connectionpool: http://localhost:40342 "GET /metadata/identity/oauth2/token?api-version=2020-06-01&resource=https%3A%2F%2Fmanagement.core.windows.net%2F HTTP/1.1" 200 None

cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Network/publicIPAddresses/linux-vm-1-pip?api-version=2022-05-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '4294404a-3521-11f1-bb3c-0050568d0755'
cli.azure.cli.core.sdk.policies: 'CommandName': 'ssh vm'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --name -- --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.84.0 (DEB) azsdk-python-core/1.38.0 Python/3.13.11 (Linux-6.8.0-107-generic-x86_64-with-glibc2.39)'
cli.azure.cli.core.sdk.policies: 'Authorization': ''
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Network/publicIPAddresses/linux-vm-1-pip?api-version=2022-05-01 HTTP/1.1" 200 937
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '937'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'ETag': 'W/"219f19af-90fe-44de-8176-be13182d915d"'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '463f9568-7b06-4154-b67e-e3556f55c771'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '02019520-04a8-4d39-8608-1e502514edbe'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': '914216f1-2459-4888-b062-ed237914db28'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '1099'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '16499'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'UKWEST:20260410T210721Z:02019520-04a8-4d39-8608-1e502514edbe'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 181C89C3FE28440698AF07C9A9E12643 Ref B: MNZ221060609051 Ref C: 2026-04-10T21:07:21Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 10 Apr 2026 21:07:21 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"name":"linux-vm-1-pip","id":"/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Network/publicIPAddresses/linux-vm-1-pip","etag":"W/"219f19af-90fe-44de-8176-be13182d915d"","location":"ukwest","tags":{"CreatedOnDate":"2026-04-10T07:04:44.4069043Z"},"properties":{"provisioningState":"Succeeded","resourceGuid":"d6b678a3-9d78-44e0-9b34-bd6997ffdff6","ipAddress":"20.77.244.47","publicIPAddressVersion":"IPv4","publicIPAllocationMethod":"Dynamic","idleTimeoutInMinutes":4,"ipTags":[{"ipTagType":"FirstPartyUsage","tag":"/NonProd"}],"ipConfiguration":{"id":"/subscriptions/8172f5a6-59c6-4303-84c9-f7a2090a5d49/resourceGroups/ui-ukwest-teamnandi/providers/Microsoft.Network/networkInterfaces/linux-vm-1-nic/ipConfigurations/internal"},"ddosSettings":{"protectionMode":"VirtualNetworkInherited"}},"type":"Microsoft.Network/publicIPAddresses","sku":{"name":"Basic","tier":"Regional"}}
cli.azext_ssh.ssh_utils: Running ssh-keygen command ssh-keygen -f /tmp/aadsshcertdrwkofhu/id_rsa -t rsa -q -N
cli.azure.cli.core.auth.msal_credentials: ManagedIdentityCredential.acquire_token: scopes=['https://pas.windows.net/CheckMyAccess/Linux/.default'], kwargs={'data': {'token_type': 'ssh-cert', 'req_cnf': '{"kty": "RSA", "n": "ALnFVxKCt7pVkC9O3OkWPxMnbk0aYWzJdvgoqsXEs2LM0zYh6Q1zSiQsk32pGldFbJs14r1hQuqN7JaRK4ZNByjtcshMVx6WUiZFV03Xek6V3EB--R9rsvKtpiaN1feiTYT-IlknQTX2qAT8JGKYCCVy211icEPENTX1feof2pblV6uAEP6XJNKBM5Xb-szouXxF4rHdxkYyIX-rbJ76BvC46SuJWNNGHQXHIUAt27YDC6uxwR9RufmJVl20YguTOsvRn4BrxE-XwlyDe6b8SC7We1MG338mL44MfYgHZLcIeplpLolODzE7s6aTKCGvj5QEZJSLVPPlZNhV2HFTo_mUxhtni-5wqDeM4Y1Xa4Aa-Bg-AQgvpWxpGH56vlIhvnFR7g_HkIaRJqoD0bhEN5NnIgh3AoBFe9392o3NEzYJIt-jKnXwk1UvamfIQmH3Q0hh-hHiSlH9SI1hqmZVLKX1YlSGUgyu6bnoU4CP01_US4sBjOWsEmQ_xIHckhfX0w==", "e": "AQAB", "kid": "1bc50c97bc08084df7346c3cb513f885a1dfce577fd5acbbf53c66e800a5d999"}', 'key_id': '1bc50c97bc08084df7346c3cb513f885a1dfce577fd5acbbf53c66e800a5d999'}}
