Menu
I am using Docker for few of my projects, where one requirement is to generate ssh keys using Docker file, so that when the container builds it will generate a pair of rsa keys.I have seen some examples where key generation happens via .sh file and Dockerfile has the commond to run that .sh file. Is there a way we can do it directly in Dockerfile instead of .sh
Currently I am using following in Dockerfile to generate ssh key pair. But this gives me error saying "/bin/sh ssh-keygen not found"
RUN ssh-keygen -q -t rsa -N '' -f /home/docker/.ssh/id_rsa
will be really very helpful if someone can provide a way to achieve the same.
Thanks, Yash
522
Open a terminal and use the ssh-keygen command with the -C flag to create a new SSH key pair. Replace the following: KEY_FILENAME : the name for your SSH key file. For example, a filename of my-ssh-key generates a private key file named my-ssh-key and a public key file named my-ssh-key.
The SSH method works fine for Docker containers, too. That said, you can SSH into a Docker container using Docker's built-in docker exec . If you do not need an interactive shell, you can also use the docker attach command to connect the host's stdin and stdout to the running container and execute remote commands.
The problem is that ssh-keygen is not available in your container yet. This can be easily solved, for example by installing the openssl-client package on a ubuntu base image.
The following Dockerfile does precisely that and places a key in the container's root folder
FROM ubuntu:latest
RUN apt-get -y install openssh-client
RUN ssh-keygen -q -t rsa -N '' -f /id_rsa
BUT READ THIS: My strong advice is not to place keys, certificates whatsoever into the container's file system at all! This might lead to strong security risks, as essentially anyone who obtains the container image can authenticate himself at services the key is valid for; it forces you to handle container images with the same care you would treat cryptographic keys and certificates!
Hence, it is advisable to keep the keys outside of the container. This can be easily achieved by using Docker VOLUMES; and you'd simply mount a volume holding keys/containers into the Docker container when launching it.
CREATING KEYS OUTSIDE THE CONTAINER The following Dockerfile does instead create the key once the container is started, and it may be used to create the key outside the container's file system
FROM ubuntu:latest
RUN apt-get -y install openssh-client
CMD ssh-keygen -q -t rsa -N '' -f /keys/id_rsa
First, build the container with the following command:
docker build -t keygen-container .
Starting the container using
docker run -v /tmp/:/keys keygen-container
will create a key on the host in /tmp.
180
The answer is almost correct above but you need to apt-get update first. Maybe it was correct on the previous ubuntu image but did not work for me. Also, I remove any id_rsa files that could exist on localhost directory first.
printf "FROM ubuntu:latest \nRUN apt-get update; apt-get -y install openssh-client \nCMD rm /keys/id_rsa*; ssh-keygen -q -t rsa -N '' -f /keys/id_rsa" > Dockerfile
docker build -t keygen-container .
docker run -v /tmp/:/keys keygen-container
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
