windows S2022 net use cannot accept Azure storage key because it starts with slash AND sshd limitations

Question

I wish to attach a network drive/share from a session created via sshd. The drive was originally created with the standard Powershell connect script provided on the "Connect" tab as executed in a Powershell window in RDP. The drive persists and the W2022 instance can be stopped and restarted and Z: drive reappears in Powershell windows launched inside RDP. My question concerns connecting to Z: from shells launched from sshd.

The command

net use Z: \\myStorageAcct.file.core.windows.net\xfer /user:myStorageAcct

prompts for a password and I enter the storage account secret key -- which starts with a slash -- and everything works. The net use command can take the password on the command line but I cannot figure out how to pass the password without net use interpreting the password as an option, e.g.:

net use Z: \\myStorageAcct.file.core.windows.net\xfer /user:myStorageAcct   /CMA33FV...==
The option /CMA33FV...== is unknown

I am open to Powershell tricks or a util other than net use to attach the drive.

EDIT

Important constraint: Sessions created with sshd cannot use the standard Powershell script that appears in the "Connect" tab of the file share. In particular, the cmdkey exec produces this error:

CMDKEY: Credentials cannot be saved from this logon session.

Answer 1

Logging in with either name+password or a keypair via sshd yields a restricted session that requires additional authentication to access remote resources. One way or another, you will have to provide credentials to attach the drive. These can be supplied in a script, the environment, a key vault, etc. but the essence of the solution is:

$username = "myStorageAcct"

# Not the session login; this is storage account secret key:
$password = "/CMA43ydVvM4N..."  

$secureStringPwd = $password | ConvertTo-SecureString -AsPlainText -Force

#  The Juice:
$creds = New-Object System.Management.Automation.PSCredential -ArgumentList $username, $secureStringPwd
New-PSDrive -Name Z -PSProvider FileSystem -Root "\\myStorageAcct.file.core.windows.net\myShareName" -Credential $creds

By specifying a credential object, New-PSDrive avoids the leading slash problem encountered with net use where the password is mistaken for an option.

Answer 2

I am open to PowerShell tricks or a util other than net use to attach the drive.

To attach a network drive from a file share, I agree with Turdie's comment. You can copy the PowerShell script from the file share through the portal.

Portal -> Your storage account -> fileshare -> your fileshare -> connect -> windows -> copy script

Portal:

Note: The script will only work on Windows Server 2012 and above.

Now, I copied the script and pasted it into my Windows Server 2022 PowerShell, as shown below:

Script:

$connectTestResult = Test-NetConnection -ComputerName venkat789.file.core.windows.net -Port 445
if ($connectTestResult.TcpTestSucceeded) {
    # Save the password so the drive will persist on reboot
    cmd.exe /C "cmdkey /add:`"venkat789.file.core.windows.net`" /user:`"localhost\venkat789`" /pass:`"xxxxxxx`""
    # Mount the drive
    New-PSDrive -Name Z -PSProvider FileSystem -Root "\\venkat789.file.core.windows.net\share1" -Persist
} else {
    Write-Error -Message "Unable to reach the Azure storage account via port 445. Check to make sure your organization or ISP is not blocking port 445, or use Azure P2S VPN, Azure S2S VPN, or Express Route to tunnel SMB traffic over a different port."
}

Output:

The above script executed and attached a network drive/file share to my Windows Server 2022.

Reference:

Mount SMB Azure file share on Windows | Microsoft Learn