Dockerfile: skip passphrase for private key

Question

I'm using private keys for downloading my repository from Github in my Docker file. I have something like this:

RUN mkdir -p /root/.ssh && echo "$MY_PRIVATE_KEY" >/root/.ssh/id_rsa &&    chmod 0600 /root/.ssh/id_rsa &&    ssh-keyscan github.com >> /root/.ssh/known_hosts &&    cat /root/.ssh/known_hosts &&    ssh -vvv [email protected] &&    pip install git+ssh://[email protected]/[email protected] &&    rm /root/.ssh/id_rsa

Where MY_PRIVATE_KEY is an argument. I'm not able to re-create this key. My issue is that during connection process I'm getting the following error: key_load_private_type: incorrect passphrase supplied to decrypt private key

Is it possible to skip passphrase somehow?

Answer 1

The passphrase is required to decrypt the key. You can't "skip" it. You could remove the passphrase on the key using ssh-keygen -p (see the man page for details).

You may want to investigate the use of a GitHub Deploy Key, which is a per-repository ssh key that grants read-only access to the repository. These are meant to solve exactly the situation you find yourself in: needing to automaticaly deploy software from a GitHub repository that requires authentication.

Answer 2

Your MY_PRIVATE_KEY seems to be passphrase-protected (a key with an empty passphrase is not the same as a non-encrypted key).

The key in .ssh/id_rsa is normally not passphrase-protected, instead it is protected by permissions to allow only owner access (0600).

You can remove the passphrase from your key using OpenSSL like this:

set MY_PRIVATE_KEY = `echo $MY_PRIVATE_KEY | openssl rsa`

The contents of id_rsa should look like:

-----BEGIN RSA PRIVATE KEY-----
. . .
-----END RSA PRIVATE KEY-----