Example of port bind in `az network bastion tunnel` is a privileged ports.
See original GitHub issue[Enter feedback here]
az network bastion tunnel --name MyBastionHost --resource-group MyResourceGroup --target-resource-id vmResourceId --resource-port 111 --port 222
Hi , In Mac and Linux-based OS, BInd to privileged ports (so-called Well-Known Ports: 0-1023) requires root privileges when executed by a not root user, as shown below, and therefore, if you do not execute the command by sudo, a Permission denied error will occur. I would suggest changing the example to one that uses DYNAMIC AND/OR PRIVATE PORTS (49152~65535).
Command group 'network bastion' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
The command failed with an unexpected error. Here is the traceback:
[Errno 13] Permission denied
Traceback (most recent call last):
File "/usr/local/Cellar/azure-cli/2.34.1/libexec/lib/python3.10/site-packages/knack/cli.py", line 231, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/local/Cellar/azure-cli/2.34.1/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 658, in execute
raise ex
File "/usr/local/Cellar/azure-cli/2.34.1/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 721, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/local/Cellar/azure-cli/2.34.1/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 692, in _run_job
result = cmd_copy(params)
File "/usr/local/Cellar/azure-cli/2.34.1/libexec/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 328, in __call__
return self.handler(*args, **kwargs)
File "/usr/local/Cellar/azure-cli/2.34.1/libexec/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(**command_args)
File "/usr/local/Cellar/azure-cli/2.34.1/libexec/lib/python3.10/site-packages/azure/cli/command_modules/network/custom.py", line 8212, in create_bastion_tunnel
tunnel_server = get_tunnel(cmd, resource_group_name, bastion_host_name, target_resource_id, resource_port, port)
File "/usr/local/Cellar/azure-cli/2.34.1/libexec/lib/python3.10/site-packages/azure/cli/command_modules/network/custom.py", line 8198, in get_tunnel
tunnel_server = TunnelServer(cmd.cli_ctx, 'localhost', port, bastion, vm_id, resource_port)
File "/usr/local/Cellar/azure-cli/2.34.1/libexec/lib/python3.10/site-packages/azure/cli/command_modules/network/tunnel.py", line 59, in __init__
self.sock.bind((self.local_addr, self.local_port))
PermissionError: [Errno 13] Permission denied
To open an issue, please run: 'az feedback'
Also, I am PR the above as an issue in help.py below. https://github.com/Azure/azure-cli/pull/21930
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: c10d6dab-e042-91dc-a213-943af0d5ad0e
- Version Independent ID: 399a501c-b96d-8867-078f-73dd9b8b3da2
- Content: az network bastion
- Content Source: latest/docs-ref-autogen/network/bastion.yml
- Service: virtual-network
- GitHub Login: @rloutlaw
- Microsoft Alias: routlaw
Issue Analytics
- State:
- Created a year ago
- Reactions:1
- Comments:5 (4 by maintainers)
Top Results From Across the Web
az network bastion | Microsoft Learn
SSH to a virtual machine using Tunneling from Azure Bastion. az network bastion tunnel. Open a tunnel through Azure Bastion to a target...
Read more >Tunneling and Port Forwarding - HackTricks
Beacon's reverse port forward always tunnels the traffic to the Team Server and the Team Server sends the traffic to its intended destination,...
Read more >SSH reverse tunnel and SSH via bastion - BruXy - RegNet.cz
I am currently using this script to enable reverse SSH tunnel on port 2222 (remember the only root can use privileged ports below...
Read more >Privileged Identity 7.3 Admin Guide - BeyondTrust
operation performed (for example, changing an account password versus changing a password ... As Privileged Identity does not perform its own networking or....
Read more >Top 20 OpenSSH Server Best Security Practices - nixCraft
Sometimes you create UNIX / Linux user account for FTP or email purpose. ... Limit ssh port binding and change ssh port (many...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@navba-MSFT Sorry for the late reply, thank you for merged.
@tbuchi888 Your PR has been merged. We will now proceed with closure of this github issue. If you need any further assistance on this issue in future, please feel free to reopen this thread. We would be happy to help.