This post is a variation of my previous post about serverless SFTP on Azure. What this does is allow you to run Container Instances that mount two file shares - one for actual storage and another that mounts ssh keys per this issue. Source is maintained at Github here.
The way to use is:
- Download from my Github
p.jsonwith your info. Replace
run.ps1with your info. Look over
t.jsonbut I’m sure you don’t have to change anything in there.
- Upload to your Azure Cloud Storage by going to portal.azure.com => Click on powershell icon => Once you sign in =>
cd ./clouddrive/yournameand then upload all three files into a folder
- Then run
./run.ps1and it will deploy the containers
- Go to Azure Container Instances to see the result!
So before offering this service to users in my company, I tested on my machine first. On my Windows computer, I ran the following to create a key pair:
ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key | Out-Null
Upload public key to file storage. You can use the Storage Explorer app or go to portal.azure.com => Type storage accounts => Your storage account => File Shares => Upload the key file there.
First I used WinSCP GUI and filled in hostname, username, then clicked Advanced => Key Auth => Point to private key => It then tells you it will convert it to Putty format
.ppk=> Select ‘yes’ and okay.
That worked perfectly! Next, I used command line:
1 2 3 4 5 6
[C:\scripts] > sftp -i "C:\path\to\private\key\ssh_host_rsa_key" email@example.com connected to firstname.lastname@example.org. sftp> exit [C:\scripts] >
- Worked again!
So now I had someone try and do it from an older RHEL 6 box:
First, upload their public key to the correct SSH Keys container and restarted the container group
Then they ran:
1 2 3 4
sudo serviceAccount sftp -F ~/.ssh/config.sftp email@example.com connected to firstname.lastname@example.org. sftp> exit
- Where the file
1 2 3
Host dnslabel.southcentralus.azurecontainer.io User user IdentityFile /home/serviceAccount/.ssh/id_rsa
Identity file should be the private key
Also, the biggest drawback of containers is that their host key changes every time they reboot, so on each client device I usually set:
1 2 3
Host dnslabel.southcentralus.azurecontainer.io StrictHostKeyChecking no UserKnownHostsFile=/dev/null
For all users in
/etc/ssh/ssh_configor just the current user in
Not sure if needed, but from command line try something like:
1 2 3 4
# SSH ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no email@example.com # SCP scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no somefile.txt firstname.lastname@example.org:/var/tmp/