SSH代理在Docker Compose容器内转发 [英] SSH Agent forwarding inside docker compose container
问题描述
无法打开与身份验证代理的连接.
我正在遵循将 $ SSH_AUTH_SOCK 作为卷安装的方法,但是因此与撰写.
I am following the approach of mounting the $SSH_AUTH_SOCK as a volume, but doing so with compose.
〜/.ssh/config
Host *
ForwardAgent yes
Dockerfile:
Dockerfile:
FROM atlashealth/ruby:2.2.2
RUN apt-get update -qq && \
apt-get install -qy build-essential libxml2-dev libxslt1-dev \
g++ qt5-default libqt5webkit5-dev xvfb dbus \
libmysqlclient-dev \
mysql-client openssh-client git && \
# cleanup
apt-get clean && \
cd /var/lib/apt/lists && rm -fr *Release* *Sources* *Packages* && \
truncate -s 0 /var/log/*log
撰写yaml:
web:
build: "."
environment:
- SSH_AUTH_SOCK=/ssh-agent
volumes:
- "$SSH_AUTH_SOCK:/ssh-agent"
注意::我在撰写文件上运行了插值,因此将 $ SSH_AUTH_SOCK 替换为/private/tmp/com.apple.launchd.ZxGtZy6a9w/Listeners.
NOTE: I have interpolation running on my compose, so $SSH_AUTH_SOCK is substituted with /private/tmp/com.apple.launchd.ZxGtZy6a9w/Listeners for example.
我在主机OSX上正确设置了转发设置,它可与另一台ubuntu主机一起使用.
I have forwarding setup on my host OSX properly, it works against another ubuntu host.
docker-compose run web bash
当我运行 ssh-add -L 时,它指出无法打开与您的身份验证代理的连接.
当我运行 ssh-agent 时,它会产生
SSH_AUTH_SOCK=/tmp/ssh-vqjuo7FIfVOL/agent.21; export SSH_AUTH_SOCK;
SSH_AGENT_PID=22; export SSH_AGENT_PID;
echo Agent pid 22;
当我从bash中运行 echo $ SSH_AUTH_SOCK 时,它会生成/ssh-agent
When I run echo $SSH_AUTH_SOCK from bash, it yields /ssh-agent
似乎compose使 bash 可以使用 SSH_AUTH_SOCK ,但是 ssh-agent 却没有得到相同的 env .我想念什么?
It seems that compose is making the SSH_AUTH_SOCK available to bash, but it seems that the ssh-agent is not getting that same env. What am I missing?
推荐答案
我使用 whilp/ssh-agent 解决了该问题,尽管您应该注意,这不是不直接使用 SSH_AUTH_SOCK 的方式,并且需要一个额外的长期运行的容器.为了方便使用,我会将这种方法集成到 docker-rails 中.
I solved it using whilp/ssh-agent, though you should note that this is not using SSH_AUTH_SOCK directly and requires an additional long running container. I'll integrate this approach into docker-rails for ease of use.
-
启动一个长期运行的容器
docker run -d --name = ssh-agent whilp/ssh-agent:latest
添加密钥 docker run --rm --volumes-from = ssh-agent -v〜/.ssh:/ssh -it whilp/ssh-agent:latest ssh-add/ssh/id_rsa
列出您的密钥 docker run --rm --volumes-from = ssh-agent -v〜/.ssh:/ssh -it whilp/ssh-agent:latest ssh-add -L
扑向一个容器并使用 ssh -T git@bitbucket.org
我的Yaml看起来像:
My yaml looks like:
web:
build: .
working_dir: /project
ports:
- "3000"
environment:
# make ssh keys available via ssh forwarding (see volume entry)
- SSH_AUTH_SOCK=/ssh-agent/socket
volumes_from:
# Use configured whilp/ssh-agent long running container for keys
- ssh-agent
这篇关于SSH代理在Docker Compose容器内转发的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
