11

Could not open a connection to your authentication agent.

I am following the approach of mounting the $SSH_AUTH_SOCK as a volume, but doing so with compose.

Setup

~/.ssh/config

Host *
  ForwardAgent yes

Dockerfile:

FROM atlashealth/ruby:2.2.2

RUN apt-get update -qq && \
    apt-get install -qy build-essential libxml2-dev libxslt1-dev \
            g++ qt5-default libqt5webkit5-dev xvfb dbus \
            libmysqlclient-dev \
            mysql-client openssh-client git && \

    # cleanup
    apt-get clean && \
    cd /var/lib/apt/lists && rm -fr *Release* *Sources* *Packages* && \
    truncate -s 0 /var/log/*log

Compose yaml:

web:
  build: "."
  environment:
  - SSH_AUTH_SOCK=/ssh-agent
  volumes:
  - "$SSH_AUTH_SOCK:/ssh-agent"

NOTE: I have interpolation running on my compose, so $SSH_AUTH_SOCK is substituted with /private/tmp/com.apple.launchd.ZxGtZy6a9w/Listeners for example.

I have forwarding setup on my host OSX properly, it works against another ubuntu host.

Run

docker-compose run web bash

In-Container

When I run ssh-add -L, it states Could not open a connection to your authentication agent.

When I run ssh-agent, it yields

SSH_AUTH_SOCK=/tmp/ssh-vqjuo7FIfVOL/agent.21; export SSH_AUTH_SOCK;
SSH_AGENT_PID=22; export SSH_AGENT_PID;
echo Agent pid 22;

When I run echo $SSH_AUTH_SOCK from bash, it yields /ssh-agent

Question

It seems that compose is making the SSH_AUTH_SOCK available to bash, but it seems that the ssh-agent is not getting that same env. What am I missing?

kross
  • 3,627
  • 2
  • 32
  • 60
  • 1
    Would https://github.com/docker/compose/issues/551 or https://github.com/docker/compose/pull/1633 help? – VonC Oct 02 '15 at 05:49
  • #1633 is unnecessary, I mentioned in my `NOTE` that I have interpolation running. Thanks for pointing me to #551, [this comment is similar](https://github.com/docker/compose/issues/551#issuecomment-115284241). – kross Oct 02 '15 at 15:41
  • For docker desktop for mac, this works https://stackoverflow.com/a/56404737/60072 – millisami Aug 03 '22 at 07:04

2 Answers2

12

I solved it using whilp/ssh-agent, though you should note that this is not using SSH_AUTH_SOCK directly and requires an additional long running container. I'll integrate this approach into docker-rails for ease of use.

  1. Start a long running container docker run -d --name=ssh-agent whilp/ssh-agent:latest

  2. Add your key docker run --rm --volumes-from=ssh-agent -v ~/.ssh:/ssh -it whilp/ssh-agent:latest ssh-add /ssh/id_rsa

  3. List your keys docker run --rm --volumes-from=ssh-agent -v ~/.ssh:/ssh -it whilp/ssh-agent:latest ssh-add -L

  4. bash into a container and check the key with ssh -T git@bitbucket.org

My yaml looks like:

web:
    build: .
    working_dir: /project
    ports:
      - "3000"

    environment:
      # make ssh keys available via ssh forwarding (see volume entry)
      - SSH_AUTH_SOCK=/ssh-agent/socket

    volumes_from:
      # Use configured whilp/ssh-agent long running container for keys
      - ssh-agent
kross
  • 3,627
  • 2
  • 32
  • 60
  • 3
    There have been some changes to the `whilp/ssh-agent` so I use a different approach now and can't tell you with certainty that this works any more. If you are looking for something simple and the container runs on a host with keys configured, you can use `volumes: - ~/.ssh:/root/.ssh` – kross Oct 26 '16 at 14:52
  • This approach still works for me but the environment variable should be `SSH_AUTH_SOCK=/ssh/auth/sock`, and you will also need to configure a top-level external volume--"ssh-agent" in this case--and set it as external (volumes_from is deprecated). On your docker-compose, set each service to mount the ssh-agent directory and add your keys individually – Tkwon123 Jan 20 '18 at 20:40
1

The previous accepted answer using whilp/ssh-agent did not work for me for some reason (it worked before but since last changes it doesn't and I don't know why) so I created my own agent container:

docker-ssh-agent

based on minimal alpine:3.4 base image. So anyone still having trouble with this on OSX, check the README it's now really easy to get it up and running!

nardeas
  • 633
  • 6
  • 14