docker-ssh-exec icon indicating copy to clipboard operation
docker-ssh-exec copied to clipboard
verified publisher icon mdsol

Works as described, but GH still refuses the key

Open andrewconnell opened this issue 9 years ago • 2 comments

Elegant solution, but not working for me... missing something?

I can run the tests and see that the key is being copied in, but when I try to clone, I keep getting the dreaded:

Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

Running the server container just fine:

docker run -v ~/.ssh/id_rsa:/root/.ssh/id_rsa --name=keyserver -d mdsol/docker-ssh-exec -server

And verified it's working:

docker run --rm -it mdsol/docker-ssh-exec cat /root/.ssh/id_rsa

Which yields:

Broadcasting UDP key request...
Got key from server.
Writing key to /root/.ssh/id_rsa
Running command: cat /root/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,96649B0D4A67E5B370482C3873039948

MiaCG/AcOtMrFmAkElFPNJcr5T6q78XeswGcg/kuh/lQgCBCnLc5FL6WVA2/IOjA<snip>
-----END RSA PRIVATE KEY-----
Command completed successfully.
Deleting key file /root/.ssh/id_rsa...

But when I try to run npm install or just a simple git clone frm within my Dockerfile like this:

ADD docker-ssh-exec /tmp
RUN /tmp/docker-ssh-exec git clone [email protected]:[me]/[repo].git

... it always errors out:

Step 6 : RUN /tmp/docker-ssh-exec git clone [email protected]:[me]/[repo].git
 ---> Running in c57083506876
Broadcasting UDP key request...
Got key from server.
Writing key to /root/.ssh/id_rsa
Running command: git clone [email protected]:[me]/[repo].git
Cloning into '[repo]'...
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
ERROR: command 'git clone [email protected]:[me]/[repo].git' exited with status 128
Deleting key file /root/.ssh/id_rsa...
The command '/bin/sh -c /tmp/docker-ssh-exec git clone [email protected]:[me]/[repo].git' returned a non-zero code: 128

Running the same git clone command from the host works. I suspect it has something to do with the fact that a known_hosts isn't getting created (ala: http://stackoverflow.com/a/29380765). When I remove that file from my host, it doesn't work, but when it's there, it does work.

Ideas?

andrewconnell avatar Sep 14 '16 00:09 andrewconnell

In your Dockerfile you can run ssh-keyscan to inject the known hosts:

ONBUILD RUN ssh-keyscan -t ``rsa'' -H github.com >> /etc/ssh/ssh_known_hosts

jpstrikesback avatar Dec 19 '16 14:12 jpstrikesback

You may also add echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config instead

joaocc avatar Mar 18 '18 22:03 joaocc