3

Good day everyone.

I have following dev environment:

  • Win 10 host
  • Docker Desktop for Windows latest
  • php5.6 image running in container via docker-compose

How can I mount my private SSH key to this container? Or is there any possibility to tunnel Pageant from host machine to container?

All I want is to run Capifony deploy procedures in my container.

veben
  • 19,637
  • 14
  • 60
  • 80
Stepan Yudin
  • 470
  • 3
  • 19

2 Answers2

0

Although Julian's answer works for Linux containers in Docker, the question title makes it the top search result for doing this in Windows Containers. The following procedure is probably a bad idea for any kind of production environment, but worked for me on a local test system.

Use --mount instead of -v on Docker Run

Since -v appears to Not Work for windows containers, use --mount instead. Assuming launch from powershell, that'd be:

# OUTSIDE container
docker run --mount src=$env:UserProfile\.ssh,dst=C:\users\containeradministrator\.ssh,type=bind

If you're on cmd, replace $env:UserProfile with %userprofile%. This also assumes the user account inside your container is called containeradministrator like it is on the stock Windows base images. Adjust the dst path if necessary.

Inside your container, enable the SSH agent service

In a powershell inside your container (docker exec to get one if your container is running in the background), run these two commands:

# INSIDE container, Powershell
Get-Service ssh-agent | Set-Service -StartupType Manual
ssh-agent

(Source)

Use cmd to inject the key into ssh-add's stdin

Doing cat ... | on powershell seems to not work for some reason (gives the error Error loading key "(stdin)": invalid format) so use cmd pipes instead of powershell pipes.

# INSIDE Container, any shell
cmd /C "ssh-add - < %UserProfile%\.ssh\id_rsa"

Until something stops the ssh-agent service on your Windows Container, that key will be available for your ContainerAdministrator to use.

Dan
  • 4,312
  • 16
  • 28
-1

You could use a volume with -v /c/Users/<user>/.ssh/id_rsa:/<home dir>/.ssh/id_rsa:ro. home is ~ of the user e.g. /root, /, /home/<user>. The :ro will make it readonly, so your key will not be overwritten by accident.

The permissions on key mapped into the container will be too broad but piping the key into ssh-add bypasses this:

cat ~/.ssh/id_rsa | ssh-add -

Depending on your container, ssh-agent may not be already running:

eval `ssh-agent`
webberist
  • 61
  • 1
  • 4
Julian
  • 2,724
  • 1
  • 15
  • 21