Skip to content

Instantly share code, notes, and snippets.

@d11wtq
Created January 29, 2014 23:32
Star You must be signed in to star a gist
Save d11wtq/8699521 to your computer and use it in GitHub Desktop.
How to SSH agent forward into a docker container
docker run -rm -t -i -v $(dirname $SSH_AUTH_SOCK) -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK ubuntu /bin/bash
@tomdavies
Copy link

For anyone struggling to get ssh-agent forwarding to work for non-root container users, here's the workaround I came up with, running my entry point script as root, but using socat + su-exec to expose the socket to the non-root user and then run commands as that user:

  1. Add socat and su-exec to the container in your Dockerfile (you might not need the later if you're not using alpine)
USER root
RUN apk add socat su-exec
# for my use case I need www-data to have access to SSH, so 
RUN \
    mkdir -p /home/www-data/.ssh && \
    chown www-data:www-data /home/www-data/.ssh/
  1. In your entrypoint:
#!/bin/sh
# Map docker's "magic" socket to one owned by www-data
socat UNIX-LISTEN:/home/www-data/.ssh/socket,fork,user=www-data,group=www-data,mode=777 \
    UNIX-CONNECT:/run/host-services/ssh-auth.sock \
    &
# set SSH_AUTH_SOCK to the new value
export SSH_AUTH_SOCK=/home/www-data/.ssh/socket
# exec commands as www-data via su-exec
su-exec www-data ssh-add -l
# SSH agent works for the www-data user, in reality you probably have something like su-exec www-data "$@" here
  1. Run your container as @conf states:
docker run -it --rm -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" name cmd

@unphased
Copy link

shrug this: -v "$SSH_AUTH_SOCK:$SSH_AUTH_SOCK" -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK worked for me. The original gist did not.

@josepsmartinez
Copy link

@unphased Probably due to the symlink situation, as @arunthampi noticed here.

The line the worked for me was docker run -i -t -v $(readlink -f $SSH_AUTH_SOCK):/ssh-agent -e SSH_AUTH_SOCK=/ssh-agent ubuntu /bin/bash

@Paprikas
Copy link

Paprikas commented Jun 7, 2022

@unphased
volume $SSH_AUTH_SOCK:/ssh-agent
and ENV SSH_AUTH_SOCK=/ssh-agent worked for me for years.
But after I've upgraded packages to the latest (ubuntu 22), the agent just stopped working! I mean - ssh-add -l was saying that it does not have access to the agent.
Thank you, your snippet works! Spent the whole day on this issue ))

@wirwolf
Copy link

wirwolf commented Dec 22, 2023

Check if you use docker from snap. In my Kubuntu 22.04 I remove docker from snap and install using apt and problem is fixed

@vokshirg
Copy link

vokshirg commented Feb 6, 2024

the latest official documentation helped me with docker-compose setup
https://docs.docker.com/desktop/networking/#ssh-agent-forwarding

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment