4

Question 1

I'm looking for a way to SSH into my running container or the hosting VM in Azure App Service for Docker Containers (Linux). I've read the doc for enabling SSH when configuring a custom container and this question. However, both links requires me to install openssh in my image:

# Install OpenSSH and set the password for root to "Docker!". In this example, "apk add" is the install instruction for an Alpine Linux-based image.
RUN apk add openssh \
     && echo "root:Docker!" | chpasswd 

# Copy the sshd_config file to the /etc/ssh/ directory
COPY sshd_config /etc/ssh/

# Open port 2222 for SSH access
EXPOSE 80 2222

I don't want this for my image as it may introduce security issues. Can I connect directly to the VM that hosts my containers and do something like docker exec -it <container name> /bin/bash?

Question 2

If I do install openssh and SSH into the container this way, what happens if I have auto-scaling and multiple instances/containers running, which container am I SSHing into?

Eric Hua
  • 976
  • 2
  • 11
  • 29

1 Answers1

0

Can I connect directly to the VM that hosts my containers and do something like docker exec -it /bin/bash?

Of course not. You can connect directly to the host of the containers. Actually, the host is the app service plan that the app service host in. And I think you know the app service plan can't be connected to.

If I do install openssh and SSH into the container this way, what happens if I have auto-scaling and multiple instances/containers running, which container am I SSHing into?

When you enable the SSH for the containers, you then ssh into the container, not the service plan instance, so if you scale up the service plan, it does not make any affection for you to ssh into the containers. And if you enable SSH for multiple containers in the app service, then you can ssh into all the containers. But there is one thing you need to know. The first you ssh into is the frontend, and you can ssh into others through the service name with port 2222. For example, the docker-compose.yml looks like this:

version: '3.3'

services:
  frontend:
    image: xxxxxx
    ...

  backend:
    image: xxxxxx
    ...

Then you first ssh into the frontend, and you can also ssh into the backend inside the frontend container:

ssh backend -p 2222
Charles Xu
  • 29,862
  • 2
  • 22
  • 39
  • Thanks for the answer. For Q2, I'm currently scaling *out* instead of scaling *up*, so I assume I will have *multiple* containers running the same image on multiple instances instead of just *one* larger instance. I'm wondering which container am I SSHing into? – Eric Hua May 28 '21 at 14:37
  • @EricHua Always the frontend container you first SSH into. No matter which instance your container in or how many instances it has. As I said in the answer. – Charles Xu May 31 '21 at 01:23
  • I mean if I have multiple identical frontend containers (created by auto scaling), do I SSH into one of those randomly? – Eric Hua May 31 '21 at 17:08
  • @EricHua No, you can only have one frontend container that exposes to the outside. – Charles Xu Jun 01 '21 at 01:04
  • @EricHua Any updates on this question? Does it solve your problem? – Charles Xu Jun 03 '21 at 01:22
  • 3
    Why "Of course not"? Remember that what may be obvious to you may not be to the OP. – Mitya May 02 '22 at 17:19