Unable to use docker login over windows SSH

[wbehrens-on-gh]

Description

I'm currently using the Win32-OpenSSH server installed through winget install Microsoft.OpenSSH.Beta. When I SSH into my using and run docker login <registry> I get Error saving credentials: error storing credentials - err: exit status 1, out: error getting credentials - err: exit status 1, out: A specified logon session does not exist. It may already have been terminated.

#2682 seems related but it has been closed without resolving this problem

Reproduce

1. Install OpenSSH for Windows winget install Microsoft.OpenSSH.Beta
2. SSH into the machine ssh myuser@mymachine
3. Try run docker login

Expected behavior

Login Succeeded

docker version

Client:
 Cloud integration: v1.0.33
 Version:           24.0.2
 API version:       1.43
 Go version:        go1.20.4
 Git commit:        cb74dfc
 Built:             Thu May 25 21:53:15 2023
 OS/Arch:           windows/amd64
 Context:           default

Server: Docker Desktop 4.20.1 (110738)
 Engine:
  Version:          24.0.2
  API version:      1.43 (minimum version 1.24)
  Go version:       go1.20.4
  Git commit:       659604f9
  Built:            Thu May 25 21:52:13 2023
  OS/Arch:          windows/amd64
  Experimental:     false

docker info

Client:
 Version:    24.0.2
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.10.5
    Path:     C:\Program Files\Docker\cli-plugins\docker-buildx.exe
  compose: Docker Compose (Docker Inc.)
    Version:  v2.18.1
    Path:     C:\Program Files\Docker\cli-plugins\docker-compose.exe
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     C:\Program Files\Docker\cli-plugins\docker-dev.exe
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.19
    Path:     C:\Program Files\Docker\cli-plugins\docker-extension.exe
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v0.1.0-beta.4
    Path:     C:\Program Files\Docker\cli-plugins\docker-init.exe
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     C:\Program Files\Docker\cli-plugins\docker-sbom.exe
  scan: Docker Scan (Docker Inc.)
    Version:  v0.26.0
    Path:     C:\Program Files\Docker\cli-plugins\docker-scan.exe
  scout: Command line tool for Docker Scout (Docker Inc.)
    Version:  v0.12.0
    Path:     C:\Program Files\Docker\cli-plugins\docker-scout.exe

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 24.0.2
 Storage Driver: windowsfilter
  Windows:
 Logging Driver: json-file
 Plugins:
  Volume: local
  Network: ics internal l2bridge l2tunnel nat null overlay private transparent
  Log: awslogs etwlogs fluentd gcplogs gelf json-file local logentries splunk syslog
 Swarm: inactive
 Default Isolation: hyperv
 Kernel Version: 10.0 19045 (19041.1.amd64fre.vb_release.191206-1406)
 Operating System: Microsoft Windows Version 22H2 (OS Build 19045.3086)
 OSType: windows
 Architecture: x86_64
 CPUs: 16
 Total Memory: 47.74GiB
 Name: ST12875
 ID: 075b66e0-4d23-4955-aa46-53aade44f3e1
 Docker Root Dir: C:\ProgramData\Docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine

Additional Info

No response

[thaJeztah]

Thanks for reporting; to be honest, I'm not sure if this feature was ever tested on Windows (which did not have, or "not great" support for SSH at the time)

To narrow down where the issue is; are you using a credentials-helper? (Funny thing as well is that the first searches for this error were also in credentials-helpers (but for git);

https://github.com/microsoft/Git-Credential-Manager-for-Windows/blob/40d49d9791cea8ad07904bdf901610ed5d8268ee/Shared/Win32/Types.cs#L288-L293

https://github.com/git-ecosystem/git-credential-manager/blob/1b13045c76fb799001836627cc612ae8d2278445/src/shared/Core/Interop/Windows/Native/Win32Error.cs#L85-L88

[BreathBlush]

Same issue here, I have setup OpenSSH server via this Get started with OpenSSH for Windows . After that I connect to it from Windows VSCode Remote SSH, everything is OK BUT the docker build and docker login failed, prompted Error saving credentials: error storing credentials - err: exit status 1, out: \. Hope it could be fixed, thanks so much.

[wbehrens-on-gh]

@thaJeztah no, my %USERPROFILE%\.docker\config.json has { "credsStore": "desktop" } if that would change anything.

[deepak4566]

The error you're encountering seems to be related to the storage of Docker credentials when using Win32-OpenSSH server on Windows. To troubleshoot and resolve this issue, you can try the following steps:

1.Ensure that you have administrative privileges: Make sure you are running the commands with administrative privileges, as storing credentials may require elevated permissions

2.Update OpenSSH: Verify that you have the latest version of OpenSSH installed on your machine. You can use the following command to update it:

   winget update Microsoft.OpenSSH.Beta.                                                          

3.Restart the SSH service: Restart the SSH service to ensure any changes or updates take effect. Open PowerShell or Command Prompt with administrative privileges and execute the following command:

  net stop sshd
  net start sshd

4.Clear Docker credentials: Clear any existing stored credentials that may be causing conflicts. Run the following command:

   docker logout

5.Verify SSH configuration: Check your SSH configuration file (sshd_config) located in C:\ProgramData\ssh or /etc/ssh. Ensure that the configuration settings are correct, and there are no conflicts.

