如何使用Dockerfile中的私钥访问GIT repo [英] How to access GIT repo with my private key from Dockerfile
问题描述
这是我的Docker文件:
FROM ubuntu:14.04.1
WORKDIR〜/ .ssh
运行apt-get -y install ssh
WORKDIR / var / www / html
运行apt-get -y安装git
运行mkdir〜/ .ssh
添加ID_rsa / home / id_rsa
RUN cat / home / id_rsa&& mv / home / id_rsa〜/ .ssh / id_rsa& amp;& chmod 600〜/ .ssh / id_rsa&& eval$(ssh-agent -s)&& ssh-add〜/ .ssh / id_rsa&&& ssh-add -l&&& ssh-add -L&& echoHost github.com\\\
\tIdentityFile〜/ .ssh / id_rsa>> /root/.ssh/config&&& git clone git@github.com:amitbadheka / Learning-Rails
输出:
步骤9:运行mkdir〜/ .ssh
--->使用缓存
---> 38f2824f41d6
第10步:添加id_rsa / home / id_rsa
--->使用缓存
---> afae372c6a40
步骤11:RUN cat / home / id_rsa& amp;& mv / home / id_rsa〜/ .ssh / id_rsa& amp;& chmod 600〜/ .ssh / id_rsa&& eval$(ssh-agent -s)&& ssh-add〜/ .ssh / id_rsa&&& ssh-add -l&&& ssh-add -L&& echoHost github.com\\\
\tIdentityFile〜/ .ssh / id_rsa>> /root/.ssh/config&&& git clone git@github.com:amitbadheka / Learning-Rails.git
--->运行在edd6778a0ae6
----- BEGIN RSA私钥-----
我的私钥
-----结束RSA私钥-----
代理pid 12
加入身份:/root/.ssh/id_rsa(/root/.ssh/id_rsa)
2048 69:41:88:d2:5f:22:fa:63:92:2b :F9:B8:A4:1E:3C:24 /root/.ssh/id_rsa(RSA)
SSH-RSA AAAAB3NzaC1yc2EAAAADAQABAAABAQCrfPuszAriGJxGd16TVeWBvCt8lj88OlJ0fz5LYd2voWDUDnEmPDpvQUDZKQI + MlFfhPS + KN239XsL4X1 + vdyj8xXzcBeUB + DUYW2bxZd0kLsmOPeJ0Htoat12fdjzIC / M + H + j6SkAwL + WRV / VH + tbjNZVrl + zcMvBsZipyrKHmJiwko / cqACRYGRXAAUahnVTfhQGXArqn3ioxNN5r6ZDPdv + xGZY4V9fTbHbDooEHaOz / EFu6xwoBFC2SBID3aKEQgS6C07 / iRt1fJ8c8TPPvJt6vLJQ / h5LLsN2WRxDG + V5fCGqWKDdJWoyM + fOuCNOH1XTDka8d + 2ZN2v + U1KX /root/.ssh/id_rsa
克隆成学习型Rails的...
**主机密钥验证**
**致命:无法从远程存储库读取**
请确保您具有正确的访问权限,并且存储库存在。
2014/12/15 18:20:47命令[/ bin / sh -c cat / home / id_rsa&&& mv / home / id_rsa〜/ .ssh / id_rsa& amp;& chmod 600〜/ .ssh / id_rsa&& eval$(ssh-agent -s)&& ssh-add〜/ .ssh / id_rsa&&& ssh-add -l&&& ssh-add -L&& echoHost github.com\\\
\tIdentityFile〜/ .ssh / id_rsa>> /root/.ssh/config&&& git clone git@github.com:amitbadheka / Learning-Rails.git]返回一个非零代码:128
所以当我使用相同的密钥,我可以访问我的回购。
任何人都可以告诉我我失踪了什么?
