python-3.xazuresftpazure-powershellpowershell-az-module

Add local user to Azure storage account with SFTP enabled from PowerShell


I have set up an Azure storage account with SFTP enabled and would like to automate the addition of new users. I would like to set it up with password and not SSH-key.

I am looking to integrate the automated addition of users into a larger setup in Python by submitting the PowerShell commands from Python. If anyone knows how to add users directly from Python that would also be greatly appreciated.

Following a guide in this article I have tried to add a new user with the following commands:

$resourceGroupName = "myResourceGroup"
$storageAccountName = "mystorageaccount"
$permissionScope = New-AzStorageLocalUserPermissionScope -Permission r -Service blob -ResourceName $resourceGroupName
Set-AzStorageLocalUser -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName -UserName "test" -HomeDirectory "/" -PermissionScope $permissionScope -HasSshPassword $true

However, I get this error message:
Set-AzStorageLocalUser : Operation returned an invalid status code 'BadRequest'


Solution

  • I tried in my environment and got the below results:

    I followed the same document which you shared in the query and you can use the below command that was executed successfully by adding a local user to the storage account with SFTP enabled.

    Command:

        Connect-AzAccount
        
        $resourceGroupName = "resourcegroupname"
        $storageAccountName = "storageaccountname"
        $permissionScope = New-AzStorageLocalUserPermissionScope -Permission rw -Service blob -ResourceName test
        $UserName = "venkat"
        $localuser = Set-AzStorageLocalUser -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName -UserName $UserName -HomeDirectory "test" -PermissionScope $permissionScope  -HasSshPassword $true
        $localuser
        $localuser.SshAuthorizedKeys | ft
        $localuser.PermissionScopes | ft
        $password = New-AzStorageLocalUserSshPassword -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName -UserName $UserName
        $password
    

    Output: enter image description here

    The above commands created the local user successfully and after creation, I tested the connection string to connect with the Sftp client with a password.

    Command:

    Sftp `storage_account_name`.`username`@storage325.blob.core.windows.net
    

    Output: enter image description here

    Portal:

    enter image description here