如何使用我的 Dockerfile 中的私钥访问 GIT 存储库 [英] How to access GIT repo with my private key from Dockerfile

问题描述

我正在尝试在我的 Docker 容器中添加一个私钥，该容器可以访问我的私有 git 存储库.testing_git 文件位于包含 Dockerfile 的文件夹中.我正在尝试制作一个可以即时提取 git 代码的容器.

I am trying to add a private key in my Docker container which has access to my private git repositories. The testing_git file is in the folder containing Dockerfile. I am trying to make a container which can pull git code on the fly.

这是我的 Dockerfile:

This is my Dockerfile:

FROM ubuntu:14.04.1
WORKDIR ~/.ssh
RUN apt-get -y install ssh
WORKDIR /var/www/html
Run apt-get -y install git
RUN mkdir ~/.ssh
ADD id_rsa /home/id_rsa
RUN cat /home/id_rsa && mv /home/id_rsa ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa && eval "$(ssh-agent -s)"  && ssh-add ~/.ssh/id_rsa && ssh-add -l && ssh-add -L && echo "Host github.com
	IdentityFile ~/.ssh/id_rsa" >> /root/.ssh/config &&  git clone git@github.com:amitbadheka/Learning-Rails

输出:

Step 9 : RUN mkdir ~/.ssh
---> Using cache
---> 38f2824f41d6
Step 10 : ADD id_rsa /home/id_rsa
---> Using cache
---> afae372c6a40
Step 11 : RUN cat /home/id_rsa && mv /home/id_rsa ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa && eval "$(ssh-agent -s)"  && ssh-add ~/.ssh/id_rsa && ssh-add -l && ssh-add -L && echo "Host github.com
	IdentityFile ~/.ssh/id_rsa" >> /root/.ssh/config &&  git clone git@github.com:amitbadheka/Learning-Rails.git
---> Running in edd6778a0ae6
-----BEGIN RSA PRIVATE KEY-----
MY PRIVATE KEY
-----END RSA PRIVATE KEY-----
Agent pid 12
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
2048 69:41:88:d2:5f:22:fa:63:92:2b:f9:b8:a4:1e:3c:24 /root/.ssh/id_rsa (RSA)
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrfPuszAriGJxGd16TVeWBvCt8lj88OlJ0fz5LYd2voWDUDnEmPDpvQUDZKQI+MlFfhPS+KN239XsL4X1+vdyj8xXzcBeUB+DUYW2bxZd0kLsmOPeJ0Htoat12fdjzIC/m+H+j6SkAwL+WrV/vH+tbjNZVrl+zcMvBsZipyrKHmJiwko/cqACRYGRXAAUahnVTfhQGXArqn3ioxNN5r6ZDPdv+xGZY4V9fTbHbDooEHaOz/EFu6xwoBFC2SBID3aKEQgS6C07/iRt1fJ8c8TPPvJt6vLJQ/h5LLsN2WRxDG+V5fCGqWKDdJWoyM+fOuCNOH1XTDka8d+2ZN2v+U1KX /root/.ssh/id_rsa
Cloning into 'Learning-Rails'...
**Host key verification failed.**
**fatal: Could not read from remote repository.**
Please make sure you have the correct access rights and the repository exists.
2014/12/15 18:20:47 The command [/bin/sh -c cat /home/id_rsa && mv /home/id_rsa ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa && eval "$(ssh-agent -s)"  && ssh-add ~/.ssh/id_rsa && ssh-add -l && ssh-add -L && echo "Host github.com
	IdentityFile ~/.ssh/id_rsa" >> /root/.ssh/config &&  git clone git@github.com:amitbadheka/Learning-Rails.git] returned a non-zero code: 128

所以当我使用相同的密钥时，我可以访问我的存储库.

So when I use the same key, I could access my repo.

谁能告诉我我错过了什么?

Can anyone tell me what I am missing?

推荐答案

报错信息Host key verification failed.不是抱怨你的私钥，而是github.com的host key.您可以这样做来添加 github 主机密钥:

The error message Host key verification failed. is not complaining about your private key, but rather the host key for github.com. You can do this to add the github hostkey:

ssh-keyscan -t rsa github.com > ~/.ssh/known_hosts

也许你有你的理由，但一般来说，将 git repo 克隆到镜像中并不是在容器中运行代码的首选方式.相反，将 Dockerfile 放在 repo 的根目录下，并在 Dockerfile 中使用 ADD 命令将源代码包含在容器中.

Perhaps you have your reasons, but in general cloning the git repo in to the image is not the preferred way to run your code in a container. Instead, put a Dockerfile at the root of your repo, and within the Dockerfile use the ADD command to include your source code in the container.

正如您现在所写的，您的私钥是 Docker 映像的一部分.与您共享图像的任何人也将拥有您的私钥.

As you have it written now, your private key is part of the Docker image. Anyone you share the image with will also have your private key.

这篇关于如何使用我的 Dockerfile 中的私钥访问 GIT 存储库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！