docker run -rm -t -i -v $(dirname $SSH_AUTH_SOCK) -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK ubuntu /bin/bash |
This comment has been minimized.
This comment has been minimized.
|
This comment has been minimized.
This comment has been minimized.
Wow, I was wondering how this solutions works with socket file share, it wasn't supposed to work though. But then again, now I realise that docker containers share same kernel level with the guest OS. Good tips |
This comment has been minimized.
This comment has been minimized.
Is there any pre-requisite for the Docker host? My host can connect to a SSH server using private key authentication just fine, but the container fails to find a private key (which makes sense since it doesn't have it) and fallbacks to password authentication... |
This comment has been minimized.
This comment has been minimized.
I can’t see how this would work, given that the permissions on |
This comment has been minimized.
This comment has been minimized.
This exposes the value of the $SSH_AUTH_SOCK (whichiis the path to a socket file on the host) as a volume into the docker container (at the location /ssh-agent). Inside the container you then set the environment variable $SSH_AUTH_SOCK with the path to the volume inside, /ssh-agent). Since this environment variable is now set, ssh-agent -l can make use of it inside the container. When you run these commands inside the docker container you're root and so you have access. |
This comment has been minimized.
This comment has been minimized.
If you're running this command in a Vagrant created VM, you might have problems with the file in
|
This comment has been minimized.
This comment has been minimized.
Anyone get this to work in boot2docker yet? |
This comment has been minimized.
This comment has been minimized.
+1 @arunthampi That works very well in my Vagrant+Docker setup. I was using a Docker container to run Capistrano commands, so I had a few other things. I needed to add a File test -f ~/.cap_user && export CAP_USER=$(cat ~/.cap_user) || true I set that file up in the VM using the Viola. Capistrano deploying happening inside a Docker container. |
This comment has been minimized.
This comment has been minimized.
@tobowers: Works for me on boot2docker on mac, but I have to do it in two steps, SSH into the host VM, then run @arunthampi's code. Like so:
Once you're in to the host VM, you can check out forwarding status with |
This comment has been minimized.
This comment has been minimized.
@dts You forgot
|
This comment has been minimized.
This comment has been minimized.
@tobowers On boot2docker Just your home dir is available on boot2docker-vm, maybe if you symlink the ssh-agent socket to $HOME/something this can work. |
This comment has been minimized.
This comment has been minimized.
I'm trying this, but with docker-compose. I was typing a comment, but too much for this gist. Any help is appreciated over on http://stackoverflow.com/questions/32897709/ssh-key-forwarding-inside-docker-compose-container |
This comment has been minimized.
This comment has been minimized.
Great thanks.
Works pretty well! |
This comment has been minimized.
This comment has been minimized.
Has anyone managed to use SSH agent forwarding in combination with running the container as a different user e.g. SSH actually checks that the effective UID is present in the password database and fails with |
This comment has been minimized.
This comment has been minimized.
I get the following error when trying this out. I'm using a mac and have tried this on both docker for mac and docker-machine. I had to first install git on the ubuntu image.
|
This comment has been minimized.
This comment has been minimized.
@whistler, sharing the auth socket is currently not working for docker for mac, see: It seems there is a work in progress that should be available before the end of November: |
This comment has been minimized.
This comment has been minimized.
@gautaz thanks for the heads up! |
This comment has been minimized.
This comment has been minimized.
What if I have Windows? How to use I can clone repo with common git for WIndows, but not inside the container |
This comment has been minimized.
This comment has been minimized.
It would very helpfull to get a clarification on how to share ssh keys when the hots is windows (maybe by a key copy..) |
This comment has been minimized.
This comment has been minimized.
@Sylvain, give a chance to WSL (Windows Subsystem for Linux). |
This comment has been minimized.
This comment has been minimized.
@kynan if you aren't using a remote user database for your system (eg LDAP/AD) you can map in /etc/passwd read-only so SSH can find your user. |
This comment has been minimized.
This comment has been minimized.
Maybe, there is similar way to integrate |
This comment has been minimized.
This comment has been minimized.
@ghost asks
Browsing around, I saw this: https://github.com/transifex/docker-gpg-agent-forward |
This comment has been minimized.
This comment has been minimized.
How if |
This comment has been minimized.
This comment has been minimized.
For anyone who comes across this: This will not work for anyone using Docker for Mac due to os limitations around file socket access. See: docker/for-mac#410 |
This comment has been minimized.
This comment has been minimized.
This works for me for the first shell logon, but fails for successive attempts. My use case is a remote container that has a longer lifespan, usually of a couple weeks. Is there a solution that is robust against the changing of the SSH_AUTH_SOCK target?
|
This comment has been minimized.
This comment has been minimized.
The official guidance works for me, when nothing else has. It's not very well explained, but the bind mount paths are magic values to allow SSH agent forwarding. |
This comment has been minimized.
This comment has been minimized.
maybe -v here instead of -e ? |
This comment has been minimized.
In order for this to work you need to specify volume like so:
docker run -rm -t -i -v $(dirname $SSH_AUTH_SOCK):$(dirname $SSH_AUTH_SOCK) -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK ubuntu /bin/bash