Menu
I have an app that executes various fun stuff with Git (like running git clone & git push) and I'm trying to docker-ize it.
I'm running into an issue though where I need to be able to add an SSH key to the container for the container 'user' to use.
I tried copying it into /root/.ssh/, changing $HOME, creating a git ssh wrapper, and still no luck.
Here is the Dockerfile for reference:
#DOCKER-VERSION 0.3.4 from ubuntu:12.04 RUN apt-get update RUN apt-get install python-software-properties python g++ make git-core openssh-server -y RUN add-apt-repository ppa:chris-lea/node.js RUN echo "deb http://archive.ubuntu.com/ubuntu precise universe" >> /etc/apt/sources.list RUN apt-get update RUN apt-get install nodejs -y ADD . /src ADD ../../home/ubuntu/.ssh/id_rsa /root/.ssh/id_rsa RUN cd /src; npm install EXPOSE 808:808 CMD [ "node", "/src/app.js"] app.js runs the git commands like git pull
416
asked Aug 08 '13 21:08
The SSH method works fine for Docker containers, too. That said, you can SSH into a Docker container using Docker's built-in docker exec . If you do not need an interactive shell, you can also use the docker attach command to connect the host's stdin and stdout to the running container and execute remote commands.
The answer is yes!! But using normal docker run commands, you won't be able to see or interact with the these applications. You need to connect the display with the container in order to do so.
You have to use two combinations, one after the other: ctrl+p followed by ctrl+q. You turn interactive mode to daemon mode, which keeps the container running but frees up your terminal. You can attach to it later using docker attach, if you need to interact with the container more.
It's a harder problem if you need to use SSH at build time. For example if you're using git clone, or in my case pip and npm to download from a private repository.
The solution I found is to add your keys using the --build-arg flag. Then you can use the new experimental --squash command (added 1.13) to merge the layers so that the keys are no longer available after removal. Here's my solution:
Build command
$ docker build -t example --build-arg ssh_prv_key="$(cat ~/.ssh/id_rsa)" --build-arg ssh_pub_key="$(cat ~/.ssh/id_rsa.pub)" --squash . Dockerfile
FROM python:3.6-slim ARG ssh_prv_key ARG ssh_pub_key RUN apt-get update && \ apt-get install -y \ git \ openssh-server \ libmysqlclient-dev # Authorize SSH Host RUN mkdir -p /root/.ssh && \ chmod 0700 /root/.ssh && \ ssh-keyscan github.com > /root/.ssh/known_hosts # Add the keys and set permissions RUN echo "$ssh_prv_key" > /root/.ssh/id_rsa && \ echo "$ssh_pub_key" > /root/.ssh/id_rsa.pub && \ chmod 600 /root/.ssh/id_rsa && \ chmod 600 /root/.ssh/id_rsa.pub # Avoid cache purge by adding requirements first ADD ./requirements.txt /app/requirements.txt WORKDIR /app/ RUN pip install -r requirements.txt # Remove SSH keys RUN rm -rf /root/.ssh/ # Add the rest of the files ADD . . CMD python manage.py runserver Update: If you're using Docker 1.13 and have experimental features on you can append --squash to the build command which will merge the layers, removing the SSH keys and hiding them from docker history.
119
Turns out when using Ubuntu, the ssh_config isn't correct. You need to add
RUN echo " IdentityFile ~/.ssh/id_rsa" >> /etc/ssh/ssh_config to your Dockerfile in order to get it to recognize your ssh key.
27
answered Oct 04 '22 06:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With