question

JC-1333 avatar image
0 Votes"
JC-1333 asked RahulShinde-8572 commented

Azure Container Instance SFTP - host key changed

Hello,

We created an Azure Container Instance and the corresponding file storage to be used as SFTP. We did this by the custom deployment template (uploaded).

We were able to connect and upload files not problem. However, after a few days we noticed the host key was changed (probably after Azure did some regular maintenance). See screenshot uploaded.

Can anyone guide us how to make the host key from changing? Can the custom deployment template be modified to specify a constant host key?

Thanks!


16523-azure-sftp-deployment-template.pdf


azure-stack-hub
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SumanthMarigowda-MSFT avatar image
0 Votes"
SumanthMarigowda-MSFT answered JC-1333 commented

@JC-1333 For clarification: Have you referred to the suggestion mentioned in this GitHub article and let me know the status if you find any difficulties. I would like to work closer on this issue .

Hope this helps!


Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Sumanth,

Yes, I did look into the GitHub article and aware there is a solution for this.

With the instructions provide by bhummerstone:
1. Clone the Github repo for the current container image: https://github.com/atmoz/sftp
2. Edit the files/entrypoint file to remove the section that generates the new host key each time
3. Edit the Dockerfile to remove the line that removes the host keys; specifically this: rm -f /etc/ssh/ssh_host_key
4. Build the new container image using docker build
5. Push the new image to a repository of your choice e.g. Docker Hub or Azure Container Registry
6. Modify the ARM template sample to deploy from a different repository (see the sample link I posted above)
I am only able to complete step 1 to 3. I don't know how to perform step 4 to 6. Could you shed some lights on those steps?

0 Votes 0 ·
CMD73 avatar image
1 Vote"
CMD73 answered RahulShinde-8572 commented

@JC-1333 I had similar struggles after finding and deploying the Microsoft template here, and it was working great...then the container reset. The SSH keys on the atmoz/sftp image reset each time (as it probably should) so the automation built around it kept causing the transfers to fail with the Man In The Middle warning about the key change on the SFTP client.

To get around it, I created two additional file shares in the storage account: one to store the keys, and one to store a bash script. The keys I grabbed from the /etc/ssh directory and put them in the first file share, which I mounted to /etc/sftpkeys in the template. Then I mounted the share with the bash script to /etc/sftp.d, which is a folder that the atmoz/sftp image will run any script after startup (see the atmoz docs here. The bash script just needs to do a copy from the sftpkeys folder to ssh, named something like copykeys.sh: cp /etc/sftpkeys/ssh_host_* /etc/ssh

This has done the trick after several restart tests to keep the keys intact. It avoids having to build your own fork of the atmoz/sftp image. Hope it works for you too.

Chad


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Nice one - just what i was looking for. Thanks

0 Votes 0 ·

Hello Chad,
This is exact scenario we have, can you have steps for the above mentioned details please.

Here looking for a way to create name in share, then way we go ahead to copy and mount that appropriately.

Much appreciated in this regards,

This will save lot of ongoing issues for much in relevant scenarios in future.

Regards,
Rahul Shinde

0 Votes 0 ·