1

I am trying to git clone from inside a docker container to a private repository using ssh authentication. I followed a solution presented here.

To do so, I created a local key

ssh-keygen -q -t rsa -N '' -f repo-key

and added the public key to the github ssh keys. Then in the Dockerfile I added:

RUN chmod 600 repo-key && \  
    echo "IdentityFile /selenium/repo-key" >> /etc/ssh/ssh_config && \  
    echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config

But when I try to git clone a repository I got the error message

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Anything else I can check to make this work?

Again to explain the WHY: I want to be able to create images with a FIXED private key which ALWAYS works with the public key at github, so I can use the SAME image, but able to download the actual/current repository into the running container. The image is equipped with the correct keys, so it has access to the github repository and able to download the current repository when a contained is started from the same image... The image is for selenium tests, which will later executed automatically by a script (or jenkins), and then I am not able to 'log in' to the container to create a ssk key pair and upload the public key to github. The whole thing is to automate the testing. Therefore, the authentification has to be build into the image.

HOPEFULLY this is clear now.

Alex
  • 41,580
  • 88
  • 260
  • 469
  • Have you tried what is being discussed here: [Clone private git repo with dockerfile](https://stackoverflow.com/questions/23391839/clone-private-git-repo-with-dockerfile)? – tgogos Nov 10 '17 at 13:52
  • Oh thanks for this link; I actually built my solution on exactly the solution presented in there... – Alex Nov 10 '17 at 13:53
  • I've noticed a small difference in your `git clone ssh:// ...` command. Have you tried with what is being mentioned there (`git clone git@...`)? – tgogos Nov 10 '17 at 13:56
  • No, as `git clone ssh...` is - as far as I know - the correct command to authenticate via ssh.. Thats the whole point... – Alex Nov 10 '17 at 14:09
  • 1
    Can you also try what @jpetazzo proposes [here](https://stackoverflow.com/questions/19643946/dockerfile-for-cloning-private-git-repo?noredirect=1&lq=1) for debugging? – tgogos Nov 10 '17 at 14:27

2 Answers2

0

Since you are already creating a ssh key inside your docker container. What you need to do:

  • Login into docker container to copy the generated ssh public key.
  • You need to then add the public key to your github account.

After that you can easily clone the private git repo.

Raza Mehdi
  • 923
  • 5
  • 7
  • I want to do this without logging in. I want to create a docker image automatically and ready to use. – Alex Nov 10 '17 at 13:50
  • @Raza Mehdi, the OP wants to add the key in the `image` not a (later created) `container`. – tgogos Nov 10 '17 at 13:57
  • @tgogos I know that. He is cloning a repo through ssh. There is a manual step involved which includes adding a ssh key to github, unless there is a configured program which automatically a ssh public key to github – Raza Mehdi Nov 10 '17 at 14:00
  • I have already added the public key to github. For the image creation I want to use the corresponding private key in the image – Alex Nov 10 '17 at 14:02
  • @Alex Every time you create an image the corresponding ssh key that is generated will be different every time. – Raza Mehdi Nov 10 '17 at 14:05
  • 1
    Not when I use a key somewhere stored on the host computer. I cannot use a new key every time, it would be stupid to manually insert a new public key every time to github... – Alex Nov 10 '17 at 14:07
  • What you are doing is that you are copying the key inside a container. What Github is doing is trying to validate your key against a container not your host. That's why you are getting permission denied error. – Raza Mehdi Nov 10 '17 at 14:11
  • Yes, and my question is how to solve it? Because I have THE CORRECT KEY in the container. Maybe you did not read the question carefully? Okay here I go again: I create a ssh key pair and store is somewhere on the HOST. I go to github and add the public key ONCE. And I want to create a docker image with the CORRECT PRIVATE KEY in it. That is why I have the following lines in the Dokerfile, as explained in the question: `RUN chmod 600 repo-key && \ echo "IdentityFile /selenium/repo-key" >> /etc/ssh/ssh_config && \ echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config` – Alex Nov 10 '17 at 14:17
  • Have you tried the solution as mentioned here https://stackoverflow.com/a/23411161/2395551 – Raza Mehdi Nov 10 '17 at 14:17
  • yes. My question is based on exactly that solution (which does not work for me.) See updated question..... – Alex Nov 10 '17 at 14:18
0

When cloning a GitHub repo, you still need to specify the right user for establishing that ssh connection: git.

So:

 git clone git@github.com:User/repo.git
          ^^^^^
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250