Home > Software design >  ssh key in Dockerfile returning Permission denied (publickey)
ssh key in Dockerfile returning Permission denied (publickey)

Time:09-06

I'm trying to build a Docker image using DOCKER_BUILDKIT which involves cloning a private remote repository from GitLab, with the following lines of my Dockerfile being used for the git clone:

# Download public key for gitlab.com
RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
RUN --mount=type=ssh git clone [email protected]:*name_of_repo* *download_location*

However, when I run the docker build command using:

DOCKER_BUILDKIT=1 docker build --ssh default --tag test:local .

I get the following error when it is trying to do the git clone:

[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I've set up the ssh access successfully on the machine I'm trying to build this image on, and both the ssh -T [email protected] and trying to clone the repository outside of the Docker build work just fine.

I've had a look around but can't find any info on what might be causing this specific issue - any pointers much appreciated.

CodePudding user response:

Make sure you have an SSH agent running and that you added your private key to it.

Depending on your platform, the commands may vary but since it's tagged gitlab I will assume that Linux is your platform.

Verify that you have an SSH agent running with echo $SSH_AUTH_SOCK or echo $SSH_AGENT_SOCK if both echo an empty string, you most likely do not have an agent running.

To start an agent you can usually type:

eval `ssh-agent`

Next, you can verify what key are added (if any) with:

ssh-add -l

If the key you need is not listed, you can add it with:

ssh-add /path/to/your/private-key

Then you should be good to go.

More info here: https://www.ssh.com/academy/ssh/agent

Cheers

CodePudding user response:

For testing, use a non-encrypted private SSH key (meaning you don't have to manage an ssh-agent, which is only needed for encrypted private key passphrase caching)

And use ssh -Tv [email protected] to check where SSH is looking for your key.

Then, in your Dockerfile, add before the line with git clone:

ENV GIT_SSH_COMMAND='ssh -Tv'

You will see again where Docker/SSH is looking when executing git clone with an SSH URL.

I suggested as much here, and there were some mounting folders missing then.

Page link:https//www.codepudding.com/Softwaredesign/535556.html

Prev:Why we need volumes inside services and volumes in docker compose file
Next:How can I solve this gitlab ci yaml error ? jobs:test-on-scdf-tasks config contains unknown keys: tr
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding