Created
January 29, 2014 23:32
-
-
Save d11wtq/8699521 to your computer and use it in GitHub Desktop.
How to SSH agent forward into a docker container
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
docker run -rm -t -i -v $(dirname $SSH_AUTH_SOCK) -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK ubuntu /bin/bash |
is there a version of setup for Redhat linux and distributions based on it like CentOS and Rocky?
the latest official documentation helped me with docker-compose setup https://docs.docker.com/desktop/networking/#ssh-agent-forwarding
That seems to be specific to Docker Desktop. What about Colima and/or Podman?
Based on @tomdavies post, i created this Dockerfile which uses the USER statement in order to have an unpriviledged container instead of su-exec:
FROM python:3.11.6-alpine
RUN apk --no-cache add --update \
socat \
sudo
RUN addgroup --gid 1001 -S ansible && adduser --uid 1001 -S ansible -G ansible -h /home/ansible
RUN echo 'ansible ALL=(ALL:ALL) NOPASSWD:/usr/local/bin/create-ansible-agent-socket.sh' > /etc/sudoers
RUN echo 'socat UNIX-LISTEN:/home/ansible/.ssh/agent,fork,user=ansible,group=ansible,mode=777 UNIX-CONNECT:/root/.ssh/agent' > /usr/local/bin/create-ansible-agent-socket.sh
RUN chmod +x /usr/local/bin/create-ansible-agent-socket.sh
RUN echo 'sudo /usr/local/bin/create-ansible-agent-socket.sh & SSH_AUTH_SOCK=/home/ansible/.ssh/agent "$@"' > /entrypoint.sh
USER ansible
RUN mkdir -p /home/ansible/.ssh && chown ansible:ansible /home/ansible/.ssh
ENTRYPOINT [/bin/sh, /entrypoint.sh]
you run it then with
docker run -it -u ansible \
-v "$SSH_AUTH_SOCK":/root/.ssh/agent \
-e SSH_AUTH_SOCK=/root/.ssh/agent \
name cmd
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
the latest official documentation helped me with docker-compose setup
https://docs.docker.com/desktop/networking/#ssh-agent-forwarding