-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to forward ssh-agent to fetch private repos? #29
Comments
Hi @Minipada, Here is an example of what I've done when using an ssh-agent. I'll give my usual disclaimer about how this is punching some holes in the isolation of the container, so if you're worried make sure the agent only has the keys added to it for the repos it needs.
It's just bind mounting the socket used by the agent into the container, and then setting the appropriate environment variable to make sure the socket gets used. I added the .ssh/config and .ssh/known_hosts since that usually ends up being an issue as well if you have ports specified etc. |
Hi, As you can see, I can clearly connect to github on my host but the forwarding doesn't work in the container. I believe I'm missing something obvious
|
I suspect that the uid inside of the container is not getting set to match the host user running the ssh-agent. Typically the uid of the pokyuser inside of the container is set based on the --workdir argument detailed in README.md. If you specify the --workdir argument using a directory owned by the same uid:gid as the user running the ssh-agent do you still have the same error? If so, then could you run |
You are right, ids they are different: Host: Container: I tested using workdir as you said, I tested it in the past without success. sshd is started by root but the agent is by my user.
Then, on my host, you can see that the test folder is owned by 1001 and I start the container passing this test folder as a volume in the home directory. I still :
And inside the container
|
I think there are a few things going on here:
So if we accept the fact that we can't bind mount things into pokyuser right now, you should still be able to get the agent working with something along these lines:
If that gets the ssh-agent working for you, then I need to come up with a decent way to get the .ssh/config and .ssh/known_hosts to work as well. |
Ok I see, it's clearer now, the command you just passed works perfectly :). Thanks very much for the support! |
To fetch private repository, I would like to forward my ssh-agent.
I tried to but it seems the container doesn't have the sufficient permission to do so in the poky container.
Would there be any other clean way to solve this?
The text was updated successfully, but these errors were encountered: