SSH.NET
SSH.NET copied to clipboard
sshnet
Azure Container App - Mounted Private Key - Permission denied (publickey)
Here's a very unique use case that's causing me an issue that I hope someone can help with.
I have a .Net 8 application built into a docker image and running in an Azure Container App. For security reasons I've used Azure (Key Vault Secret mapped to a container secret mounted as a file) to mount the private key into the container at /mnt/secrets/privatekey
The container is running linux and the security on the file is by default set to 0644, I cannot change this as it's controlled by Azure
My application works fine locally when trying to connect to our SFTP service, but when deployed in the above configuration I get
Exception: Renci.SshNet.Common.SshAuthenticationException: Permission denied (publickey).
I've got console access to the running container and tried sftp -i /mnt/secret/privatekey username@hostname this gives me the following error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'privatekey' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "privatekey": bad permissions
So i believe that this may be the problem, but I'd love to be told I'm wrong!
The code I have is:
using var client = new SftpClient(_settings.Host, _settings.Port, _settings.Username, new PrivateKeyFile(_settings.PrivateKeyPath));
client.Connect();
client.UploadFile(fileStream, fullPath);
Any and all thoughts and suggestions welcome
