-
-
Save d11wtq/8699521 to your computer and use it in GitHub Desktop.
docker run -rm -t -i -v $(dirname $SSH_AUTH_SOCK) -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK ubuntu /bin/bash |
Check if you use docker from snap. In my Kubuntu 22.04 I remove docker from snap and install using apt and problem is fixed
the latest official documentation helped me with docker-compose setup
https://docs.docker.com/desktop/networking/#ssh-agent-forwarding
is there a version of setup for Redhat linux and distributions based on it like CentOS and Rocky?
the latest official documentation helped me with docker-compose setup https://docs.docker.com/desktop/networking/#ssh-agent-forwarding
That seems to be specific to Docker Desktop. What about Colima and/or Podman?
Based on @tomdavies post, i created this Dockerfile which uses the USER statement in order to have an unpriviledged container instead of su-exec:
FROM python:3.11.6-alpine
RUN apk --no-cache add --update \
socat \
sudo
RUN addgroup --gid 1001 -S ansible && adduser --uid 1001 -S ansible -G ansible -h /home/ansible
RUN echo 'ansible ALL=(ALL:ALL) NOPASSWD:/usr/local/bin/create-ansible-agent-socket.sh' > /etc/sudoers
RUN echo 'socat UNIX-LISTEN:/home/ansible/.ssh/agent,fork,user=ansible,group=ansible,mode=777 UNIX-CONNECT:/root/.ssh/agent' > /usr/local/bin/create-ansible-agent-socket.sh
RUN chmod +x /usr/local/bin/create-ansible-agent-socket.sh
RUN echo 'sudo /usr/local/bin/create-ansible-agent-socket.sh & SSH_AUTH_SOCK=/home/ansible/.ssh/agent "$@"' > /entrypoint.sh
USER ansible
RUN mkdir -p /home/ansible/.ssh && chown ansible:ansible /home/ansible/.ssh
ENTRYPOINT [/bin/sh, /entrypoint.sh]
you run it then with
docker run -it -u ansible \
-v "$SSH_AUTH_SOCK":/root/.ssh/agent \
-e SSH_AUTH_SOCK=/root/.ssh/agent \
name cmd
@benjertho After struggling for hours with the same problem (works on first shell login but after that fails), I tried a hack and it worked! Sharing here:
-
Add an entrypoint line to dockerfile
ENTRYPOINT ["/ros_entrypoint.sh"]
-
In entrypoint script, add the following at the top:
# Dynamically set SSH_AUTH_SOCK if it's available in the mounted /tmp directory
if [ -n "$(find /tmp -type s -name 'agent.*' 2>/dev/null)" ]; then
export SSH_AUTH_SOCK=$(find /tmp -type s -name 'agent.*' 2>/dev/null)
fi
- Add the following to your compose.yaml:
environment:
- SSH_AUTH_SOCK=/tmp/ssh-agent
volumes:
- /tmp:/tmp
Now the ssh auth sock will be set appropriately every time.
@unphased
volume $SSH_AUTH_SOCK:/ssh-agent
and ENV SSH_AUTH_SOCK=/ssh-agent worked for me for years.
But after I've upgraded packages to the latest (ubuntu 22), the agent just stopped working! I mean - ssh-add -l was saying that it does not have access to the agent.
Thank you, your snippet works! Spent the whole day on this issue ))