6.Restart the Docker service: Restart the Docker service to ensure any changes or updates are applied. Open PowerShell or Command Prompt with administrative privileges and execute the following command:

net stop docker
net start docker

7.Retry Docker login: SSH into the machine again (ssh myuser@mymachine), and try running the docker login command. Make sure to provide the correct credentials and registry details.

[wbehrens-on-gh]

After following your troubleshooting steps I'm still having the same issue, when I open a command prompt on the machine and login it works fine.

[exetico]

It's somewhat the same problem as: https://github.com/docker/cli/issues/2682

I'd like to find a proper solution myself, but I've not found the right solution.

But I'm also wondering why it's a problem, as I'm only trying to fetch a public docker image.

[deepak4566]

Yah in command prompt only it works now I also has that issue not working in powershell

[chenglidev]

I have encountered similar issue. Not sure how to solve.

[ivanjx]

even if i already logged in to the registry manually i still cant use the docker pull command

[Dalvii]

Hello guys, I did something that works !

Server OS: Windows 10 Pro Docker version 24.0.6, build \ed223bc

Go to C:\Users\<User>\.docker\config.json

{
	"auths": {
		"https://index.docker.io/v1/": {
			"auth": "F876fFfefgfes78fefe78feshfes=="
		}
	},
	"credsStore": "",
	"currentContext": "default"
}

The "auth" field must be a base64 encoded string of your Docker username:password

You can use this command on CMD to create one echo|set /p="username:password"|openssl base64

Then save the config.json file Now you will be able to do docker login/docker build command on SSH

[kenytowol]

Hello guys, I did something that works !

Server OS: Windows 10 Pro Docker version 24.0.6, build \ed223bc

Go to C:\Users\<User>\.docker\config.json

{
	"auths": {
		"https://index.docker.io/v1/": {
			"auth": "F876fFfefgfes78fefe78feshfes=="
		}
	},
	"credsStore": "",
	"currentContext": "default"
}

The "auth" field must be a base64 encoded string of your Docker username:password

You can use this command on CMD to create one echo|set /p="username:password"|openssl base64

Then save the config.json file Now you will be able to do docker login/docker build command on SSH

It's working for me in Windows in terminal openssh, Thank you

[chrisl8]

If you don't have an account in Docker Hub and hence have no password you can edit %USERPROFILE%\.docker\config.json and chnage { "credsStore": "desktop" } to { "credsStore": "" } and do nothing else.

That worked for me.

[Symphon-y]

I ran into the same issue and wrote a bash script to manually update the config (which seems to be reset on restart)

# Helper Functions
encode_base64() {
  echo -n "$1" | base64
}

# Function
update_docker_config() {
  # Create local variables
  local input="$1"
  local encoded_string=$(encode_base64 "$input")
  local config_path="$HOME/.docker/config.json"

  # Create a temporary config file
  local temp_config=$(mktemp)

  # Write the desired JSON structure to the temporary file
  cat > "$temp_config" <<EOL
{
        "auths": {
                "https://index.docker.io/v1/": {
                        "auth": "$encoded_string"
                }
        },
        "credsStore": "",
        "currentContext": "default"
}
EOL

  # Move the temporary file to the Docker config path
  mv "$temp_config" "$config_path"
}

Now anytime your pc restarts and you find yourself having to fix this again you can call update_docker_config "username:password"

[laurazard]

Hi all,

FWIW, I believe the next version of Docker Desktop will no longer try to switch config.json back to using { "credsStore": "desktop" } after you've set it to { "credsStore": "" }, if there are credentials stored in the config.json.

We're also looking at sorting some of the auth mess overall, but we need to take a better look at the SSH on Windows scenario.

[troberts03]

Hello guys, I did something that works !

Server OS: Windows 10 Pro Docker version 24.0.6, build \ed223bc

Go to C:\Users\<User>\.docker\config.json

{
	"auths": {
		"https://index.docker.io/v1/": {
			"auth": "F876fFfefgfes78fefe78feshfes=="
		}
	},
	"credsStore": "",
	"currentContext": "default"
}

The "auth" field must be a base64 encoded string of your Docker username:password

You can use this command on CMD to create one echo|set /p="username:password"|openssl base64

Then save the config.json file Now you will be able to do docker login/docker build command on SSH

The only problem here is now your username and password are completely unsecure. The base64 can be decoded.

[isaackogan]

The only problem here is now your username and password are completely unsecure. The base64 can be decoded.

If anyone is going to use this, do at least a LITTLE harm reduction by using a DockerHub PAT and not your plaintext user-password for the account. Please.

[Tim-Chen11]

Hello guys, I did something that works !

Server OS: Windows 10 Pro Docker version 24.0.6, build \ed223bc

Go to C:\Users\<User>\.docker\config.json

{ "auths": { "https://index.docker.io/v1/": { "auth": "F876fFfefgfes78fefe78feshfes==" } }, "credsStore": "", "currentContext": "default" } The "auth" field must be a base64 encoded string of your Docker username:password

You can use this command on CMD to create one echo|set /p="username:password"|openssl base64

Then save the config.json file Now you will be able to do docker login/docker build command on SSH

I used this to solve my problem: jenkins postbuild action with ssh connection to same local machine run in windows, the docker command can be used after adding auth and edit credsstore.