home

Reset passwords with Azure VM extensions

2024-05-17

Since I seem to keep forgetting how to do this, let’s write this down for future reference.

for windows VMs

# this is installed as enablevmAccess, so you may see
# a warning around the same
export extension=VMAccessAgent

az vm extension set \
  -n $extension --publisher Microsoft.Compute \
  --resource-group $rg --vm-name $vm \
  --settings '{"userName":"your.username"}' \
  --protected-settings '{"password":"supersecretpassword"}'

for linux VMs

reset ssh pubkey

export extension=VMAccessForLinux

az vm extension set \
  -n $extension --publisher Microsoft.OSTCExtensions \
  --resource-group $rg --vm-name $vm \
  --protected-settings "{\"username\":\"your.username\", \"ssh_key\":\"$(cat ~/.ssh/id_ed25519.pub)\"}"

sudoers

you do not need to enter your password, when you use sudo.

# entry in /etc/sudoers.d/waagent
# added automatically by the Azure VM extension
your.username ALL = (ALL) NOPASSWD: ALL

reset password

export extension=VMAccessForLinux

az vm extension set \
  -n $extension --publisher Microsoft.OSTCExtensions \
  --resource-group $rg --vm-name $vm \
  --protected-settings '{"username":"your.username", "password": "supersecretpassword"}'

sudoers

you need to enter your password, whenever you use sudo.

# entry in /etc/sudoers.d/waagent
# added automatically by the Azure VM extension
your.username ALL = (ALL) ALL

mgmt apis

you can find the “regular” way to do them through the ARM API in case the Azure CLI does not work for you.

The link is here.

home