Azure AD
pam_aad.so
, part of the aadlogin
package installed by the AADForLinux
VM extension, provides the ability to login to a Linux VM over SSH with your AAD credentials.
Changes will vary by distribution, but under Ubuntu 18.04 the following changes are necessary to common-account
:
account [success=2 ignore=ignore default=die] pam_aad.so
And common-auth
:
auth [success=2 ignore=ignore default=die] pam_aad.so
If you're struggling to troubleshoot issues with the module, try appending debug
to both its account
and auth
lines, then monitor the system's security log. Don't forget to remove it again when you're done -- it'll generate a large volume of output.
It also requires the following options to be set in /etc/ssh/sshd_config
:
Option | Value |
---|---|
UsePAM | yes |
ChallengeResponseAuthentication | yes |
KbdInteractiveAuthentication | yes |
PasswordAuthentication | no |
PubkeyAuthentication | no |
For further details see the Azure documentation.