In App Service platform, the WEBSSH feature is backed by openssh-server. For Azure App Service built-in docker images, the platform by default has OpenSSH server configured. But for custom docker image, you will have to setup the OpenSSH server by yourself.
We used to notice the following RedHat issue that may cause your custom docker container failed to install openssh-server.
Not Finding openssh-server-8.0p1-3.el8.x86_64.rpm in REDHAT ubi 8 docker image - Red Hat Customer Po...
At that time, you only have two options: either you register the RedHat system running within the container and attach it to a RedHat subscription, or you can download the openssh-server package and manually install it inside your docker container.
The good news is that RedHat openssh-server package now became available in both authenticated (registry.redhat.io) and unauthenticated (registry.access.redhat.com) registries.
That means we can simply now use "yum install" command to install openssh-server in an unregistered docker container.
According to 1750907 – UBI7 - Request for openssh-server package in UBI7 image (redhat.com), since 2021 Oct,
openssh-server is now included in RedHat ubi7 and ubi8 repositories.
For more details about RedHat UBI images, repositories and packages, please refer to:
Universal Base Images (UBI): Images, repositories, packages, and source code - Red Hat Customer Port...
The following article shows a demonstration of how to enable WebSSH for your customer docker image which is build based on Redhat UBI docker image.
Notes:
# This is ssh server systemwide configuration file.
#
# /etc/sshd_config
Port 2222
ListenAddress 0.0.0.0
LoginGraceTime 180
X11Forwarding yes
Ciphers aes128-cbc,3des-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,hmac-sha1-96
StrictModes yes
SyslogFacility DAEMON
PasswordAuthentication yes
PermitEmptyPasswords no
PermitRootLogin yes
Subsystem sftp internal-sftp
In the following example:
#!/usr/bin/bash
# Get environment variables to show up in SSH session
eval $(printenv | sed -n "s/^\([^=]\+\)=\(.*\)$/export \1=\2/p" | sed 's/"/\\\"/g' | sed '/=/s//="/' | sed 's/$/"/' >> /etc/profile)
# starting sshd process
/usr/sbin/sshd
# starting Nginx
nginx -g 'daemon off;'
docker build -t <docker registry account>/<image name>:<tag> .
For example:
Find your new created docker image id
docker images
Start the docker container use the new created docker image
docker run -d -p 80:80 <docker image id>
Get the docker container ID
docker ps
Get into the docker container, then test ssh access
docker exec -it <container id> /bin/bash
ssh root@localhost -p 2222
docker push <docker registry account>/<image name>:<tag>
Go to https://<app-service-bane>.scm.azurewebsites.net/webssh/host
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.