3

I work with bitbucket repos as a team player. I've got multiple identities on my laptop, say id_rsa and deploy which I generated with

id_rsa:

ssh-keygen

deploy:

ssh-keygen -f ~/.ssh/deploy -C "deploy"

and a config file

Host bitbucket.org
 HostName bitbucket.org
 IdentityFile ~/.ssh/id_rsa

Host deploy
 HostName bitbucket.org
 IdentityFile ~/.ssh/deploy

In my bitbucket account, I set a SSH key for my account with the id_rsa key, and then in my repo I set a SSH key with the deploy key.

In command line, when I try to clone my repo as git clone git@deploy:<team_account_username>/<repo_name>, I am asked to enter a password the first time, but not after that. Then I tried to clone my repo with Docker :

# Use anaconda docker image from ContinuumIO
FROM continuumio/anaconda

# Make ssh dir
RUN mkdir /root/.ssh/

# Copy over private key, and set permissions
ADD deploy /root/.ssh/deploy
ADD config /root/.ssh/config
RUN chmod 600 /root/.ssh/*

# Create known_hosts
RUN touch /root/.ssh/known_hosts

# Add bitbuckets key
RUN ssh-keyscan bitbucket.org >> /root/.ssh/known_hosts

# Clone git repos
RUN git clone git@deploy:<team_account_username>/<repo_name>

# Set default directory to execute CMD
WORKDIR /<repo_name>

# Run EART
CMD python app.py

and when the script tries to clone the repo, I've got 

Permission denied (publickey)
fatal: The remote end hung up unexpecedly

[EDIT]

I tried to run those commands directly in the container, and as said in my comment, I am asked for the passphrase when I run the clone command, and that's where my script fails

GuillaumeA
  • 3,493
  • 4
  • 35
  • 69
  • What does `docker run --rm ls -l /root/.ssh` look like? Can you also include a stripped down app.py that can reproduce the ssh errors? – BMitch Jun 13 '16 at 15:54
  • ls cannot access /root/.ssh : No such file or directory.... which seems reasonable as my build did not end – GuillaumeA Jun 13 '16 at 15:58
  • The failure is at the RUN git clone line, it is the clone of the bitbucket repo which fails – GuillaumeA Jun 13 '16 at 16:05
  • I apparently need more caffeine today, think I understand your workflow now. "I am asked to enter a password the first time" ... that bothers me since the docker build won't be able to enter that password. Makes me wonder if the deploy identity is ever used. The last partial build likely left an image (`docker images -a`) that you can launch with a /bin/sh and debug from there. – BMitch Jun 13 '16 at 16:22
  • I believe the problem you are facing may be [answered by this question](http://stackoverflow.com/q/8600652/596285). I suspect this is a git over ssh issue that's unrelated to your docker container. – BMitch Jun 13 '16 at 19:13
  • It's more likely related to this [similar question](http://stackoverflow.com/questions/23391839/clone-private-git-repo-with-dockerfile) so I removed the passphrase of the deploy key and it seems to work – GuillaumeA Jun 13 '16 at 19:37
  • "passphrase of the deploy key" that was an important missing detail, since as mentioned, docker build can't enter that password. – BMitch Jun 13 '16 at 20:50
  • The problem might be in passphrase. Try generating key without passphrase. This one should work fine. Also the security might be a concern then. – michal.jakubeczy Oct 16 '19 at 10:26

0 Answers0