Skip to content

Instantly share code, notes, and snippets.

@d11wtq
Created January 29, 2014 23:32
Show Gist options
  • Save d11wtq/8699521 to your computer and use it in GitHub Desktop.
Save d11wtq/8699521 to your computer and use it in GitHub Desktop.
How to SSH agent forward into a docker container
docker run -rm -t -i -v $(dirname $SSH_AUTH_SOCK) -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK ubuntu /bin/bash
@wirwolf
Copy link

wirwolf commented Dec 22, 2023

Check if you use docker from snap. In my Kubuntu 22.04 I remove docker from snap and install using apt and problem is fixed

@vokshirg
Copy link

vokshirg commented Feb 6, 2024

the latest official documentation helped me with docker-compose setup
https://docs.docker.com/desktop/networking/#ssh-agent-forwarding

@sourcecodemage
Copy link

is there a version of setup for Redhat linux and distributions based on it like CentOS and Rocky?

@sourcecodemage
Copy link

the latest official documentation helped me with docker-compose setup https://docs.docker.com/desktop/networking/#ssh-agent-forwarding

That seems to be specific to Docker Desktop. What about Colima and/or Podman?

@philippkemmeter
Copy link

Based on @tomdavies post, i created this Dockerfile which uses the USER statement in order to have an unpriviledged container instead of su-exec:

FROM python:3.11.6-alpine

RUN apk --no-cache add --update \
    socat \
    sudo

RUN addgroup --gid 1001 -S ansible && adduser --uid 1001 -S ansible -G ansible -h /home/ansible
RUN echo 'ansible ALL=(ALL:ALL) NOPASSWD:/usr/local/bin/create-ansible-agent-socket.sh' > /etc/sudoers
RUN echo 'socat UNIX-LISTEN:/home/ansible/.ssh/agent,fork,user=ansible,group=ansible,mode=777 UNIX-CONNECT:/root/.ssh/agent' > /usr/local/bin/create-ansible-agent-socket.sh
RUN chmod +x /usr/local/bin/create-ansible-agent-socket.sh
RUN echo 'sudo /usr/local/bin/create-ansible-agent-socket.sh & SSH_AUTH_SOCK=/home/ansible/.ssh/agent "$@"' > /entrypoint.sh

USER ansible
RUN mkdir -p /home/ansible/.ssh && chown ansible:ansible /home/ansible/.ssh

ENTRYPOINT [/bin/sh, /entrypoint.sh]

you run it then with

docker run -it -u ansible \
    -v "$SSH_AUTH_SOCK":/root/.ssh/agent \
    -e SSH_AUTH_SOCK=/root/.ssh/agent \
    name cmd

@sadanand1120
Copy link

@benjertho After struggling for hours with the same problem (works on first shell login but after that fails), I tried a hack and it worked! Sharing here:

  • Add an entrypoint line to dockerfile
    ENTRYPOINT ["/ros_entrypoint.sh"]

  • In entrypoint script, add the following at the top:

# Dynamically set SSH_AUTH_SOCK if it's available in the mounted /tmp directory
if [ -n "$(find /tmp -type s -name 'agent.*' 2>/dev/null)" ]; then
  export SSH_AUTH_SOCK=$(find /tmp -type s -name 'agent.*' 2>/dev/null)
fi
  • Add the following to your compose.yaml:
environment:
    - SSH_AUTH_SOCK=/tmp/ssh-agent
volumes:
    - /tmp:/tmp

Now the ssh auth sock will be set appropriately every time.

@nocanstillbb
Copy link

run docker -p  222:22 && apt install openssh-server &&  $(edit /etc/ssh/sshdconfig to enable root login)

on your mac of git bash

eval $(ssh-agent -s)
ssh-add 
ssh -A  toDockerContainer

@x85446
Copy link

x85446 commented Dec 5, 2024

Thanks! You pointed me in the right direction for a very similar problem. Here’s my take on it, implemented within a Makefile. This is very much specific to a mac os problem with a Docker Desktop solution.

# izumanetworks.com ai-edge-runner
run:
    @if [ -z "$(WORKSPACE_PATH)" ]; then \
        echo "Error: Please specify the path to map using MAP=/path/to/map"; \
        exit 1; \
    fi
    @if [ -z "$(SSH_AUTH_SOCK)" ]; then \
        echo "Error: SSH agent is not running. Please start it with 'eval $$(ssh-agent -s)' and add your key with 'ssh-add'."; \
        exit 1; \
    fi
    docker run -it \
        --name $(CONTAINER_NAME) \
        -e SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock \
        -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock \
        -v $(WORKSPACE_PATH):/izuma \
        --entrypoint /bin/bash \
        $(IMAGE_NAME)

The magic is that even though macOS doesn’t have a /run/blah/blah path, Docker Desktop creates /run/host-services/ssh-auth.sock as a special bridge to your host system’s SSH_AUTH_SOCK.

To test, run ssh-add -l inside the container to list your keys and ssh -T git@github.com to verify connectivity. This approach works seamlessly with Docker Desktop on macOS.

@hannylicious
Copy link

the latest official documentation helped me with docker-compose setup https://docs.docker.com/desktop/networking/#ssh-agent-forwarding

That seems to be specific to Docker Desktop. What about Colima and/or Podman?

Did you ever figure this out on Podman specifically?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment