问题
Could not open a connection to your authentication agent.
I am following the approach of mounting the $SSH_AUTH_SOCK as a volume, but doing so with compose.
Setup
~/.ssh/config
Host *
ForwardAgent yes
Dockerfile:
FROM atlashealth/ruby:2.2.2
RUN apt-get update -qq && \
apt-get install -qy build-essential libxml2-dev libxslt1-dev \
g++ qt5-default libqt5webkit5-dev xvfb dbus \
libmysqlclient-dev \
mysql-client openssh-client git && \
# cleanup
apt-get clean && \
cd /var/lib/apt/lists && rm -fr *Release* *Sources* *Packages* && \
truncate -s 0 /var/log/*log
Compose yaml:
web:
build: "."
environment:
- SSH_AUTH_SOCK=/ssh-agent
volumes:
- "$SSH_AUTH_SOCK:/ssh-agent"
NOTE: I have interpolation running on my compose, so $SSH_AUTH_SOCK
is substituted with /private/tmp/com.apple.launchd.ZxGtZy6a9w/Listeners
for example.
I have forwarding setup on my host OSX properly, it works against another ubuntu host.
Run
docker-compose run web bash
In-Container
When I run ssh-add -L
, it states Could not open a connection to your authentication agent.
When I run ssh-agent
, it yields
SSH_AUTH_SOCK=/tmp/ssh-vqjuo7FIfVOL/agent.21; export SSH_AUTH_SOCK;
SSH_AGENT_PID=22; export SSH_AGENT_PID;
echo Agent pid 22;
When I run echo $SSH_AUTH_SOCK
from bash, it yields /ssh-agent
Question
It seems that compose is making the SSH_AUTH_SOCK
available to bash
, but it seems that the ssh-agent
is not getting that same env
. What am I missing?
回答1:
I solved it using whilp/ssh-agent, though you should note that this is not using SSH_AUTH_SOCK
directly and requires an additional long running container. I'll integrate this approach into docker-rails for ease of use.
Start a long running container
docker run -d --name=ssh-agent whilp/ssh-agent:latest
Add your key
docker run --rm --volumes-from=ssh-agent -v ~/.ssh:/ssh -it whilp/ssh-agent:latest ssh-add /ssh/id_rsa
List your keys
docker run --rm --volumes-from=ssh-agent -v ~/.ssh:/ssh -it whilp/ssh-agent:latest ssh-add -L
bash into a container and check the key with
ssh -T git@bitbucket.org
My yaml looks like:
web:
build: .
working_dir: /project
ports:
- "3000"
environment:
# make ssh keys available via ssh forwarding (see volume entry)
- SSH_AUTH_SOCK=/ssh-agent/socket
volumes_from:
# Use configured whilp/ssh-agent long running container for keys
- ssh-agent
回答2:
The previous accepted answer using whilp/ssh-agent did not work for me for some reason (it worked before but since last changes it doesn't and I don't know why) so I created my own agent container:
docker-ssh-agent
based on minimal alpine:3.4
base image. So anyone still having trouble with this on OSX, check the README
it's now really easy to get it up and running!
来源:https://stackoverflow.com/questions/32897709/ssh-agent-forwarding-inside-docker-compose-container