Menu
I'm using boot2docker on Windows 7. VirtualBox is mounting my Windows ~/.ssh directory from Windows (c:\Users\Me\.ssh) inside the boot2docker VM (/c/Users/Me/.ssh).
My Dockerfile is configuring an image to be used as a development environment. It copies to the container a set of SSH keys and a config that are used for automatic deployment. This works fine. When the container starts up, it automatically clones a git repository within the image without prompts.
I'm now trying to use the same image but allow for the user to mount via docker run -v ... their own .ssh directory so they can optionally use their own SSH keys instead. When I do that by adding in -v /home/myself/.ssh:/home/guest/.ssh to the command that runs the container, I get the SSH warning about the permissions being too open:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for '/home/guest/.ssh/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/guest/.ssh/id_rsa
I tried adding into the ENTRYPOINT script a line to chmod -R 700 /home/guest/.ssh but it appears that that is either ineffective or it is executed before the volume is mounted.
I also tried changing the permissions of /home/guest/.ssh from within the running container and was unable to do so. I get no error when running chmod -R 700 /home/guest/.ssh but the permissions do not change.
I saw in another question about Docker volume permissions the suggestion that the questioner use ACLs, but I didn't know if that was a good idea, or if it would even work.
Regardless, what is the simplest way to allow a user to use their own SSH keys and SSH config inside a Docker container?
951
How to Mount Local Directories using docker run -v. Using the parameter -v allows you to bind a local directory. -v or --volume allows you to mount local directories and files to your container. For example, you can start a MySQL database and mount the data directory to store the actual data in your mounted directory.
The SSH method works fine for Docker containers, too. That said, you can SSH into a Docker container using Docker's built-in docker exec . If you do not need an interactive shell, you can also use the docker attach command to connect the host's stdin and stdout to the running container and execute remote commands.
Slightly kludgy, but you could copy the .ssh files into a new directory and chmod them, in the startup of the shell.
I.e. give the container the SSH files via a volume, but use the shell ~/.profile to copy them to ~/.ssh.
172
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