错误信息主机密钥验证失败。不抱怨您的私钥,而是github.com的主机密钥。您可以这样做来添加github hostkey:
ssh-keyscan -t rsa github.com> 〜/ .ssh / known_hosts
也许你有你的理由,但一般克隆git repo到该图像不是在容器中运行代码的首选方式。相反,将一个Docker文件放在您的repo的根目录下,在Docker文件中使用 ADD 命令将源代码包含在容器中。
正如你现在写的,您的私钥是Docker映像的一部分。任何与您共享图像的人也将拥有您的私钥。
I am trying to add a private key in my Docker container which has access to my private git repositories. The testing_git file is in the folder containing Dockerfile. I am trying to make a container which can pull git code on the fly.
This is my Dockerfile:
FROM ubuntu:14.04.1
WORKDIR ~/.ssh
RUN apt-get -y install ssh
WORKDIR /var/www/html
Run apt-get -y install git
RUN mkdir ~/.ssh
ADD id_rsa /home/id_rsa
RUN cat /home/id_rsa && mv /home/id_rsa ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa && eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_rsa && ssh-add -l && ssh-add -L && echo "Host github.com\n\tIdentityFile ~/.ssh/id_rsa" >> /root/.ssh/config && git clone git@github.com:amitbadheka/Learning-Rails
Output:
Step 9 : RUN mkdir ~/.ssh
---> Using cache
---> 38f2824f41d6
Step 10 : ADD id_rsa /home/id_rsa
---> Using cache
---> afae372c6a40
Step 11 : RUN cat /home/id_rsa && mv /home/id_rsa ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa && eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_rsa && ssh-add -l && ssh-add -L && echo "Host github.com\n\tIdentityFile ~/.ssh/id_rsa" >> /root/.ssh/config && git clone git@github.com:amitbadheka/Learning-Rails.git
---> Running in edd6778a0ae6
-----BEGIN RSA PRIVATE KEY-----
MY PRIVATE KEY
-----END RSA PRIVATE KEY-----
Agent pid 12
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
2048 69:41:88:d2:5f:22:fa:63:92:2b:f9:b8:a4:1e:3c:24 /root/.ssh/id_rsa (RSA)
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrfPuszAriGJxGd16TVeWBvCt8lj88OlJ0fz5LYd2voWDUDnEmPDpvQUDZKQI+MlFfhPS+KN239XsL4X1+vdyj8xXzcBeUB+DUYW2bxZd0kLsmOPeJ0Htoat12fdjzIC/m+H+j6SkAwL+WrV/vH+tbjNZVrl+zcMvBsZipyrKHmJiwko/cqACRYGRXAAUahnVTfhQGXArqn3ioxNN5r6ZDPdv+xGZY4V9fTbHbDooEHaOz/EFu6xwoBFC2SBID3aKEQgS6C07/iRt1fJ8c8TPPvJt6vLJQ/h5LLsN2WRxDG+V5fCGqWKDdJWoyM+fOuCNOH1XTDka8d+2ZN2v+U1KX /root/.ssh/id_rsa
Cloning into 'Learning-Rails'...
**Host key verification failed.**
**fatal: Could not read from remote repository.**
Please make sure you have the correct access rights and the repository exists.
2014/12/15 18:20:47 The command [/bin/sh -c cat /home/id_rsa && mv /home/id_rsa ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa && eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_rsa && ssh-add -l && ssh-add -L && echo "Host github.com\n\tIdentityFile ~/.ssh/id_rsa" >> /root/.ssh/config && git clone git@github.com:amitbadheka/Learning-Rails.git] returned a non-zero code: 128
So when I use the same key, I could access my repo.
Can anyone tell me what I am missing?
The error message Host key verification failed. is not complaining about your private key, but rather the host key for github.com. You can do this to add the github hostkey:
ssh-keyscan -t rsa github.com > ~/.ssh/known_hosts
Perhaps you have your reasons, but in general cloning the git repo in to the image is not the preferred way to run your code in a container. Instead, put a Dockerfile at the root of your repo, and within the Dockerfile use the ADD command to include your source code in the container.
As you have it written now, your private key is part of the Docker image. Anyone you share the image with will also have your private key.
这篇关于如何使用Dockerfile中的私钥访问GIT repo的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
