1

I have a Rails app, using docker, that does some auto changes to another app, and then git pushes the changes it up to GitHub. It took me a bit of time to be able to get my ssh keys onto the docker container, in a sort of same manor (not happy with it fully, but will change it up after I sort this out). My issue now is that when running the git clones in the Dockerfile, it is all good, but then from my rails code, it fails saying that I don't have access, so in the code I go to re ssh-add the keys. However it then says that Could not open a connection to your authentication agent., so then I try to re-initialise the ssh-agent (echo $(ssh-agent -s)), which seems to succeed, but still fails on ssh-add.

If I SSH in and try those steps, it works fine, but if I rails console in and run the functions that run these console calls, it fails with the same problem. It then seems to be that the ssh-agent call to set the env variables aren't being set. I have a feeling that heroku containers are not allowing changing of the env variables, without it going through their heroku config:set, but this isn't possible as each process will have different SSH_AUTH_SOCK and SSH_AGENT_PID. Any suggestions on how to deal with this would be a massive help.

ndilucca
  • 11
  • 1

2 Answers2

0

This error normally happens when you don't have active SSH agent running.

Could not open a connection to your authentication agent.

This is quite common with Debian based systems, whereas most Ubuntu has one running at all times.

To fix this, you just need to start a new agent.

eval $(ssh-agent)

This should be run before ssh-add.

Prav
  • 2,785
  • 1
  • 21
  • 30
  • Let me know if this doesn't work. SSH in Docker container sometimes can be a real pain. – Prav Dec 31 '18 at 22:54
  • I have already done that, it seems however the setting of the environment variables that gets done by the eval $(ssh-agent) aren't staying, when I check them again after, they are blank. – ndilucca Jan 01 '19 at 21:49
  • What base image are you using and does it come with OpenSSH preinstalled? – Prav Jan 03 '19 at 15:19
  • I am ensuring the install of it, and it runs, it returns the Agent PID and everything, it is just the ENV vars aren't staying. I think this may be mainly a heroku issue? – ndilucca Jan 04 '19 at 18:40
  • This sounds like its the way Ruby handle SSH. It sounds like Ruby is using the built-in SSH library instead of default SSH agent on the system. Unfortunately, I'm not an expert in Heroku to give an exact answer but have you tried `heroku run bash` instead of `heroku run console` to see if it picks up the agent? – Prav Jan 04 '19 at 19:39
0

In your current setup, you need to evaluate the risk/cost of using a passphrase-protected private SSH key.

As mentioned here, for an automated process, using a passphrase-less key would be the recommended option, provided you are sure there is no easy way to access said private key.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • @ndilucca Then it should not ask you for anything, not unless you haven't registered properly the public key on the remote side, or... you have used the wrong private key format: see https://stackoverflow.com/a/53645530/6309 – VonC Jan 01 '19 at 22:18
  • It works fine if I ssh into the server and run the commands manually, meaning my keys are fine and work. It is only coming up with the issue when I run the code from ruby, my code runs all the bash commands through ruby. If I run a ruby console on the heroku server, even just setting an env var, it doesn't save. – ndilucca Jan 02 '19 at 03:49
  • @ndilucca OK, but why mention ssh-agent then? Isn't that needed only for passphrase-protected keys? – VonC Jan 02 '19 at 05:35