Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure Container App - Mounted Private Key - Permission denied (publickey) #1479

Open
matt-lethargic opened this issue Aug 28, 2024 · 2 comments
Open

Azure Container App - Mounted Private Key - Permission denied (publickey) #1479

matt-lethargic opened this issue Aug 28, 2024 · 2 comments

Comments

@matt-lethargic
Copy link

Here's a very unique use case that's causing me an issue that I hope someone can help with.

I have a .Net 8 application built into a docker image and running in an Azure Container App. For security reasons I've used Azure (Key Vault Secret mapped to a container secret mounted as a file) to mount the private key into the container at /mnt/secrets/privatekey

The container is running linux and the security on the file is by default set to 0644, I cannot change this as it's controlled by Azure

My application works fine locally when trying to connect to our SFTP service, but when deployed in the above configuration I get

Exception: Renci.SshNet.Common.SshAuthenticationException: Permission denied (publickey).

I've got console access to the running container and tried sftp -i /mnt/secret/privatekey username@hostname this gives me the following error:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'privatekey' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "privatekey": bad permissions

So i believe that this may be the problem, but I'd love to be told I'm wrong!

The code I have is:

using var client = new SftpClient(_settings.Host, _settings.Port, _settings.Username, new PrivateKeyFile(_settings.PrivateKeyPath));
client.Connect();
client.UploadFile(fileStream, fullPath);

Any and all thoughts and suggestions welcome
@Rob-Hague
Copy link
Collaborator

I would not have thought it is related to the permissions of the key file on the client, otherwise you would get an IO error much earlier.

Are you sure that private key is allowed by the server for that user?

Are you able to sudo sftp to bypass the permissions warning and check it has access?

@matt-lethargic
Copy link
Author

Since posting and stepping away from the computer I've thought of a couple of things to test this out to narrow down the problem. I'll update tomorrow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@matt-lethargic @Rob-Hague