msal.managed_identity: Obtaining token via managed identity on Azure Arc
urllib3.connectionpool: Starting new HTTP connection (1): localhost:40342
urllib3.connectionpool: http://localhost:40342 "GET /metadata/identity/oauth2/token?api-version=2020-06-01&resource=https%3A%2F%2Fpas.windows.net%2FCheckMyAccess%2FLinux HTTP/1.1" 401 253
urllib3.connectionpool: http://localhost:40342 "GET /metadata/identity/oauth2/token?api-version=2020-06-01&resource=https%3A%2F%2Fpas.windows.net%2FCheckMyAccess%2FLinux HTTP/1.1" 200 2041
msal.token_cache: event={
"client_id": null,
"data": {},
"params": {},
"response": {
"access_token": "***",
"expires_in": 85813,
"refresh_in": 42906,
"resource": "https://pas.windows.net/CheckMyAccess/Linux",
"token_type": "Bearer"
},
"scope": [
"https://pas.windows.net/CheckMyAccess/Linux"
],
"token_endpoint": "https://localhost/managed_identity"
}
cli.azext_ssh.custom: Generating certificate /tmp/aadsshcertdrwkofhu/id_rsa.pub-aadcert.pub
cli.azext_ssh.ssh_utils: Running ssh-keygen command ssh-keygen -L -f /tmp/aadsshcertdrwkofhu/id_rsa.pub-aadcert.pub
/tmp/aadsshcertdrwkofhu/id_rsa.pub-aadcert.pub:1: invalid key: invalid format
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/opt/az/lib/python3.13/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 682, in execute
raise ex
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 812, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 781, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 336, in call
return self.handler(*args, **kwargs)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/command_operation.py", line 120, in handler
return op(**command_args)
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/custom.py", line 65, in ssh_vm
_do_ssh_op(cmd, ssh_session, op_call)
~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/custom.py", line 178, in _do_ssh_op
op_info.cert_file, op_info.local_user = _get_and_write_certificate(cmd, op_info.public_key_file,
~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
None, op_info.ssh_client_folder)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/custom.py", line 244, in _get_and_write_certificate
username = ssh_utils.get_ssh_cert_principals(cert_file, ssh_client_folder)[0]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/ssh_utils.py", line 216, in get_ssh_cert_principals
info = get_ssh_cert_info(cert_file, ssh_client_folder)
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/ssh_utils.py", line 180, in get_ssh_cert_info
return subprocess.check_output(command).decode().splitlines()
~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^
File "/opt/az/lib/python3.13/subprocess.py", line 472, in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**kwargs).stdout
^^^^^^^^^
File "/opt/az/lib/python3.13/subprocess.py", line 577, in run
raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['ssh-keygen', '-L', '-f', '/tmp/aadsshcertdrwkofhu/id_rsa.pub-aadcert.pub']' returned non-zero exit status 1.

