-
-
Save d11wtq/8699521 to your computer and use it in GitHub Desktop.
docker run -rm -t -i -v $(dirname $SSH_AUTH_SOCK) -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK ubuntu /bin/bash |
the latest official documentation helped me with docker-compose setup
https://docs.docker.com/desktop/networking/#ssh-agent-forwarding
is there a version of setup for Redhat linux and distributions based on it like CentOS and Rocky?
the latest official documentation helped me with docker-compose setup https://docs.docker.com/desktop/networking/#ssh-agent-forwarding
That seems to be specific to Docker Desktop. What about Colima and/or Podman?
Based on @tomdavies post, i created this Dockerfile which uses the USER statement in order to have an unpriviledged container instead of su-exec:
FROM python:3.11.6-alpine
RUN apk --no-cache add --update \
socat \
sudo
RUN addgroup --gid 1001 -S ansible && adduser --uid 1001 -S ansible -G ansible -h /home/ansible
RUN echo 'ansible ALL=(ALL:ALL) NOPASSWD:/usr/local/bin/create-ansible-agent-socket.sh' > /etc/sudoers
RUN echo 'socat UNIX-LISTEN:/home/ansible/.ssh/agent,fork,user=ansible,group=ansible,mode=777 UNIX-CONNECT:/root/.ssh/agent' > /usr/local/bin/create-ansible-agent-socket.sh
RUN chmod +x /usr/local/bin/create-ansible-agent-socket.sh
RUN echo 'sudo /usr/local/bin/create-ansible-agent-socket.sh & SSH_AUTH_SOCK=/home/ansible/.ssh/agent "$@"' > /entrypoint.sh
USER ansible
RUN mkdir -p /home/ansible/.ssh && chown ansible:ansible /home/ansible/.ssh
ENTRYPOINT [/bin/sh, /entrypoint.sh]
you run it then with
docker run -it -u ansible \
-v "$SSH_AUTH_SOCK":/root/.ssh/agent \
-e SSH_AUTH_SOCK=/root/.ssh/agent \
name cmd
@benjertho After struggling for hours with the same problem (works on first shell login but after that fails), I tried a hack and it worked! Sharing here:
-
Add an entrypoint line to dockerfile
ENTRYPOINT ["/ros_entrypoint.sh"]
-
In entrypoint script, add the following at the top:
# Dynamically set SSH_AUTH_SOCK if it's available in the mounted /tmp directory
if [ -n "$(find /tmp -type s -name 'agent.*' 2>/dev/null)" ]; then
export SSH_AUTH_SOCK=$(find /tmp -type s -name 'agent.*' 2>/dev/null)
fi
- Add the following to your compose.yaml:
environment:
- SSH_AUTH_SOCK=/tmp/ssh-agent
volumes:
- /tmp:/tmp
Now the ssh auth sock will be set appropriately every time.
run docker -p 222:22 && apt install openssh-server && $(edit /etc/ssh/sshdconfig to enable root login)
on your mac of git bash
eval $(ssh-agent -s)
ssh-add
ssh -A toDockerContainer
Thanks! You pointed me in the right direction for a very similar problem. Here’s my take on it, implemented within a Makefile. This is very much specific to a mac os problem with a Docker Desktop solution.
# izumanetworks.com ai-edge-runner
run:
@if [ -z "$(WORKSPACE_PATH)" ]; then \
echo "Error: Please specify the path to map using MAP=/path/to/map"; \
exit 1; \
fi
@if [ -z "$(SSH_AUTH_SOCK)" ]; then \
echo "Error: SSH agent is not running. Please start it with 'eval $$(ssh-agent -s)' and add your key with 'ssh-add'."; \
exit 1; \
fi
docker run -it \
--name $(CONTAINER_NAME) \
-e SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock \
-v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock \
-v $(WORKSPACE_PATH):/izuma \
--entrypoint /bin/bash \
$(IMAGE_NAME)
The magic is that even though macOS doesn’t have a /run/blah/blah path, Docker Desktop creates /run/host-services/ssh-auth.sock as a special bridge to your host system’s SSH_AUTH_SOCK.
To test, run ssh-add -l inside the container to list your keys and ssh -T git@github.com to verify connectivity. This approach works seamlessly with Docker Desktop on macOS.
the latest official documentation helped me with docker-compose setup https://docs.docker.com/desktop/networking/#ssh-agent-forwarding
That seems to be specific to Docker Desktop. What about Colima and/or Podman?
Did you ever figure this out on Podman specifically?
Check if you use docker from snap. In my Kubuntu 22.04 I remove docker from snap and install using apt and problem is fixed