Reputation: 179
SSH agent key is not visible/forwarded to Windows Docker container
I am trying to use Windows Docker to build a docker image. When building the docker image, it will invoke pip to access remote private GitHub repositories. However, it always returned this error message: [email protected]: Permission denied (publickey). fatal: Could not read from remote repository. It seems that the SSH agent key is not forwarded to Windows Docker container. I run it in Git Bash Windows.
My device information is:
- Windows Version: Windows11
- Docker Desktop Version: Docker Desktop 4.12.0 (85629)
- WSL2 or Hyper-V backend? WSL2 backend
The main part of the Docker file is:
FROM python:3.8.13 as builder
RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
RUN mkdir -p /home/app/
COPY requirements.txt /requirements.txt
RUN --mount=type=ssh pip install -r /requirements.txt --target
Then, running following commands to build the docker image:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa
docker build --ssh default .
When runningRUN --mount=type=ssh pip install -r /requirements.txt --target, the pip needs to access to private GitHub repositories and install them in docker image. But it always returned the permission denied error above - it seems that the ssh agent key is not visible/forwarded in docker container. I actually have already created a SSH key and added it to my GitHub.
I am just wondering if I missed something? Or it may be an underlying issue with Windows Docker? Thank you!
Upvotes: 2
Views: 879
Answers (2)
Reputation: 1
I have exactly the same issue while building a Docker image. I tried on two different PCs and ended up with the same failure. It seems that the ssh-agent in WSL2 failed to forward into the Docker image.
For anyone who also suffer from this, there's another safe way using GitHub Personal Access Token to clone repos when building a image.
You can create a token(classic) here, then either save it as a file on your host computer/path_to_github_token/github_token or as a environment in WSL2 use set GITHUB_TOKEN "your_github_token". For example, if you use the latter way, then
in Dockerfile
RUN --mount=type=secret,id=github_token,env=GITHUB_TOKEN \
git clone https://github.com/author/reponame.git
in command prompt:
docker build --secret id=github_token,env=GITHUB_TOKEN .
You can find more information at https://docs.docker.com/reference/dockerfile/#run---mounttypesecret
Upvotes: 0
Reputation: 428
@yangxiang_li yes, looks like I have figure it out... first you need a new ssh key without password( or make old one passwordless)
second in your docker-compose.yml file you need to add this:
your_service:
ssh:
- default=../../.ssh/id_rsa
Upvotes: 0
Related Questions
- Can not ssh-add private key to docker build
- Add private key to ssh-agent in docker file
- ssh agent on windows keep forgetting ssh key
- ssh-add in docker - Could not open a connection to your authentication agent
- Getting "Additional property ssh is not allowed" error when specifying ssh-agent in docker-compose
- Jenkinsfile with docker agent not able to load ssh key
- How to use SSH key in a Windows Container
- SSH agent forwarding during docker build
- jenkins how to use ssh-agent in docker
- SSH Agent forwarding inside docker compose container