Introduction
As an Azure cloud consulting company, we had a requirement from the client to enable SSH for the containers running in the Azure App service.
In Azure App services there is a feature to SSH directly from the Azure blade itself but it will only work for applications deployed in the Azure web app(via direct code) whereas SSH is not possible for Azure App Service deployed as Containers, in this blog we will see how this can be done.
Prerequisite
Ensure that you have created the Azure App Service deployed as Containers from Container Registry’s Docker Image
Install sshd service in Docker
First you need to install sshd service in Dockerfile along with your other installations here my base image is Amazon Linux 2 below is my Dockerfile entry.
The below will work on Redhat7, CentOS7 distributions as well.
FROM amazonlinux:2 RUN yum -y install openssh-server
Set root user password for Dockerfile’s base image
Once you have installed the sshd service in the base image then you need to set password for root user and make sure to give its password as Docker!
Add the below entry in the Docker file
RUN echo "root:Docker!" | chpasswd RUN ssh-keygen -A
Create custom sshd_config file
Create the below sshd_config file and make sure to name this file as sshd_config in your local
Port 2222 ListenAddress 0.0.0.0 LoginGraceTime 180 X11Forwarding yes Ciphers aes128-cbc,3des-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr MACs hmac-sha1,hmac-sha1-96 StrictModes yes SyslogFacility DAEMON PasswordAuthentication yes PermitEmptyPasswords no PermitRootLogin yes Subsystem sftp internal-sftp
We have to make sure sshd service is exposed to port 2222 in the Dockerfile and also also copy the above created custom sshd_config file to the base image’s /etc/ssh path
Add the below entry in the Docker file
COPY ./sshd_config /etc/ssh/. EXPOSE 2222
Start the service using bash script
Since, we would need to start two services(1. SSHD service, 2. Web service/app service) we cannot directly do this using CMD command available in Dockerfile. So, we need to create a seperate bash script that can start these two services.
Create a bash script file to start the sshd service, also make sure to include all the other services to start in the bash script(here I’m starting httpd along with sshd) in your local machine create a file named start.sh with the below entry.
#!/bin/bash /usr/sbin/sshd /usr/sbin/httpd -DFOREGROUND
Add the below entry in the Docker file to copy the above bash script and give execute permission and then include the created bash script in the CMD field.
COPY ./start.sh start.sh RUN chmod +x ./start.sh CMD ./start.sh
This is my entire Dockerfile for installation and staring of both sshd and httpd service
FROM amazonlinux:2 RUN yum -y install openssh-server httpd RUN echo "root:Docker!" | chpasswd RUN ssh-keygen -A COPY ./sshd_config /etc/ssh/. EXPOSE 2222 80 COPY ./start.sh start.sh RUN chmod +x ./start.sh CMD ./start.sh
Verify in Azure portal
Login into your Azure Portal–> Navigate to App services–> Enter into your deployed App service–> Click on SSH(from the side pane)–> Click on Go
Now it will open a new browser and ssh into the running container in Azure App Service and verify the contents of the repo by navigating into the document root
Thus we have successfully SSH directly into the running Azure App Service
I hope you all enjoy this article. If you need professional support on any Azure cloud related services you can contact us using the link. We will be able to help you at any levels.
FAQ
- How can enabling SSH access benefit my containerized app on Azure App Service?
Enabling SSH access allows direct, secure access to the underlying containerized app, facilitating troubleshooting, diagnostics, and configuration adjustments.
2. What steps are involved in enabling SSH access for a container app on Azure App Service?
To enable SSH access, navigate to the Azure Portal, locate your App Service, go to “Configuration,” add an SSH setting, and configure the necessary credentials.
