Tutorial on SSH

Hey Fly.io folks a newbe here.

I’m trying to SSH / SCP into my application. The goal is to copy a sqlite database into a mounted volume.

Unfortunately fly ssh console doesn’t work:

My terminal:

$ fly ssh console
Connecting to fdaa:0:d9ee:a7b:b4:4:51b7:2... complete
Error error connecting to SSH server: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Log in fly.io monitoring:

2023-01-26T09:30:45.965 app[e42eac2f] fra [info] 2023/01/26 09:30:45 unexpected error: [ssh: no auth passed yet, user: 'root' does not exist]

I’m not really sure which path to take next. So, I wonder if there is some up-to-date tutorial which starts from scratch and explains on how to connect to an app. I’ve done some research in this forum, but I’m unsure what the current state of art is.

Is my assumption correct that there is an SSH service started on all VMs independent of my application? Is there anything I need to configure in my application, like exposing a SSH port? And can I break something with my application that would prevent fly ssh console from working?

Thanks so much for fly.io. It’s a great experience so far. Hopefully this is the last step running my app.

(I’m just a fellow user, not an employee.)

This could indicate that your container’s /etc/passwd is missing, invalid, or doesn’t have a “root” user.

From your other post I see you are using “scratch” as the base image. It doesn’t include /etc/passwd and other basic things such as a shell, so Fly’s SSH server can’t support it. If you want SSH you need to switch to a base image that includes a basic working system (some examples: “alpine”, “busybox”).

I’m not sure if there is a good tutorial for this. Here is a minimal example (using Apache on Debian) if you want a starting point:

mkdir app && cd app
cat > Dockerfile <<"EOF"
FROM httpd
fly launch # accept the defaults
# set the internal port to 80 because that's what httpd listens on by default
patch fly.toml <<"EOF"
--- fly.toml.orig
+++ fly.toml
@@ -15 +15 @@
-  internal_port = 8080
+  internal_port = 80
fly deploy
wget -O - https://APP.fly.dev # replace APP with your app's name
fly ssh console


No app configuration is required, but (as you discovered) you do need a basic working system.

Setting up SCP is a small hassle, I’m not sure if there is canonical documentation anywhere but it goes like this (source):

fly ssh issue --agent
fly proxy 10022:22 # stays in the foreground; run in a separate terminal
scp -P 10022 path/to/local/file root@localhost:/path/to/remote/dest

Note that this requires SCP to be installed in the app’s VM (e.g. add RUN apt-get update && apt-get install -y openssh-client to the Dockerfile, or install interactively using fly ssh console).

Alternatively, you can use flyctl’s built-in SFTP-like interactive shell, which doesn’t require any setup but is less powerful (e.g. can’t upload directories yet):

fly ssh sftp shell
put path/to/local/file /path/to/remote/file
1 Like

@tom93 Thanks so much. I owe you.

In my case, I used scratch as the docker base image. Using alpine as the base solved it.

And sftp-like built-in shell is actually sufficient for me.