Menu
Okay so for several projects I need to access my private repositories, so I'd like to forward the host's SSH Agent to the container to allow retrieving from these private repositories. Eventually I would like to implement this in docker-compose.
I've found a lot of answers and solutions pointing to something like this:
docker run --rm -t -i \
-v $SSH_AUTH_SOCK:/ssh-agent \
-e SSH_AUTH_SOCK=/ssh-agent \
alpine:3.6 sh
But when I run ssh-add -l inside there (after making sure openssh is installed)
I get the following error:
Error connecting to agent: Connection refused
Also tried this within my docker compose setup but it doesn't seem to work like it should. Due to most posts and solutions being several years old I hope someone can help me with accurate up-to-date info.
543
From the configuration, go to Connection > SSH > Auth and enable “Allow agent forwarding.” You can also add your private key file from the same pane. PuTTY will handle the SSH agent for you, so you don't have to mess around with any config files.
SSH Agent Forwarding Furthermore, the SSH protocol implements agent forwarding, a mechanism whereby an SSH client allows an SSH server to use the local ssh-agent on the server the user logs into, as if it was local there.
Currently, to use Docker on Mac and Windows requires the use of Docker Toolbox. You have to download it, install a bunch of tools and dependencies for it to work. And since Docker uses Linux-specific tools you can't run it natively. Instead, you have to use docker-machine and attach to a VirtualBox VM on your system.
SSH_AUTH_SOCK=`launchctl getenv SSH_AUTH_SOCK` ssh-add
docker run --rm -it \
-v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock:ro \
-e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" \
image ssh hosts
The mount option and SSH_AUTH_SOCK value in container are all magic constants, do not change them.
launchctl getenv SSH_AUTH_SOCK may output empty string on iTerm2 3.2+ due to the bug. The work around is one of:launchctl asuser $UID launchctl getenv SSH_AUTH_SOCK, orNOTE: if the launchctl problem cannot work round, there is another way to forwarding ssh agent via stdio tunnel.
109
According to this issue you can forward your macOS ssh-agent to your docker container by adding -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" options to your docker run command, e.g.
docker run --rm -it \
-v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock \
-e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" \
docker_image
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
