Reputation: 2122
How do I configure ssh proxycommand correctly to run docker exec?
I have a host defined in /etc/hosts called web1.
There is a docker container with the name store.
While on my workstation I can ssh into the machine and execute the command to enter the container interactively like this
ssh -t -t web1 docker exec -ti store /bin/bash
It properly drops me right into the container as root as I had hoped.
However, I really want to define a pseudo host named store and set it up in my ~/.ssh/config file like this using ProxyCommand so I can use ssh store
Host store
ProxyCommand ssh -t -t web1 docker exec -ti store /bin/bash
But it fails with the following error:
Bad packet length 218958363.
ssh_dispatch_run_fatal: Connection to UNKNOWN: message authentication code incorrect
Killed by signal 1.
If I add -v for some debugging, the last two lines just before the block above are
debug1: Authenticating to store:22 as 'user1'
debug1: SSH2_MSG_KEXINIT sent
- I think it is trying
sshinto thestorecontainer instead of just executing the command which is throwing that error, is that correct? If not what is the issue? - Is there a way to do this using ProxyCommand without trying to ssh into the container but instead just use the docker exec?
- Is it easy enough to also setup the ssh into the container? We currently aren't doing that as a matter of practice.
- Is there another option other than an alias for
ssh-store?
The end goal is to have a virtual host defined that I can just say ssh store and have it end up in the store container on web1.
Edited:
Solution:
As Jakuje indicated, using the ProxyCommand with ssh is not going to allow a non-ssh further command. Therefore I am just using an alias and potentially a bash function for this to accomplish it. I've setup both.
Also per Jakuje's recommendation in ~/.ssh/config
Host web1
RequestTTY yes
in ~/.bash_aliases
alias ssh-store="ssh web1 docker exec -ti store /bin/bash"
so I can do ssh-store and end up in the container
or in ~/.bashrc
function ssh-web1 { ssh web1 docker exec -ti $1 /bin/bash; }
so I can do ssh-web1 store and also end up in the container
Upvotes: 3
Views: 3061
Answers (1)
Reputation: 26016
I think it is trying ssh into the store container instead of just executing the command which is throwing that error, is that correct? If not what is the issue?
Yes
Is there a way to do this using ProxyCommand without trying to ssh into the container but instead just use the docker exec?
No. It does not work this way. ProxyCommand expects the other step to be also SSH session and not direct bash prompt.
Is it easy enough to also setup the ssh into the container? We currently aren't doing that as a matter of practice.
I think this is unnecessary overhead. But it is possible as described in many other questions around here.
At least you can get rid of -t -t by specifying RequestTTY in your ~/.ssh/config. But the rest have to be bash alias or function (if you have more host function is more appropriate).
function ssh-docker {
ssh web1 docker exec -ti $1 /bin/bash
}
and then you can call it regardless the container like this:
ssh-docker store
You just store such function into your .bashrc or where you stored your aliases.
Upvotes: 1
Related Questions
- SSH and Docker Exec together are not accepting multiple commands
- docker exec -> permission denied when executing through ssh
- Running docker commands on remote machine through ssh
- shell script having ssh command inside docker container fails with - ssh: not found
- docker-machine ssh trying to run part of command on local machine
- Docker exec with ssh gives no such container Error
- How can I create a SSH tunnel in a docker container where the socks proxy is accessible by the host machine?
- Can't get SSH ProxyCommand with sudo on proxy machine to work
- Docker-machine : How to exec an ssh command correctly?
- ssh ProxyCommand not working like regular command