CODEWITHSUNDEEP
gitsshdocker-buildkit
genesi5
genesi5

Reputation: 453

BuildKit: ssh mount doesn't work in container correctly

So, here's the situation. I'm trying to build an image using BuildKit on Docker WSL2, providing ~/.ssh/config:

Host <host>                                                                                                  
  Port 22022                                                                                                                                             
  User git                                                                                                                                               
  PubkeyAuthentication yes                                                                                                                               
  IdentityFile ~/.ssh/id_rsa                                                                                                                             
  Ciphers +aes256-cbc

doing ssh key addition:

eval `ssh-agent -s`
ssh-add ~/.ssh/id_rsa

Piece of Dockerfile:

FROM debian:10

RUN \
apt update && apt -y install git; \
mkdir /root/.ssh; \

RUN --mount=type=ssh \
ssh-keyscan -t rsa -p 22022 <host> >> /root/.ssh/known_hosts; \
ssh-keyscan -t rsa -p 22022 "$(getent hosts <host> | awk '{ print $1 }')" >> /root/.ssh/known_hosts; \
git clone ssh://[email protected]:22022/some/project.git /root/project

but when Docker comes to cloning - i see this:

Cloning into '/root/project'...
#10 0.313 Unable to negotiate with <host ip> port 22022: no matching cipher found. Their offer: aes256-cbc
#10 0.313 fatal: Could not read from remote repository.
#10 0.313
#10 0.313 Please make sure you have the correct access rights
#10 0.313 and the repository exists.

As you see in config - cipher is defined in ssh config. Also - i have known_hosts blank after ssh-keyscan. And before you ask - i can easily clone projects on host without these problems.

I know that i can bypass the problem with direct passing of ssh keys, but since BuildKit gives this opportunity - what am i doing wrong?

Upvotes: 1

Views: 999

Answers (1)

VonC
VonC

Reputation: 1327784

cipher is defined in ssh config

It is. But you are not using ssh config.
To use what you have defined in ssh config, you would need to use the URL:

<host>:some/project.git

(replace <host> by the Host entry value)

And that assumes the config and key files were COPY first in the Dockerfile to be used by the RUN git clone directive.
(Unless the RUN --mount=type=ssh does that already)

Upvotes: 1

Related Questions