2
FROM fedora:latest

RUN yum install -y nginx git uwsgi

RUN echo "nameserver 8.8.4.4" > /etc/resolv.conf
RUN rm -rf /root/.ssh/ && mkdir -p /root/.ssh/
COPY id_rsa.pub /root/.ssh/id_rsa.pub
COPY id_rsa /root/.ssh/id_rsa
RUN cat /root/.ssh/id_rsa* && chmod 0400 /root/.ssh/id_rsa && echo "" > /root/.ssh/known_hosts

RUN mkdir -p /srv/nginx/
RUN ssh -vvv -p 49022 git@example.com || true

RUN git config --global user.email "somethingelse@example.com" && git config --global user.name "FunnyBunny"
RUN git clone --depth=1 ssh://git@example.com:port/repo.git /srv/nginx/repo
RUN chown -Rf nginx:nginx /srv/nginx

RUN rm -rf /root/.ssh/


USER nginx


EXPOSE 8080


CMD ["/usr/sbin/nginx"]

I added the public ssh id_rsa.pub to my gitolite repo on the same host in another docker container. The bad thing is that cloning always fails.

Cloning into '/srv/nginx/repo'...
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

while the ping works just fine.

The ssh -vvv line ends with

Host key verification failed.

On the other hand-side, importing public and private keys into a fedora:latest and running just a git clone --depth ..., just works!.

I am really puzzled how to fix this issue.

CoreOS version 557.2.0

This does not yield a viable solution: Using SSH keys inside docker container

Community
  • 1
  • 1
drahnr
  • 6,782
  • 5
  • 48
  • 75
  • "I added the public ssh `id_rsa` to my gitolite repo": did you mean `id_rsa.pub`? because the `.pub` is the public key. And which name did you give that `id_rsa.pub` when you put it in the `gitolite/keys folder`? – VonC Feb 21 '15 at 08:57
  • Ye pub ofc, fixed the question accordingly. The name the public key has in gitolite should not matter at all, correct me if I am wrong. – drahnr Feb 21 '15 at 12:53
  • The name of the public key (as put in `gitolite/keys`) is crucial: see my old answer http://stackoverflow.com/a/13320256/6309 and the official documentation http://gitolite.com/gitolite/glssh.html#how-does-gitolite-use-all-this-ssh-magic – VonC Feb 21 '15 at 12:57
  • Could it be that you need to disable StrictHostKeyChecking on CoreOS ? – Loic Dachary Feb 21 '15 at 23:20
  • @VonC as long as the pubkey name and the config are consistent (in my case both are called "puller") gitolite should just work, no matter what git user name is used. – drahnr Feb 22 '15 at 01:42
  • @LoicDachary indeed that works, but I do not understand exactly why that is needed nor a direct solution to that. – drahnr Feb 22 '15 at 01:48

1 Answers1

0

Since it looks like CoreOS requires StrictHostKeyChecking=false to be set, you can prefix the git clone command with:

GIT_SSH='ssh -o StrictHostKeyChecking=false'

to force the option.

Loic Dachary
  • 1,034
  • 1
  • 10
  • 24
  • This does not explain the difference between manual and on build git clone. – drahnr Feb 22 '15 at 02:04
  • The environment (as shown by the **env** command) will most probably show a difference when run from the Dockerfile and when run from the container that explains the behavior change. – Loic Dachary Feb 22 '15 at 02:23