docker-plugin icon indicating copy to clipboard operation
docker-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

[Feature Request] ssh connection to the docker daemon

Open brunoribeiro opened this issue 4 years ago • 6 comments

Right now it's only possoble to connect to the docker daemon via tcp:// or docker.sock, ssh provides much more flexibility and security.

I am not sure if this a docker-plugin limitation or it comes from the underlying docker-java-api.

KR

brunoribeiro avatar Jul 06 '20 03:07 brunoribeiro

Limitations will probably be in both - the docker-java-api would have to support it, and then the docker-plugin would have to take advantage of that support.

However, I'm puzzled as to what you mean by an ssh connection to the docker daemon; ssh is secure shell and isn't used to connect to any docker daemons (one can ssh into the OS that's hosting a docker daemon, or one can ssh into a docker container, but I'm not aware of there being any facility to ssh into the docker daemon itself). Did you mean SSL?

pjdarton avatar Jul 06 '20 09:07 pjdarton

It's possible in Docker 18.09+ to connect to the daemon via ssh: docker -H ssh://[email protected] run -ti alpine echo “hello” or set export DOCKER_HOST=ssh://[email protected]

In my opinion it makes it easier to secure the connection without all the TLS configurations required by SSL.

brunoribeiro avatar Jul 07 '20 22:07 brunoribeiro

Oh, that's something I was unaware of; thanks for the explanation. Yes, I agree that SSH is easier than SSL (I've developed quite a dislike for SSL certificates).

So to support that, we'd need the capability within the underlying docker-java-api code ... and that's just a thin wrapper around the docker-java library ... but we need to be very careful about bumping the docker-java version because version-to-version compatibility is poor (last time we bumped it, it was a breaking change, so it had to be very carefully managed; it's a pain in the a%$£)

pjdarton avatar Jul 08 '20 09:07 pjdarton

Oh, that's something I was unaware of; thanks for the explanation. Yes, I agree that SSH is easier than SSL (I've developed quite a dislike for SSL certificates).

To support that, we'd need the capability within the underlying docker-java-api code ... and that's just a thin wrapper around the docker-java library ... but we need to be very careful about bumping the docker-java version because version-to-version compatibility is not guaranteed (last time we bumped it, it was a breaking change, so it had to be very carefully managed; it was a pain in the a%$£)

So, if you want this, first you need to get it supported in docker-java (in a maintstream release, not a pre-release). ... and then have docker-java-api bump the version of docker-java includes to one with this feature ... while ensuring that doing so doesn't screw this plugin (or anything else that depends on it). ...and then, once this plugin has access to a docker-java with SSH support, then we can finally accept a PR that adds support for it.

pjdarton avatar Jul 08 '20 14:07 pjdarton

Ok, I will have a look into how it's possible to achieve that. I will get back to this after. Thanks

brunoribeiro avatar Jul 08 '20 16:07 brunoribeiro

Blocked by docker-java/docker-java#1130 😕

viceice avatar Feb 03 '21 09:02 viceice