Unable to connect to SFTP server in docker container

Questions / Help
,
1

Hi there,

I’m having an issue with connecting to an SFTP server from within a docker container on a GCP instance. Its likely a configuration issue with the image , but was just wondering if someone had some insight. I can replicate the issue within a container locally as well - but it works when I just boot up the application outside a container.

These are just pretty standard erlang 22/elixir 1.9 alpine images.

The SFTP library is here: https://github.com/i22-digitalagentur/sftp_client

This is the stacktrace:

app_1       | 14:33:52.212 [info] Erlang SSH :client 4.8 (OpenSSL 1.1.1g  21 Apr 2020).
app_1       | Server: 'SSH-2.0-2.0'
app_1       | Disconnects with code = 11 [RFC4253 11.1]: Internal error
app_1       | State = {key_exchange,client,init}
app_1       | Module = ssh_connection_handler, Line = 1590.
app_1       | Details:
app_1       |   Reason: {badmatch,{error,eacces}}
app_1       | 
app_1       | 
app_1       | 14:33:52.217 [error] GenServer #PID<0.5079.0> terminating
app_1       | ** (Protocol.UndefinedError) protocol String.Chars not implemented for {{:badmatch, {:error, :eacces}}, [{:ssh_file, :default_user_dir, 1, [file: 'ssh_file.erl', line: 394]}, {:ssh_file, :file_name, 3, [file: 'ssh_file.erl', line: 222]}, {:ssh_file, :do_lookup_host_key, 4, [file: 'ssh_file.erl', line: 247]}, {:ssh_file, :is_host_key, 4, [file: 'ssh_file.erl', line: 91]}, {:ssh_transport, :known_host_key, 3, [file: 'ssh_transport.erl', line: 880]}, {:ssh_transport, :handle_kex_ecdh_reply, 2, [file: 'ssh_transport.erl', line: 698]}, {:ssh_connection_handler, :handle_event, 4, [file: 'ssh_connection_handler.erl', line: 711]}, {:gen_statem, :loop_state_callback, 11, [file: 'gen_statem.erl', line: 1161]}, {:proc_lib, :init_p_do_apply, 3, [file: 'proc_lib.erl', line: 249]}]} of type Tuple. This protocol is implemented for the following type(s): Decimal, NaiveDateTime, BitString, Atom, Version.Requirement, Version, URI, Date, Time, Float, List, Integer, DateTime
app_1       |     (elixir) lib/string/chars.ex:3: String.Chars.impl_for!/1
app_1       |     (elixir) lib/string/chars.ex:22: String.Chars.to_string/1
app_1       |     (sftp_client) lib/sftp_client/operation_util.ex:60: SFTPClient.OperationUtil.handle_error/1
app_1       |     (sftp_client) lib/sftp_client/operations/connect.ex:140: SFTPClient.Operations.Connect.do_connect/1
app_1       |     (sftp_client) lib/sftp_client/operations/connect.ex:49: SFTPClient.Operations.Connect.connect/1

Any help would be appreciated.

Thanks

2

It looks like your creds aren’t available in the docker container. It’s looking in the default user directory, which probably works fine locally.

Depending on how you store your secrets for prod, and what your deployment system is, you will ptobably need to mount a directory in your container and pass the directory to the sftp client.

3

Thanks for the response @entone

Perhaps I don’t have enough knowledge of SFTP… but in this case, I just have a host, user and password for the SFTP server. These are accessed elsewhere and I know they exist in proper format. These are what I am passing to SFTPClient.connect/1.

From the error - it looks like its :ssh_connection_handler is trying to access ssh related files. I’m just not sure what setup is required within the dockerfile to satisfy the :ssh_file calls.

4

I’m not familiar with that library, but I have gone down this path the erlang library that this wraps, we were using key files for auth, so I’m not exactly sure what this would be expecting if you are using a username and password.

However, checkout the options here, https://hexdocs.pm/sftp_client/SFTPClient.Operations.Connect.html#connect/1 you may need to at least pass in a path for :user_dir that contains a .ssh directory with the proper permissions. Could just throw an empty .ssh dir in the priv directory, and point to it with :code.priv_dir(MyAppName). Just be aware of the permissions needed for the .ssh directory. If I remember, Erlang was pretty specific.

1 Like
5

Thanks @entone - this ended up being the solution. There were access issues for the default ssh folder within the container. Setting the :user_dir within the connect opts to a valid path worked.