Skip to content
This repository has been archived by the owner on Oct 19, 2022. It is now read-only.

How do debug when password-less mount does not work #58

Open
saadlu opened this issue Jun 5, 2018 · 3 comments
Open

How do debug when password-less mount does not work #58

saadlu opened this issue Jun 5, 2018 · 3 comments

Comments

@saadlu
Copy link

saadlu commented Jun 5, 2018

Hi,

I am having problem mapping container volume with ssh key. With password it works fine.

So any way to debug what is happening? I have installed the plugin with DEBUG=1

docker: Error response from daemon: error while mounting volume '/var/lib/docker/plugins/9431f8f717678b6c65310fb91fbc134eb0edb2c0351440d8ae638227657e927e/propagated-mount/b985d198195b0d1c1adea1ce6f9db68d': VolumeDriver.Mount: sshfs command execute failed: exit status 1 (read: Connection reset by peer
).
ERRO[0000] error waiting for container: context canceled

Please note sshfs itself works without password from the host machine.
@saadlu saadlu changed the title How do debug How do debug when password-less mount does not work Jun 5, 2018
@elasti-jeans
Copy link

elasti-jeans commented Aug 29, 2018
edited
Loading

I'm having the same issue with the current master branch.

To elaborate:

  • ssh works w/o password
  • sshfs works w/o password
  • sshfs docker volume plugin works with password
  • sshfs docker volume plugin fails with "Connection reset by peer" w/o password (tried to specify the key explicitly or use the default one - the result is the same)

Built next based on the following commit:
1e0cd2f - (HEAD -> master, origin/master, origin/HEAD) switch to 1.10 (4 months ago) Victor Vieux

@ITmaze
Copy link

ITmaze commented Sep 19, 2018

At the risk of supplying a ME TOO, I'm seeing the same behaviour:

time="2018-09-18T07:38:18Z" level=error msg="time=\"2018-09-18T07:38:18Z\" level=error msg=\"sshfs command execute failed: exit status 1 (read: Connection reset by peer\\n)\"" plugin=59220d566c3baed5e3945b2435bd0db04df16994fd1724256b7df4042dceca21
time="2018-09-18T07:38:18.780214317Z" level=error msg="Handler for POST /v1.36/containers/create returned error: VolumeDriver.Mount: sshfs command execute failed: exit status 1 (read: Connection reset by peer\n)"

I am using Boot2Docker 18.02.0-ce (TCL 8.2.1); HEAD : 99245f4 - Thu Feb 8 17:43:39 UTC 2018 as my host on a VMware Fusion VM on an iMac.

I can ssh with and without password. Paths exist.

$ docker plugin install vieux/sshfs
Plugin "vieux/sshfs" is requesting the following privileges:
 - network: [host]
 - mount: [/var/lib/docker/plugins/]
 - mount: []
 - device: [/dev/fuse]
 - capabilities: [CAP_SYS_ADMIN]
Do you grant the above permissions? [y/N] y
latest: Pulling from vieux/sshfs
52d435ada6a4: Download complete 
Digest: sha256:1d3c3e42c12138da5ef7873b97f7f32cf99fb6edde75fa4f0bcf9ed277855811
Status: Downloaded newer image for vieux/sshfs:latest
Installed plugin vieux/sshfs

$ docker volume create -d vieux/sshfs -o sshcmd=onno@zulu.local:tmp -o IdentityFile=/home/docker/.ssh/onno.pem test-vol
test-vol

$ docker run -it -v test-vol:/home busybox ls /home
/usr/local/bin/docker: Error response from daemon: VolumeDriver.Mount: sshfs command execute failed: exit status 1 (read: Connection reset by peer
).
See '/usr/local/bin/docker run --help'.

$ docker volume inspect test-vol
[
    {
        "CreatedAt": "0001-01-01T00:00:00Z",
        "Driver": "vieux/sshfs:latest",
        "Labels": {},
        "Mountpoint": "/mnt/volumes/0e9fcfedbffb7418d77464c74c73bd7d",
        "Name": "test-vol",
        "Options": {
            "IdentityFile": "/home/docker/.ssh/onno.pem",
            "sshcmd": "onno@zulu.local:tmp"
        },
        "Scope": "local"
    }
]

I've also tried:

  • Enabling DEBUG=1 in the plugin
  • Enabling sshcmd debug options with -o LogLevel=DEBUG
  • Adding the key directory to the plugin installer (both /home/docker/.ssh and /root/.ssh)
  • Using sshcmd options to locate the key
  • putting the ssh-key in /root/.ssh
  • manually creating and adding the ssh key within the docker host

@ani2life
Copy link

@ITmaze , I have the same problem.
I found a reason not to work with -o IdentityFile.

When installing the plugin, sshkey.source is required.
README Using an ssh key

$ docker plugin install vieux/sshfs sshkey.source=/home/<user>/.ssh/

Even if it is already installed, you can change it with plugin set command.

$ docker plugin set vieux/sshfs sshkey.source=/home/<user>/.ssh/

Inspect the vieux/sshfs plugin

$ docker inspect vieux/sshfs
...
    "Mounts": [
     ...
        {
            "Description": "",
            "Destination": "/root/.ssh",
            "Name": "sshkey",
            "Options": [
                "rbind"
            ],
            "Settable": [
                "source"
            ],
            "Source": "/home/<user>/.ssh/",
            "Type": "bind"
        }
    ]
...

sshkey.source=/home/<user>/.ssh/ is mounted /root/.ssh inside volume container.

-o IdentityFile path points to the path inside the volume container.

Therefore, the path to IdentityFile should start with /root/.ssh/ inside the volume container.

$ docker volume create -d vieux/sshfs \
-o sshcmd=<user@host:path> \
-o IdentityFile=/root/.ssh/<key> \
<volume name>

@geoffmyers geoffmyers mentioned this issue Mar 27, 2019
Open
@marco-brandizi marco-brandizi mentioned this issue Apr 15, 2019
Open
@kalsan kalsan mentioned this issue Aug 27, 2022
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@saadlu @ani2life @ITmaze @elasti-jeans