I have set up an Azure storage account with SFTP enabled and would like to automate the addition of new users. I would like to set it up with password and not SSH-key.
I am looking to integrate the automated addition of users into a larger setup in Python by submitting the PowerShell commands from Python. If anyone knows how to add users directly from Python that would also be greatly appreciated.
Following a guide in this article I have tried to add a new user with the following commands:
$resourceGroupName = "myResourceGroup"
$storageAccountName = "mystorageaccount"
$permissionScope = New-AzStorageLocalUserPermissionScope -Permission r -Service blob -ResourceName $resourceGroupName
Set-AzStorageLocalUser -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName -UserName "test" -HomeDirectory "/" -PermissionScope $permissionScope -HasSshPassword $true
However, I get this error message:
Set-AzStorageLocalUser : Operation returned an invalid status code 'BadRequest'
I tried in my environment and got the below results:
I followed the same document which you shared in the query and you can use the below command that was executed successfully by adding a local user to the storage account with SFTP enabled.
Command:
Connect-AzAccount
$resourceGroupName = "resourcegroupname"
$storageAccountName = "storageaccountname"
$permissionScope = New-AzStorageLocalUserPermissionScope -Permission rw -Service blob -ResourceName test
$UserName = "venkat"
$localuser = Set-AzStorageLocalUser -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName -UserName $UserName -HomeDirectory "test" -PermissionScope $permissionScope -HasSshPassword $true
$localuser
$localuser.SshAuthorizedKeys | ft
$localuser.PermissionScopes | ft
$password = New-AzStorageLocalUserSshPassword -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName -UserName $UserName
$password
Output:
The above commands created the local user successfully and after creation, I tested the connection string to connect with the Sftp client with a password.
Command:
Sftp `storage_account_name`.`username`@storage325.blob.core.windows.net
Output:
Portal: