Enabling SSH access for Container app on Azure App service
A Cloud Architect Company
Azure

How to Enable SSH Access for Container app on Azure App service?

Introduction

As an Azure cloud consulting company, we had a requirement from the client to enable SSH for the containers running in the Azure App service.

In Azure App services there is a feature to  SSH directly from the Azure blade itself but it will only work for applications deployed in the Azure web app(via direct code) whereas SSH is not possible for Azure App Service deployed as Containers, in this blog we will see how this can be done.

Prerequisite

Ensure that you have created the Azure App Service deployed as Containers from Container Registry’s Docker Image

Install sshd service in Docker

First you need to  install sshd service in Dockerfile along with your other installations here my base image is Amazon Linux 2   below is my Dockerfile entry.

The below will work on Redhat7, CentOS7 distributions as well.

FROM amazonlinux:2
RUN yum -y install openssh-server

Set root user password for Dockerfile’s base image

Once you have installed the sshd service in the base image then you need to set password for root user and make sure to give its password as Docker!

Add the below entry in the Docker file

RUN echo "root:Docker!" | chpasswd
RUN ssh-keygen -A

Create custom sshd_config file

Create the below sshd_config file and make sure to name this file as sshd_config in your local

Port 2222
ListenAddress 0.0.0.0
LoginGraceTime 180
X11Forwarding yes
Ciphers aes128-cbc,3des-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,hmac-sha1-96
StrictModes yes
SyslogFacility DAEMON
PasswordAuthentication yes
PermitEmptyPasswords no
PermitRootLogin yes
Subsystem sftp internal-sftp

We have to make sure sshd service is exposed to port 2222 in the Dockerfile and also also copy the above created custom sshd_config file to the base image’s /etc/ssh path

Add the below entry in the Docker file

COPY ./sshd_config /etc/ssh/.
EXPOSE 2222

Start the service using bash script

Since, we would need to start two services(1. SSHD service, 2. Web service/app service) we cannot directly do this using CMD command available in Dockerfile. So, we need to create a seperate bash script that can start these two services.

Create a bash script file to start the  sshd service, also make sure to include all the other services to start in the bash script(here I’m starting httpd along with sshd) in your local machine create a file named  start.sh with the below entry.

#!/bin/bash
/usr/sbin/sshd
/usr/sbin/httpd -DFOREGROUND

Add the below entry in the Docker file to copy the above bash script and give execute permission and then include the created bash script in the CMD field.

COPY ./start.sh start.sh
RUN chmod +x ./start.sh
CMD ./start.sh

This is my entire Dockerfile for installation and staring of both sshd and httpd service

FROM amazonlinux:2
RUN yum -y install openssh-server httpd
RUN echo "root:Docker!" | chpasswd
RUN ssh-keygen -A
COPY ./sshd_config /etc/ssh/.
EXPOSE 2222 80
COPY ./start.sh start.sh
RUN chmod +x ./start.sh
CMD ./start.sh

Verify in Azure portal

Login into your Azure Portal–> Navigate to App services–> Enter into your deployed App service–> Click on SSH(from the side pane)–> Click on Go

Azure Portal App service

Now it will open a new browser and ssh into the running container in Azure App Service and verify the contents of the repo by navigating into the document root

Azure App service SSH

Thus we have successfully SSH directly into the running Azure App Service

I hope you all enjoy this article. If you need professional support on any Azure cloud related services you can contact us using the link. We will be able to help you at any levels.

FAQ

  1.  How can enabling SSH access benefit my containerized app on Azure App Service?

Enabling SSH access allows direct, secure access to the underlying containerized app, facilitating troubleshooting, diagnostics, and configuration adjustments.

2. What steps are involved in enabling SSH access for a container app on Azure App Service?

To enable SSH access, navigate to the Azure Portal, locate your App Service, go to “Configuration,” add an SSH setting, and configure the necessary credentials.

Leave a Reply

Your email address will not be published. Required fields are marked *

back to top
advanced-floating-content-close-btn

Contact Us to save your AWS bill by 40%

X