Enabling SSH on Azure App Service for containers dumps garbage into the log stream, am I doing something wrong?

Question

Following the documentation to enable the SSH console to work in Azure portal with a Linux container, causes the container to dump a large amount of garbage to the log stream, ultimately restarting the web app.

https://learn.microsoft.com/en-us/azure/app-service/containers/configure-custom-container#enable-ssh

I've tried a couple different sshd_config options but nothing really seems to help. The documentation says to use this config file

Port            2222
ListenAddress       0.0.0.0
LoginGraceTime      180
X11Forwarding       yes
Ciphers aes128-cbc,3des-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,hmac-sha1-96
StrictModes         yes
SyslogFacility      DAEMON
PasswordAuthentication  yes
PermitEmptyPasswords    no
PermitRootLogin     yes
Subsystem sftp internal-sftp

And I'm generating keys with

ssh-keygen -A

dockerfile

FROM centos

# Timezone 
ENV TZ America/New_York

# openssh-server, nginx and supervisor
RUN yum -y update && \
    yum -y install epel-release \
    http://rpms.remirepo.net/enterprise/remi-release-7.rpm \
    openssh-server && \
    yum-config-manager --enable remi-php72 && \
    yum install -y nginx \
    supervisor && \
    echo "root:Docker!" | chpasswd  && \
    ssh-keygen -A 

# ssh configuration
COPY sshd_config /etc/ssh/

# Setup Supervisor 
COPY nginx.ini ssh.ini /etc/supervisord.d/

EXPOSE 2222 80

ENTRYPOINT ["supervisord", "-n", "-c", "/etc/supervisord.conf"]

nginx.ini

[program:nginx]
command=/usr/sbin/nginx -g 'daemon off;'
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0

ssh.ini

[program:sshd]
command=/usr/sbin/sshd -D
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0

Just expect to enable this and have the SSH option in azure portal work without bringing the container down. Any ideas for making this work

This is an example of what is thrown in the log stream

2019-05-17T15:34:21  Welcome, you are now connected to log-streaming service.DEBUG: Outgoing: Writing CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:28,padLen:17,remainLen:16DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Outgoing: Writing CHANNEL_DATA (0)DEBUG: Outgoing: Writing CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:28,padLen:17,remainLen:16DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:28,padLen:16,remainLen:16DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:60,padLen:10,remainLen:48DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Outgoing: Writing CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:28,padLen:17,remainLen:16DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Outgoing: Writing CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:28,padLen:17,remainLen:16DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Outgoing: Writing CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:28,padLen:17,remainLen:16DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Outgoing: Writing CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:28,padLen:17,remainLen:16DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Outgoing: Writing CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:28,padLen:17,remainLen:16DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Outgoing: Writing CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:28,padLen:17,remainLen:16DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Outgoing: Writing CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:28,padLen:17,remainLen:16DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Outgoing: Writing CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:44,padLen:7,remainLen:32DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Outgoing: Writing CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:28,padLen:17,remainLen:16DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Outgoing: Writing CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:28,padLen:17,remainLen:16DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Outgoing: Writing CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:28,padLen:16,remainLen:16DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)DEBUG: Parser: IN_PACKETDEBUG: Parser: DecryptingDEBUG: Parser: pktLen:2972,padLen:11,remainLen:2960DEBUG: Parser: IN_PACKETDATADEBUG: Parser: DecryptingDEBUG: Parser: HMAC size:20DEBUG: Parser: IN_PACKETDATAVERIFYDEBUG: Parser: Verifying MACDEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_DATA (0)DEBUG: Parser: IN_PACKETBEFORE (expecting 16)

Love the minus one with no comment .. thanks. – dev null May 20 '19 at 12:35 — dev null, May 20 '19 at 12:35

score 1 · Accepted Answer · answered May 24 '19 at 13:55

Ended up opening a ticket with MS for this, apparently log stream does this with SSH enabled. They said it's the way they capture the std/out logs to display them in azure portal. We ended trying CentOS, Debian and Alpine, they all dumped garbage to the log stream. The garbage isn't captured in the docker-logs available through kudu / api, so at least the logs are kept clean.

I ended up not being able to recreate restarts with the PoC containers we made, so I closed the ticket as a non-problem.

Enabling SSH on Azure App Service for containers dumps garbage into the log stream, am I doing something wrong?

1 Answers1