Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set .ssh/config and .ssh/known_hosts #14

Open
Pamplemousse opened this issue Apr 29, 2016 · 0 comments
Open

Set .ssh/config and .ssh/known_hosts #14

Pamplemousse opened this issue Apr 29, 2016 · 0 comments
Labels
enhancement

Comments

@Pamplemousse
Copy link

TL;DR

  • Would be nice to have a user other than root to perform commands in the container (bonus point if this user has a the same pid than the host user).
  • Document ssh custom configuration.

I first wanted to authenticate on my server with my ssh key. Found that mounting the ssh agent socket as volume would be a reasonable solution.

To go further, for security purposes (forcing secure algorithms, servers signatures, etc.), I would like to be able to pass my host config and known_hosts files to the container.

This is what my docker run command look so far:

docker run \
  --name ansible-playbook \
  -it --rm \
  --volume $(pwd):/home/ansible/project \
  -w /home/ansible/project \
  --volume $SSH_AUTH_SOCK:/ssh-agent --env SSH_AUTH_SOCK=/ssh-agent \
  --volume ${HOME}/.ssh/config:/root/.ssh/config:ro \
  --volume ${HOME}/.ssh/known_hosts:/root/.ssh/known_hosts:ro \
  williamyeh/ansible:ubuntu14.04 \
  ansible-playbook"

When doing so with the current image, I hit a Bad owner or permissions on /root/.ssh/config.

# ls -alh /root/.ssh
drwxr-xr-x 2 root root 4.0K Apr 29 05:11 .
drwx------ 3 root root 4.0K Apr 29 05:11 ..
-rw------- 1 1000 1000 1.6K Apr 29 05:11 config
-rw------- 1 1000 1000 8.3K Apr 25 05:17 known_hosts

Yep: files are mounted with the owner id from the host, which is not present in the container.

Therefore, I created a "custom image" to extend the behaviour as such:

FROM williamyeh/ansible:ubuntu14.04

RUN adduser -u 1000 --disabled-password ansible
USER ansible

... and now, I am able to use the following command successfully (note the slight changes in the volumes destinations):

docker run \
  --name ansible-playbook \
  -it --rm \
  --volume $(pwd):/home/ansible/project \
  -w /home/ansible/project \
  --volume $SSH_AUTH_SOCK:/ssh-agent --env SSH_AUTH_SOCK=/ssh-agent \
  --volume ${HOME}/.ssh/config:/home/ansible/.ssh/config:ro \
  --volume ${HOME}/.ssh/known_hosts:/home/ansible/.ssh/known_hosts:ro
  ${ansible_image} \
  ansible-playbook"

Thanks for reading, happy to hear your thoughts on that.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@William-Yeh @Pamplemousse