Docker加载密钥“ /root/.ssh/id_rsa”：无效格式 [英] Docker Load key "/root/.ssh/id_rsa": invalid format

问题描述

我正在尝试克隆一个包含子模块的仓库。主要仓库很好，但是我在dockerfile中执行 git子模块更新--init --recursive 时，子模块会抛出错误。

I am trying to clone a repo that has submodules in it. The main repo is cloning fine but when I do git submodule update --init --recursive in the dockerfile the submodules throws and error.

fatal: clone of 'git@github.com:jkeys089/lua-resty-hmac.git' into submodule path '/tmp/third-party/lua-resty-hmac' failed
Failed to clone 'third-party/lua-resty-hmac'. Retry scheduled
Cloning into '/tmp/third-party/lua-resty-jwt'...
load pubkey "/root/.ssh/id_rsa": invalid format
Warning: Permanently added the RSA host key for IP address '140.82.118.3' to the list of known hosts.
Load key "/root/.ssh/id_rsa": invalid format
git@github.com: Permission denied (publickey).

在图像中我有这个

# authorise ssh host
RUN mkdir /root/.ssh/ \
    && chmod 700 /root/.ssh \
    && ssh-keyscan github.com > /root/.ssh/known_hosts

# add key and set permission
RUN echo "${SSH_PRIVATE_KEY}" >> /root/.ssh/id_rsa \
    && echo "$ssh_pub_key" > /root/.ssh/id_rsa.pub \
    && chmod 600 /root/.ssh/id_rsa.pub \
    && chmod 600 /root/.ssh/id_rsa

我无法控制子模块。我不确定是否可以从 git@github.com 更改为https以获得子模块。

I have no control of the submodules. I am not sure if I can change from git@github.comto https to get submodules.

我什至尝试使用 GITHUB_TOKEN 路线

# start up git and clone
RUN git config --global url."https://${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/" \
    && git clone https://github.com/GluuFederation/gluu-gateway.git /tmp \
    && cd /tmp/ \
    && git submodule update --init --recursive

以下是构建命令的一部分。
build --build-arg GITHUB_TOKEN = $ {GITHUB_TOKEN} --build-arg SSH_PRIVATE_KEY = $（cat〜/ .ssh / id_rsa） --build-arg ssh_pub_key = $ （cat〜/ .ssh / id_rsa.pub） c

And below is the part of the build command. build --build-arg GITHUB_TOKEN=${GITHUB_TOKEN} --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)" --build-arg ssh_pub_key="$(cat ~/.ssh/id_rsa.pub)"

请帮忙。非常令人沮丧：（

Please help out on this. It's very frustrating. :(

推荐答案

如果密钥为无效格式，请尝试使用旧的PEM格式。

If the key is "invalid format", try and regenerate it with the old PEM format.

ssh-keygen -m PEM -t rsa -P "" 

请确保将公钥添加到GitHub帐户以进行正确的身份验证。

Make sure to add the public key to your GitHub account for proper authentication.

OP Shammir 添加了：

The OP Shammir adds in the comments:

我认为问题是在构建期间没有任何内容从主机复制到docker映像。

I think the issue is that nothing is being copied from host machine to docker image during build.

在 docker build --build-arg SSH_PRIVATE_KEY = $（cat〜/。 ssh / id_rsa） 返回空，Shammir使用 dockito / vault 来管理私钥，但也可以将其配置为 AddKeysToAgent：如果私钥不需要没有密码保护（如上面的命令所示）

In "docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)" returning empty", Shammir uses dockito/vault to manage the private key, but also configure it to "AddKeysToAgent": that is not needed if the private key is not passphrase protected (as in my command above)

这篇关于Docker加载密钥“ /root/.ssh/id_rsa”：无效格式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！