ssh-add on command argument to su

Question

I want to start a docker container that adds a ssh key at startup :

My entrypoint looks like this :

#!/bin/bash
set -e

service ssh start

su anotherUser -s /bin/bash -c "eval \"$(ssh-agent)\" && ssh-add /Keys/id_rsa"

I've seen many posts that use sudo, but I do not have sudo available. I've found this solution but at the startup it shows me :

[....] Starting OpenBSD Secure Shell server: sshd 7[ ok 8.
Agent pid 36
Error connecting to agent: Permission denied

But when I execute the same lines at the promp everythings is ok :

xxx# su anotherUser
anotherUser@xxx:~$ eval $(ssh-agent)
Agent pid 47
anotherUser@xxx:~$ ssh-add /keys/id_rsa
Identity added: /keys/id_rsa (yyy@yyy-HP-EliteBook-850-G4)

could you try with `'eval "$(ssh-agent)" && ssh-add /Keys/id_rsa'` instead ? — Aserre, Jul 01 '20 at 16:30

chepner · Accepted Answer · 2020-07-01T17:00:34.477

You are running ssh-agent before su runs. The $ needs to be escaped so that the literal command substitution is passed to bash for execution.

su anotherUser -s /bin/bash -c 'eval $(ssh-agent) && ssh-add /Keys/id_rsa'

(Untested; probably needs more details about how the container is run and why ssh-add needs to be run as a different user.)

It may be simpler, though, to run your entry point with ssh-agent. For example,

# In the Dockerfile...
ENTRYPOINT ["ssh-agent", "entry.sh"]

Inside entry.sh, your environment will already have access to the agent.

#!/bin/bash
set -e

service ssh start

su anotherUser -s ssh-add /Keys/id_rsa

the first solution works fine but not the second ... I think there's an error here `su anotherUser -s ssh-add /Keys/id_rsa` — flywell, Jul 01 '20 at 16:56

ssh-add on command argument to su

1 Answers1