Git permission denied inside Docker container

Question

I am using a shell script as the part of Jenkinsfile to run database migration. The shell script attempts to clone a repository after setting an entry in known_hosts file. I am doing the following :

    #!/bin/bash

    set -e

    # Workaround old docker images with incorrect $HOME
    # check https://github.com/docker/docker/issues/2968 for details
    if [ "${HOME}" = "/" ]
    then
      export HOME=$(getent passwd $(id -un) | cut -d: -f6)
    fi

    mkdir -p ~/.ssh

    echo '
    github.com ssh-rsa KEY
  ' >> ~/.ssh/known_hosts

    git clone git@github.com:Organization/migrations.git /tmp/database-migrations

   Execute Migration

This gives me an error which is

Permission denied (publickey).
fatal: Could not read from remote repository.

How can solve this ?

BTW when I check the known hosts file, I am seeing an entry has been added to the file with an IP which is 192 range (local IP). Is this creating the problem ?

Answer 1

It seems you need to use SSH for just cloning right? Why not use https URL to clone the repository, that worked for me. I think when just cloning a repo https with an access token is much simpler and as secure. Adding SSH can make your container bigger and potentially slower check this issue.

You can use this instead:

git clone https://{{YOUR_USER_NAME}}:{{YOUR_ACCESS_TOKEN}}@gitlab.com/{{REPO_URL}}.git

There is also debate on whether using SSH in containers is good practice altogether. Hacker News: Docker Container Shouldn't Run SSH Server

Answer 2

Not because the known_hosts file. As it said, I think it's your private key.

Have you copy the right private key into your container? 'cause I didn't see it in your script.

You can test your key by typing:

ssh -T git@github.com

I beleive you'll see the same result.

And you can check this link Error: Permission denied (publickey) on github.