question

MohitKumarSharma-1566 avatar image
1 Vote"
MohitKumarSharma-1566 asked JeromeCann-3094 commented

AZURE WEB APP WITH LINUX CONTAINER SSH LOGIN ISSUE

Hi,

I am using azure web app with container and I also expose the port 2222 in docker-file but I am not able to ssh login in the server.
Dockerfile:
EXPOSE 80 2222


I am getting this error.
SSH CONNECTION CLOSE - Error: connect ECONNREFUSED 172.16.1.3:2222 CREDENTIALS

azure-webappsazure-webapps-developmentazure-webapps-ssh
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SnehaAgrawal-MSFT avatar image
1 Vote"
SnehaAgrawal-MSFT answered AnilGoyal-3755 commented

Thanks for asking question!
Could you please confirm how are you trying to open SSH session, To open SSH session in browser paste the following URL into your browser and replace <app-name> with your app name: https://<app-name>.scm.azurewebsites.net/webssh/host

Also, You're required to authenticate with your Azure subscription to connect. Once authenticated, you see an in-browser shell, where you can run commands inside your container.

Refer to this document: Open an SSH session to a Linux container in Azure App Service

Also, To add further the most common cause of an inability to SSH into a custom container is either the Web App isn't running or the Kudu container isn't running. Therefore, if you are unable to SSH into your app container, you should check.

  1. Ensure that the Web App is currently running.

  2. Ensure that the Kudu site is currently running.

Please let us know.



· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Thanks for the help. I am using "https://<app-name>.scm.azurewebsites.net/webssh/host" way and my web app is running fine, I can access web app by the url.

I am opening by clicking on the ssh tab in azure portal web app. It is not asking any authentication. do i need to enable authentication somewhere else?

I don't have any knowledge of this point "Also, You're required to authenticate with your Azure subscription to connect. Once authenticated, you see an in-browser shell, where you can run commands inside your container."

0 Votes 0 ·

Hi Mohit,
I am having this issue with RUN chmod 755 /opt/startup/init_container.sh

Step 12/28 : COPY init_container.sh /opt/startup
2021-02-23T06:04:29.0135197Z ---> e5d6a12b605f
2021-02-23T06:04:29.0135597Z Step 13/28 : RUN chmod 755 /opt/startup/init_container.sh
2021-02-23T06:04:29.0422461Z ---> Running in 18ba81bd52f1
2021-02-23T06:04:29.2944509Z [91mchmod: /opt/startup/init_container.sh: Not a directory
2021-02-23T06:04:29.4099477Z [0mThe command '/bin/sh -c chmod 755 /opt/startup/init_container.sh' returned a non-zero code: 1
2021-02-23T06:04:29.4174269Z ##[error]The command '/bin/sh -c chmod 755 /opt/startup/init_container.sh' returned a non-zero code: 1

Can you please help

0 Votes 0 ·
SnehaAgrawal-MSFT avatar image
1 Vote"
SnehaAgrawal-MSFT answered ehoke-9432 commented

Sure, Thanks for reply! You should have full privilege rights with your Azure subscription to connect.

Also, could you please double check on enabling SSH in a custom container, the following requirements should be met.

  1. The Docker image must be built so that openssh-server is installed.

    To ensure that openssh-server is installed, the following must be included in the Dockerfile used to build the image.

    RUN apt-get update \
    && apt-get install -y --no-install-recommends openssh-server \
    && echo "root:Docker!" | chpasswd

  2. The Docker image must include a proper sshd_config file in the /etc/ssh directory.

    You can copy the contents of the sshd_config file located here . You also need to ensure that the sshd_config file is part of the build
    context when the Docker image is built, and you need to copy the file to the correct directory in the image using the following in the
    Dockerfile.

    COPY sshd_config /etc/ssh/

  3. Port 2222 must be exposed via the Dockerfile.

    To expose port 2222, the following line must be included in the Dockerfile.

    EXPOSE 2222

    Note that you should also expose the port that will be used when browsing the app. This will typically be port 80, so the EXPOSE
    instruction may look like this.

    EXPOSE 2222 80

  4. The SSH service must be started when the container is started.

    You need to create a startup script for the container. Inside of that script, you should start the SSH service. Here is an example of script
    code that will do this.

    #!/bin/bash
    service ssh start

    Note that #!/bin/bash is required as the first line of this script. Otherwise, it will not work.

    The script can be named anything. In our documentation, we use init_container.sh as a recommendation.

  5. The startup script must be included in the image, and the script should be called via the Dockerfile.

    The startup script must be included in the build context when the Docker image is built. The following lines also need to be part of
    the Dockerfile in order for the script to execute.

    COPY init_container.sh /opt/startup
    RUN chmod 755 /opt/startup/init_container.sh
    ENTRYPOINT ["/opt/startup/init_container.sh"]

Reference: https://docs.microsoft.com/en-us/azure/app-service/configure-custom-container?pivots=container-linux#enable-ssh

Hope this helps. Let us know Incase issue persists.


































· 9
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, Sneha.

I'm having a similar issue and I've verified my configuration matches the requirements you've outlined in your detailed response to this post (Thank you for that!).

For me, everything works fine if I have specify a single container (Django) through Azure | App Service | Deployment Center. The container starts with port 2222 exposed and the SSH to the IP address works fine.

However, when using Docker Compose (Preview) with multiple containers (Gunicorn & Nginx), the SSH fails because of the wrong IP address. SSH attempts to connect to an IP address that is not assigned to either Gunicorn or Nginx. I assume it's an IP address for the network that both Gunicorn and Nginx are part of, but not specific to either.

How does Azure SSH know which IP address on a multi-container service is the correct IP address with port 2222 exposed?

Do we need to create a custom network within our Docker-compose file?

Jerome

1 Vote 1 ·

Step 13/28 : RUN chmod 755 /opt/startup/init_container.sh
2021-02-23T06:04:29.0422461Z ---> Running in 18ba81bd52f1
2021-02-23T06:04:29.2944509Z [91mchmod: /opt/startup/init_container.sh: Not a directory
2021-02-23T06:04:29.4099477Z [0mThe command '/bin/sh -c chmod 755 /opt/startup/init_container.sh' returned a non-zero code: 1


Hi Sneha,
It looks like the above provided instruction is not working on RUN chmod 755 /opt/startup/init_container.sh.

Can you please help

0 Votes 0 ·

Thanks! Request you to refer to this recent updated document for Enable SSH

Let us know.


0 Votes 0 ·

How do you write the below script in init_container.sh to start SSH server:

/usr/sbin/sshd

That is all. something needs to there on the first line like #!/bin/bash

Can you please confirm this.

Thanks

0 Votes 0 ·
Show more comments

I think I found a solution.

On line:

 COPY init_container.sh /opt/startup

add '/'. So you should have:

 COPY init_container.sh /opt/startup/



0 Votes 0 ·

What's the deal with password Docker!. I tried different passwords but none works except this one. Is it something hardwired. Thanks.

0 Votes 0 ·