0

I have set up an Azure storage account with SFTP enabled and would like to automate the addition of new users. I would like to set it up with password and not SSH-key.

I am looking to integrate the automated addition of users into a larger setup in Python by submitting the PowerShell commands from Python. If anyone knows how to add users directly from Python that would also be greatly appreciated.

Following a guide in this article I have tried to add a new user with the following commands:

$resourceGroupName = "myResourceGroup"
$storageAccountName = "mystorageaccount"
$permissionScope = New-AzStorageLocalUserPermissionScope -Permission r -Service blob -ResourceName $resourceGroupName
Set-AzStorageLocalUser -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName -UserName "test" -HomeDirectory "/" -PermissionScope $permissionScope -HasSshPassword $true

However, I get this error message:
Set-AzStorageLocalUser : Operation returned an invalid status code 'BadRequest'

Ruwi
  • 3
  • 3

1 Answers1

0

I tried in my environment and got the below results:

I followed the same document which you shared in the query and you can use the below command that was executed successfully by adding a local user to the storage account with SFTP enabled.

Command:

    Connect-AzAccount
    
    $resourceGroupName = "resourcegroupname"
    $storageAccountName = "storageaccountname"
    $permissionScope = New-AzStorageLocalUserPermissionScope -Permission rw -Service blob -ResourceName test
    $UserName = "venkat"
    $localuser = Set-AzStorageLocalUser -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName -UserName $UserName -HomeDirectory "test" -PermissionScope $permissionScope  -HasSshPassword $true
    $localuser
    $localuser.SshAuthorizedKeys | ft
    $localuser.PermissionScopes | ft
    $password = New-AzStorageLocalUserSshPassword -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName -UserName $UserName
    $password

Output: enter image description here

The above commands created the local user successfully and after creation, I tested the connection string to connect with the Sftp client with a password.

Command:

Sftp `storage_account_name`.`username`@storage325.blob.core.windows.net

Output: enter image description here

Portal:

enter image description here

Venkatesan
  • 3,748
  • 1
  • 3
  • 15
  • 1
    Thanks a lot! I think the problem was, that I passed the resourceGroupName to the ResourceName parameter in the permission scope in stead of the name of the container. – Ruwi Mar 09 '23 at 13:17