ssh-add in docker - Could not open a connection to your authentication agent
I am trying to create a docker image for my Python flask API.
I need git to install dependencies and I have already installed git in docker few times. But here, I cannot understand what I'm doing wrong.
With the docker:
FROM python:3.6-slim
ARG ssh_prv_key
ARG ssh_pub_key
RUN apt-get update && \
apt-get install -y openssh-server &&\
apt-get install -y git
# Authorize SSH Host
RUN mkdir -p /root/.ssh && \
chmod 0700 /root/.ssh && \
ssh-keyscan github.com > /root/.ssh/known_hosts
# Add the keys and set permissions
RUN echo "$ssh_prv_key" > /root/.ssh/id_rsa && \
echo "$ssh_pub_key" > /root/.ssh/id_rsa.pub && \
chmod 600 /root/.ssh/id_rsa && \
chmod 600 /root/.ssh/id_rsa.pub && \
echo "StrictHostKeyChecking no " > /root/.ssh/config
RUN eval "$(ssh-agent -s)"
RUN ssh-add /root/.ssh/id_rsa
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
COPY requirements.txt /usr/src/app/
RUN pip3 install --no-cache-dir -r requirements.txt
# Remove SSH keys
RUN rm -rf /root/.ssh/
COPY ./my_api /usr/src/app
# Expose the Flask port
EXPOSE 5000
CMD [ "python", "./app.py" ]
I execute the command:
docker build --build-arg ssh_prv_key=.keys/id_rsa --build-arg ssh_pub_key=.keys/id_rsa.pub -t my-api -f Dockerfile .
Which gives me the error below:
Step 7/16 : RUN eval "$(ssh-agent -s)"
---> Running in be450cc39533
Agent pid 9
Removing intermediate container be450cc39533
---> fb101226dc5f
Step 8/16 : RUN ssh-add /root/.ssh/id_rsa
---> Running in 4288e93db584
Could not open a connection to your authentication agent.
The command '/bin/sh -c ssh-add /root/.ssh/id_rsa' returned a non-zero code: 2
A PID is retrieved by the eval function for the ssh-agent but I cannot connect to it.
SOLVED
I finally found what I was doing wrong. First of all, my build args wasn't correct. The correct docker build command is as follow:
docker build --build-arg ssh_prv_key="$(cat .keys/id_rsa)" --build-arg ssh_pub_key="$(cat .keys/id_rsa.pub)" -t my-api -f Dockerfile .
Also, and I don't know why, git handle correctly my ssh keys without usage of
RUN eval "$(ssh-agent -s)"
RUN ssh-add /root/.ssh/id_rsa
The commands above resulting into an could not connect to your agent error.
Then, the right file is
FROM python:3.6-slim
ARG ssh_prv_key
ARG ssh_pub_key
RUN apt-get update && \
apt-get install -y git
# Authorize SSH Host
RUN mkdir -p /root/.ssh && \
chmod 0700 /root/.ssh && \
ssh-keyscan github.com > /root/.ssh/known_hosts
# Add the keys and set permissions
RUN echo "$ssh_prv_key" > /root/.ssh/id_rsa && \
echo "$ssh_pub_key" > /root/.ssh/id_rsa.pub && \
chmod 600 /root/.ssh/id_rsa && \
chmod 600 /root/.ssh/id_rsa.pub
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
COPY requirements.txt /usr/src/app/
RUN pip3 install --no-cache-dir -r requirements.txt
# Remove SSH keys
RUN rm -rf /root/.ssh/
COPY ./my_api /usr/src/app
# Expose the Flask port
EXPOSE 5000
CMD [ "python", "./app.py" ]
Answer
I believe the issue related to ssh configuration in your container, the default ssh strategy in Ubuntu is to refuse the root remote login.
To enable it, add the below line to your Dockerfile.
RUN echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
This line edits the /etc/ssh/sshd_config file to permit root login, but you need to restart sshd service, to do so, you have to add the below line also in your Dockerfile.
RUN systemctl restart sshd
Also if you trust the certificate, just add -K flag to ssh-add.
RUN ssh-add -k /root/.ssh/id_rsa
The -k option is used When loading keys into or deleting keys from the agent, process plain private keys only and skip certificates.
I hope this can help.
Best Regards,