Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make possible to use user’s SSH keys from within the ODK container #852

Closed
gouttegd opened this issue Apr 17, 2023 · 0 comments · Fixed by #853
Closed

Make possible to use user’s SSH keys from within the ODK container #852

gouttegd opened this issue Apr 17, 2023 · 0 comments · Fixed by #853
Assignees
@gouttegd
Labels
enhancement

Comments

@gouttegd
Copy link
Contributor

Cool people don’t use Git with passwords, they use it with a SSH key pair instead. For those people, it should be possible to use Git commands that require a SSH key from within the container.

Assuming most people using a SSH key pair are also using a SSH agent, all we would have to do is to forward the agent’s socket into the container:

$ docker run -v $SSH_AUTH_SOCK:/ssh-auth.sock -e SSH_AUTH_SOCK=/ssh-auth.sock [other docker run options and arguments…]

This works fine at least on GNU/Linux. Unfortunately it doesn’t work on macOS, where a special workaround exists instead:

$ docker run -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock [other docker run options and arguments…]

A simpler option is to just bind the user’s ~/.ssh directory, but this will only work for simple setups where an agent is not necessary – and many users may not like the idea of exposing their SSH private key to the ODK container, not matter how much they trust the ODK…
@gouttegd gouttegd self-assigned this Apr 17, 2023
gouttegd added a commit that referenced this issue Apr 17, 2023
@gouttegd
Forward the host SSH agent socket into the container.
249b3df 
This commit:

* binds the SSH agent socket (as found in $SSH_AUTH_SOCK) from the host
  to a predictable location inside the container;
* sets the SSH_AUTH_SOCK variable in the container to point to said
  predictable location.

This allows processes running inside the container to communicate with
the host's SSH agent and therefore to use the user's SSH keys without
having to expose the keys directly to the container.

closes #852
@gouttegd gouttegd mentioned this issue Apr 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gouttegd gouttegd

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Forward the host SSH agent socket into the container INCATools/ontology-development-kit
1 participant
@gouttegd