ssh-agent
ssh-agent copied to clipboard
nardeas
Using with docker-compose
Just FYI. Here's how I am using it with docker-compose.
docker-compose:
# This is the service I need to have access to the ssh-agent.
# This is a partial service definition. Only includes key items to use ssh-agent.
php:
environment:
SSH_AUTH_SOCK: /.ssh-agent/socket
restart: always
volumes_from:
- ssh-agent
# SSH Agent. This is the complete service definition.
ssh-agent:
build:
context: ./docker/ssh-agent
ports:
- "2244:22"
volumes:
- ~/.ssh:/root/.ssh
Modify run.sh
#!/bin/bash
# Copyright (c) Andreas Urbanski, 2016
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the "Software"),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included
# in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
# Output colors
underline='\033[4;37m'
purple='\033[0;35m'
bold='\033[1;37m'
green='\033[0;32m'
cyan='\033[0;36m'
red='\033[0;31m'
nc='\033[0m'
# Find image id
image=$(docker images|grep docker-ssh-agent|awk '{print $3}')
# Find agent container id
id=$(docker ps -a|grep ssh-agent|awk '{print $1}')
# Stop command
if [ "$1" == "-s" ] && [ $id ]; then
echo -e "Removing ssh-keys..."
docker run --rm --volumes-from=ssh-agent -it docker-ssh-agent:latest ssh-add -D
echo -e "Stopping ssh-agent container..."
docker rm -f $id
exit
fi
# If container is already running, exit.
if [ $id ]; then
echo -e "A container named 'ssh-agent' is already running."
echo -e "Do you wish to stop it? (y/N): "
read input
if [ "$input" == "y" ]; then
echo -e "Removing SSH keys..."
docker run --rm --volumes-from=ssh-agent -it docker-ssh-agent:latest ssh-add -D
echo -e "Stopping ssh-agent container..."
docker rm -f $id
echo -e "${red}Stopped.${nc}"
fi
exit
fi
echo -e "Building and starting services"
docker-compose up --build -d
echo -e "${green}Your services are now ready to use.${nc}"
Add Keys
Since keys are password protected, I added ssh-add /root/.ssh/id_rsa as the last line in my .bashrc file so that this would happen when I enter the php service (docker-compose exec php bash).
If you don't want to do that, you can just run ssh-add /root/.ssh/id_rsa to add the keys before using them.
Test
$ ssh [email protected]
or
$ ssh [email protected]
BTW, thanks for doing this project. I am sure this can be cleaned up a little. But, it is working for me. Hopefully this will help others.
Thank you! I will look more into this. I haven't had any extra time past few months to focus on this, but since a lot of people find it useful I will focus more on it.
This could be added as compose example for sure!
docker-compose v3 doesn't support the volumes-from key any more, so the instructions from that point of view are getting obsolete.
I followed the instructions using the top-level "volumes" key, Here's a full working example:
Of course, the adding-of-the-keys manually as outlined in the README is still required.
I used kroniak/ssh-client for the test images just because it was an easy image that had the ssh client installed for testing.
version: '3'
volumes:
dot_ssh:
socket_dir:
services:
ssh-agent:
container_name: ssh-agent
image: nardeas/ssh-agent:latest
volumes:
- "dot_ssh:/root/.ssh"
- "socket_dir:/.ssh-agent"
environment:
- SSH_AUTH_SOCK=/.ssh-agent/socket
ssh1:
container_name: ssh1
image: kroniak/ssh-client:latest
command: 'sh -c "tail -f /dev/null"'
volumes:
- "dot_ssh:/root/.ssh"
- "socket_dir:/.ssh-agent"
environment:
- SSH_AUTH_SOCK=/.ssh-agent/socket
ssh2:
container_name: ssh2
image: kroniak/ssh-client:latest
command: 'sh -c "tail -f /dev/null"'
volumes:
- "dot_ssh:/root/.ssh"
- "socket_dir:/.ssh-agent"
environment:
- SSH_AUTH_SOCK=/.ssh-agent/socket
I have written a PR for passwordless using docker secrets. This is my compose v3 file..
version: "3.1"
services:
ssh-agent-load:
image: ssh-agent
environment:
DEBUG: 1
depends_on:
- ssh-agent
volumes:
- ~/.ssh:/.ssh
- sshagent:/.ssh-agent
command: ssh-add-pass git_key /run/secrets/ssh_key
secrets:
- ssh_key
php:
image: php
volumes:
- sshagent:/.ssh-agent
depends_on:
- ssh-agent-load
entrypoint: autoaggregate
ssh-agent:
image: ssh-agent
volumes:
- sshagent:/.ssh-agent
ssh-agent-list:
image: ssh-agent
environment:
DEBUG: 1
depends_on:
- ssh-agent
volumes:
- sshagent:/.ssh-agent
command: ssh-add-list
secrets:
ssh_key:
file: ssh_keytxt
volumes:
sshagent:
