Thanks najib. You got me started. As I will be running this inside of a script, I need to be able to pass the password to scp. I found pscp that does the trick. Thanks again.
There is also the option of sharing some disk space (a directory) from the host to the container.
Then, the container can write into that directory and the host can read from there.
What is important here, is that we generally consider that the containers are trusted less than the host.
Therefore, if you set up SSH to SSH from the container to the host, then you end up putting your SSH private key in the container (not so good because we do not trust the containers that much).
Obviously, if your use-case is such that you can trust the container, you may very well do so (and use SSH).
When I was in the same situation, I used cloud-init to download the file using http during the first boot. The container’s config or the profile should look something like this:
config:
[...]
user.user-data: |
#cloud-config
# Download a file
runcmd:
- /usr/bin/wget -q -O <target path on local fs> http://my.web.server/file_to_be_downloaded
[...]
Note: Cloud-init runs only once (first boot), not during every boot.