docker-registry icon indicating copy to clipboard operation
docker-registry copied to clipboard

Published 20 hours ago verified publisher icon docker-archive

Use SSH pub key in order to allow access to a repository

Open zedtux opened this issue 11 years ago • 31 comments

Hello,

As I'm looking to mount a private Docker registry server, I'd like to limit the access not with user/password authentication system but with SSH key like Git does today.

Is there any plan to do this or am I the first one to request this ? :smile:

zedtux avatar Aug 20 '14 15:08 zedtux

What I mean is to be able to do then:

docker push [email protected]:zedtux/my-docker-image

This would then push to my private server as I would have imported my SSH key in the docker registry (updating then the .ssh/authorised file).

zedtux avatar Aug 20 '14 17:08 zedtux

@zedtux so, you suggestion would mean using ssh as a transport (instead of http) - which is an idea. Though, this is largely irrelevant to this project (docker-registry) and something you should rather suggest on the main docker repo / discussions.

dmp42 avatar Aug 20 '14 22:08 dmp42

@dmp42 yes that is exactly the idea, to add another transport protocol to docker.

I have opened the ticket in this repo as I guess this repo will need to implement the SSH key management, isn't it ?

Anyway, I'm going to open another issue on the docker project itself mentioning this issue. Thank you in any cases.

zedtux avatar Aug 20 '14 22:08 zedtux

Done: docker issue #7650

zedtux avatar Aug 20 '14 22:08 zedtux

I guess I have just faced with a need of the same feature. +1.

vitalyisaev2 avatar Feb 20 '15 09:02 vitalyisaev2

:+1: Here's what I've done in the mean time...

# Server 1: Registry Server
docker run -d -p 127.0.0.1:5000:5000 registry:2

# Server 2: SSH Auth Server
ssh -f -N -L 5000:localhost:5000 user@registry_server_address -g

# Client: Test, should fail
curl http://registry_server_address:5000/v2/_catalog

# Client: Test, should pass
curl http://ssh_auth_server_address:5000/v2/_catalog

And now only those with SSH pub keys on Server 2 have access to the registry. Make sure to add --insecure-registry ssh_auth_server:5000 to your client's Docker daemon command.

ph-One avatar Feb 08 '16 20:02 ph-One

+1

errordeveloper avatar Feb 18 '16 09:02 errordeveloper

really need it +1

ra2637 avatar Apr 29 '16 02:04 ra2637

I agree, docker is becoming as essential to development as git.

matutter avatar Oct 03 '16 21:10 matutter

+1

cypof avatar Jan 04 '17 09:01 cypof

+1

antonin42 avatar Feb 23 '17 15:02 antonin42

+1

sizeoftank avatar Aug 09 '17 09:08 sizeoftank

+1

tetherit avatar Aug 14 '17 18:08 tetherit

+1

EgorOmelyanenko avatar Aug 17 '17 10:08 EgorOmelyanenko

+1

boeboe avatar Sep 30 '17 22:09 boeboe

+1

aplut avatar Oct 02 '17 17:10 aplut

+1

varadgunjal avatar Oct 27 '17 05:10 varadgunjal

+1

dvolosnykh avatar Oct 27 '17 07:10 dvolosnykh

+1

av8ramit avatar Nov 01 '17 21:11 av8ramit

+1

cfriedt avatar Nov 30 '17 02:11 cfriedt

+1

jgh- avatar Jan 04 '18 22:01 jgh-

+1

bttscut avatar Jan 06 '18 09:01 bttscut

+1

Sadykh avatar Jan 31 '18 15:01 Sadykh

+1

Natril avatar Feb 08 '18 12:02 Natril

/me hears crickets chirping..

cfriedt avatar Feb 13 '18 12:02 cfriedt

D***** is dead soon anyway :)

https://www.youtube.com/watch?v=BeRr3aZbzqo&t=1940s

boeboe avatar Feb 13 '18 13:02 boeboe

+1

philipianni avatar Mar 13 '18 17:03 philipianni

+1

SukiCZ avatar Jun 14 '18 15:06 SukiCZ

+1

3pns avatar Jun 14 '18 15:06 3pns

+1

bwail avatar Jul 01 '18 20:07 bwail