如何在创建 docker 镜像时避免“输入 /root/.ssh/id_rsa 的密码”
我正在创建一个 docker 映像,并且需要访问容器中的 bitbucket。
我已将 ssh 公钥上传到 bitbucket,并且我的本地有私钥,并且我可以从本地成功访问 bitbucket。
下面是我的 Dockerfile,
FROM an-image-built-by-company
ENV CGO_ENABLED=1
RUN yum install -y \
make \
wget \
git \
bash \
curl \
vim
WORKDIR /code
COPY . /code
RUN git config --global --add url."ssh://[email protected]:7999".insteadOf "https://bitbucket.oci.oraclecorp.com/scm" && \
mkdir /root/.ssh && \
mv /code/id_rsa ~/.ssh/id_rsa && \
chmod 400 ~/.ssh/id_rsa && \
eval $(ssh-agent) && \
ssh-add ~/.ssh/id_rsa
我将本地 id_rsa 文件复制到容器中,然后启动 ssh-agent 并希望通过 ssh-add 添加私钥。但是,映像构建始终失败,并提示 Enter passphrase for /root/.ssh/id_rsa。
> [5/5] RUN git config --global --add url."ssh://[email protected]:7999".insteadOf "https://bitbucket.oci.oraclecorp.com/scm" && mkdir /root/.ssh && mv /code/id_rsa ~/.ssh/id_rsa && chmod 400 ~/.ssh/id_rsa && eval $(ssh-agent) && ssh-add ~/.ssh/id_rsa:
#9 0.278 Agent pid 16
#9 0.282 Enter passphrase for /root/.ssh/id_rsa:
------
executor failed running [/bin/sh -c git config --global --add url."ssh://[email protected]:7999".insteadOf "https://bitbucket.oci.oraclecorp.com/scm" && mkdir /root/.ssh && mv /code/id_rsa ~/.ssh/id_rsa && chmod 400 ~/.ssh/id_rsa && eval $(ssh-agent) && ssh-add ~/.ssh/id_rsa]: exit code: 1
make: *** [image] Error 1
为什么要询问密码?我在本地尝试了相同的命令,它只是添加了我的身份,并且没有询问任何密码。
作为参考,我尝试了 eval $(ssh-agent, eval ssh-agent -s 但它们都不起作用。
有一次使用相同的 Dockerfile 构建映像成功了,我不知道为什么,我看到的唯一区别是容器中的 /root/.ssh 有一个 known_hosts 文件,我什至不知道它是如何创建的,
请告知 。我缺少什么在这里
- 更新 -
我创建了一个新密钥并按 Enter 跳过密码短语,但在构建图像时仍然遇到相同的问题(它在我的本地计算机上运行良好)。
ssh-keygen -t rsa -b 4096 -C "my-email-address"
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/myname/.ssh/id_rsa):
/Users/myname/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
I'm creating a docker image and I need to access bitbucket in the container.
I have uploaded my ssh public key into bitbucket and I have private key in my local, and my I can successfully access bitbucket from local.
Below is my Dockerfile
FROM an-image-built-by-company
ENV CGO_ENABLED=1
RUN yum install -y \
make \
wget \
git \
bash \
curl \
vim
WORKDIR /code
COPY . /code
RUN git config --global --add url."ssh://[email protected]:7999".insteadOf "https://bitbucket.oci.oraclecorp.com/scm" && \
mkdir /root/.ssh && \
mv /code/id_rsa ~/.ssh/id_rsa && \
chmod 400 ~/.ssh/id_rsa && \
eval $(ssh-agent) && \
ssh-add ~/.ssh/id_rsa
I copied my local id_rsa file into the contianer, and start the ssh-agent and wanted to add the private key by ssh-add. However, the image build keeps failing with the prompt Enter passphrase for /root/.ssh/id_rsa.
> [5/5] RUN git config --global --add url."ssh://[email protected]:7999".insteadOf "https://bitbucket.oci.oraclecorp.com/scm" && mkdir /root/.ssh && mv /code/id_rsa ~/.ssh/id_rsa && chmod 400 ~/.ssh/id_rsa && eval $(ssh-agent) && ssh-add ~/.ssh/id_rsa:
#9 0.278 Agent pid 16
#9 0.282 Enter passphrase for /root/.ssh/id_rsa:
------
executor failed running [/bin/sh -c git config --global --add url."ssh://[email protected]:7999".insteadOf "https://bitbucket.oci.oraclecorp.com/scm" && mkdir /root/.ssh && mv /code/id_rsa ~/.ssh/id_rsa && chmod 400 ~/.ssh/id_rsa && eval $(ssh-agent) && ssh-add ~/.ssh/id_rsa]: exit code: 1
make: *** [image] Error 1
Why is it asking the passphrase? I tried the same command locally it just added my identity and didn't ask any passphrase.
For reference, I've tried eval $(ssh-agent, eval ssh-agent -s but none of them worked.
There's one time the image build with the same Dockerfile succeeded and I don't konw why, the only difference I see is in the /root/.ssh in the container there's a known_hosts file, I don't even know how that got created.
Please advise what I'm missing here.
-- Update --
I created a new key and pressed Enter to skip passphrase, but I'm still running into the same issue while building the image. (It works fine in my local machine)
ssh-keygen -t rsa -b 4096 -C "my-email-address"
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/myname/.ssh/id_rsa):
/Users/myname/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
由于 SSH 私钥已加密,在创建时受到密码保护 (
ssh-keygen),因此在您的情况下,使用无密码密钥会更方便。
Because the private SSH key has been encrypted, protected by a passphrase at its creation (
ssh-keygen)Using a passphrase-less key would be more convenient in your case.