Menu
I have been having serious troubles to get ssh-agent forwarded into the docker container (with my docker-compose installation). I have Mac running Catalina, with docker-engine 19.03.8 and Compose @ 1.24. The following is my docker-compose file:
version: '3.7'
services:
platform:
build:
context: .
dockerfile: ./platform/compose/Dockerfile.platform.local
working_dir: /root/platform
ports:
- "3000:3000"
command: ["./compose/scripts/start_rails.sh"]
tty: true
stdin_open: true
volumes:
- type: bind
source: /run/host-services/ssh-auth.sock
target: /run/host-services/ssh-auth.sock
env_file: ./platform/.env
environment:
TERM: xterm-256color
SSH_AUTH_SOCK: /run/host-services/ssh-auth.sock
volumes:
The way I have configured ssh-agent forwarding is as specified in docker-compose documentation
The ./compose/scripts/start_rails.sh script does bundle install && bundle exec rails s. I have few gems that I am pulling from private-repositories and I thought I should be able to install these gems by forwarding ssh-agent.
I have also tried starting the ssh-agent before I spin the docker-compose up, but that doesnt seem to do anything.
{
"debug": true,
"experimental": true,
"features": {
"buildkit": true
}
}
This is what I have added inside my docker configuration file. Any help is appreciated.
**UPDATE: 0 **
The following in my .ssh directory structure and config:
tree ~/.ssh
├── config
├── known_hosts
├── midhun
│ ├── id_rsa
│ └── id_rsa.pub
└── client
├── id_rsa
└── id_rsa.pub
cat ~/.ssh/config
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/client/id_rsa
Host me.github.com
HostName github.com
User git
IdentityFile ~/.ssh/midhun/id_rsa
UPDATE: 1
Updated my config with ForwardAgent Yes and it didn't work either. I have recorded entire ssh-logs in this gist -> https://gist.github.com/midhunkrishna/8f77ebdc90c7230d2ffae0834dc477cc .
802
From the configuration, go to Connection > SSH > Auth and enable “Allow agent forwarding.” You can also add your private key file from the same pane. PuTTY will handle the SSH agent for you, so you don't have to mess around with any config files.
$ COMPOSE_DOCKER_CLI_BUILD=1 docker-compose build. This instruction tells docker-compose to use the Docker CLI when executing a build. You should see the same build output, but starting with the experimental warning.
I believe below change to your ~/.ssh/config should fix the issue:
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/client/id_rsa
ForwardAgent yes
Host me.github.com
HostName github.com
User git
IdentityFile ~/.ssh/midhun/id_rsa
ForwardAgent yes
Update 1: 5th May 2020
In your case, the reason it may not be working is that the agent on the host is key less.
You can confirm that using:
$ ssh-add -L
$ ssh-add -l
The agent will only forward the keys it has in its memory, nothing on your disk. Else you risk exposing every key that is there without any permission. What you need do is make sure you add those keys to your ssh-agent at startup:
$ ssh-add ~/.ssh/client/id_rsa
$ ssh-add ~/.ssh/midhun/id_rsa
Then if you do ssh-add -L on host and inside the docker terminal you should see both keys. And the ssh-agent also will work.
82
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