cli.azure.cli.core.azclierror: The command failed with an unexpected error. Here is the traceback:
az_command_data_logger: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: Command '['ssh-keygen', '-L', '-f', '/tmp/aadsshcertdrwkofhu/id_rsa.pub-aadcert.pub']' returned non-zero exit status 1.
Traceback (most recent call last):
File "/opt/az/lib/python3.13/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 682, in execute
raise ex
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 812, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 781, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 336, in call
return self.handler(*args, **kwargs)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/command_operation.py", line 120, in handler
return op(**command_args)
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/custom.py", line 65, in ssh_vm
_do_ssh_op(cmd, ssh_session, op_call)
~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/custom.py", line 178, in _do_ssh_op
op_info.cert_file, op_info.local_user = _get_and_write_certificate(cmd, op_info.public_key_file,
~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
None, op_info.ssh_client_folder)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/custom.py", line 244, in _get_and_write_certificate
username = ssh_utils.get_ssh_cert_principals(cert_file, ssh_client_folder)[0]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/ssh_utils.py", line 216, in get_ssh_cert_principals
info = get_ssh_cert_info(cert_file, ssh_client_folder)
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/ssh_utils.py", line 180, in get_ssh_cert_info
return subprocess.check_output(command).decode().splitlines()
~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^
File "/opt/az/lib/python3.13/subprocess.py", line 472, in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**kwargs).stdout
^^^^^^^^^
File "/opt/az/lib/python3.13/subprocess.py", line 577, in run
raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['ssh-keygen', '-L', '-f', '/tmp/aadsshcertdrwkofhu/id_rsa.pub-aadcert.pub']' returned non-zero exit status 1.
az_command_data_logger: Command '['ssh-keygen', '-L', '-f', '/tmp/aadsshcertdrwkofhu/id_rsa.pub-aadcert.pub']' returned non-zero exit status 1.
Traceback (most recent call last):
File "/opt/az/lib/python3.13/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 682, in execute
raise ex
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 812, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 781, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/init.py", line 336, in call
return self.handler(*args, **kwargs)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.13/site-packages/azure/cli/core/commands/command_operation.py", line 120, in handler
return op(**command_args)
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/custom.py", line 65, in ssh_vm
_do_ssh_op(cmd, ssh_session, op_call)
~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/custom.py", line 178, in _do_ssh_op
op_info.cert_file, op_info.local_user = _get_and_write_certificate(cmd, op_info.public_key_file,
~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
None, op_info.ssh_client_folder)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/custom.py", line 244, in _get_and_write_certificate
username = ssh_utils.get_ssh_cert_principals(cert_file, ssh_client_folder)[0]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/ssh_utils.py", line 216, in get_ssh_cert_principals
info = get_ssh_cert_info(cert_file, ssh_client_folder)
File "/u/tamilsel/.azure/cliextensions/ssh/azext_ssh/ssh_utils.py", line 180, in get_ssh_cert_info
return subprocess.check_output(command).decode().splitlines()
~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^
File "/opt/az/lib/python3.13/subprocess.py", line 472, in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**kwargs).stdout
^^^^^^^^^
File "/opt/az/lib/python3.13/subprocess.py", line 577, in run
raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['ssh-keygen', '-L', '-f', '/tmp/aadsshcertdrwkofhu/id_rsa.pub-aadcert.pub']' returned non-zero exit status 1.
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x768608f176a0>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 3.352 seconds (init: 0.193, invoke: 3.159)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 9333 in cache file under /u/tamilsel/.azure/telemetry/20260410210722480
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/opt/az/bin/python3 /opt/az/lib/python3.13/site-packages/azure/cli/telemetry/init.py /u/tamilsel/.azure /u/tamilsel/.azure/telemetry/20260410210722480"
telemetry.process: Return from creating process 1136507
telemetry.main: Finish creating telemetry upload process.

Expected behavior

We should be able to connect vm using az ssh vm

Environment Summary

azure-cli 2.84.0 *

core 2.84.0 *
telemetry 1.1.0

Extensions:
apic-extension 1.1.0
connectedmachine 1.0.0
resource-graph 2.1.1
ssh 2.0.6

Dependencies:
msal 1.35.0b1
azure-mgmt-resource 24.0.0

Python location '/opt/az/bin/python3'
Config directory '/u/tamilsel/.azure'
Extensions directory '/u/tamilsel/.azure/cliextensions'

Python (Linux) 3.13.11 (main, Feb 25 2026, 02:29:34) [GCC 13.3.0]

Additional context

No response

[azure-client-tools-bot-prd]

Hi @tamilselvam-NB,

2.84.0 is not the latest Azure CLI(2.85.0).

If you haven't already attempted to do so, please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.

[yonzhan]

Thank you for opening this issue, we will look into it.

[microsoft-github-policy-service]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @vthiebaut10.

[tamilselvam-NB]

Same issue persists in azure-cli 2.85.0 as well

[microsoft-github-policy-service]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @adamedx, @act-identity-squad.