在 docker 文件中将私钥添加到 ssh-agent [英] Add private key to ssh-agent in docker file

问题描述

我正在尝试为 Angular cli 项目编写一个 docker 文件，但我有一个外部依赖项，它是 BitBucket 上的一个私有仓库，所以我需要传递我的 ssh 密钥.我正在尝试使用 --build-arg

I am trying to write a docker file for angular cli project but I have an external dependency which is a private repo on BitBucket so I need to pass my ssh key. I am trying to pass ssh keys using --build-arg

现在的问题是，它不是将这些密钥添加到 ssh-agent 而是要求输入密码.

Now issues is, It's not adding those keys to ssh-agent and ask for the password instead.

我正在使用这个命令来运行docker build -t ng-2-docker/client --build-arg ssh_prv_key="$(cat ~/.ssh/id_rsa)" --build-arg ssh_pub_key="$(cat ~/.ssh/id_rsa)" .

I am using this command to run docker build -t ng-2-docker/client --build-arg ssh_prv_key="$(cat ~/.ssh/id_rsa)" --build-arg ssh_pub_key="$(cat ~/.ssh/id_rsa)" .

这是我的 docker 文件

and this is my docker file

ARG ssh_prv_key
ARG ssh_pub_key

# Use an official Node runtime as a parent image
FROM node:8.9.4

# Specify working directory in docker container
WORKDIR /app

# Authorize SSH Host
RUN mkdir -p /ssh/
RUN chmod 0700 /ssh

# Add the keys and set permissions
RUN echo "$ssh_prv_key" > /ssh/id_rsa && echo "$ssh_pub_key" > /ssh/id_rsa.pub && chmod 600 /ssh/id_rsa && chmod 600 /ssh/id_rsa.pub

# add bitbucket to known hosts
RUN ssh-keyscan bitbucket.org > /ssh/known_hosts

# Copy SSH key to temp folder to pull new code
# ADD ~/.ssh/id_rsa /tmp/
# RUN ssh-agent /tmp
RUN ls -la /ssh

# check if ssh agent is running or not, if not, run
RUN eval `ssh-agent -s` && ssh-add /ssh/id_rsa

# Copy local files into the containers working directory
COPY package.json /app

# Install dependencies inside container
RUN npm i

# Copy local files into the containers working directory
COPY . /app

# Execute Process
CMD ["npm", "docker:rogers:local"]

# Remove ssh key from temp
# RUN rm /tmp/id_rsa
RUN rm -rf /ssh

# expose port
EXPOSE 4200

如果我运行上面提到的命令，这是输出.

and here is the output if I run the command mentioned above.

推荐答案

我花了几天时间解决同样的问题.ssh-keygen -p 确保密码是空的，但我需要在我的 Dockerfile 中添加 ssh-agent 和 ssh-add 才能从私有仓库中提取.我的几个同行告诉我，他们能够让它发挥作用.我会复制他们所拥有的内容，但仍会被要求输入密码.最后我遇到了这个问题.在逐行手动输入 rsa 密钥并看到它成功后，我意识到这是因为我正在构建图像并通过 make 目标传递密钥，而 Makefile 正在将换行符处理为空格.最终，这只是一个更新密钥如何作为参数的问题，以便它作为 bash 运行而不是保留换行符.

I spent several days going through the same issue. ssh-keygen -p ensured the passphrase was empty, but I needed to ssh-agent and ssh-add in my Dockerfile to be able to pull from a private repo. Several of my peers told me they were able to make it work; I would copy what they had and still be asked for a passphrase. Finally I came across this issue. After manually inputting in the rsa key line by line and seeing it succeed, I realized it was because I was building the image and passing in the key via a make target, and the Makefile was processing the newlines as whitespaces. Ultimately it was just a matter of updating how the key was being cat as an argument so that it ran as bash instead to preserve the newlines.

这是我的 Makefile 中的构建命令:

Here was the build command inside my Makefile:

make container:    
    docker build --rm 
    --build-arg ssh_prv_key="$$(cat ~/.ssh/id_rsa)" 
    --squash -f Dockerfile -t $(DOCKER_IMAGE) .

我还要注意我需要包括

I will also note that I needed to include

echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config

我的 Dockerfile RUN 命令之一也是

to one of my Dockerfile RUN commands as well

这篇关于在 docker 文件中将私钥添加到 ssh-agent的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！