devcontainer.json option to forward SSH agent or provide SSH keys inside the container

[mhofman]

It would be great to have a built-in option in devcontainer.json that automatically sets up "SSH Agent forwarding" if an SSH Agent is available locally.

Right now on Linux one needs to add the following, for example:

    "runArgs": [
        "-v",
        "${env:SSH_AUTH_SOCK}:/tmp/ssh-agent.socket",
        "-e",
        "SSH_AUTH_SOCK=/tmp/ssh-agent.socket"
    ]

[chrmarti]

This might enable Git repositories with ssh connections. (Need to test.)

[Chuxel]

Related to #16.

[Chuxel]

@chrmarti I tried getting this working outside of Linux and wasn't successful. There's an open issue in Docker for Mac on it: docker/for-mac#410

To make matters worse, on macOS, you can mount your SSH keys, but that doesn't work on Docker for Windows due to the permissive levels of bind mounts. ☹️

At this point, I documented a copy-hack where you mount into a separate folder and then use postCreateCommand to copy to the correct location. We probably do need some sort of way to do this easily -- maybe we break down and provide an option to copy from .ssh like we do for .gitconfig but behind an opt-in flag (or I guess a prompt)

[wkornewald]

As a workaround I've implemented ssh-agent-inject. Feedback would be welcome.

[chrmarti]

Thanks @wkornewald . I have found a JavaScript library helping with this (muxrpc) so we don't need native binaries for the different platforms.

[chrmarti]

@Chuxel FYI, our documentation will need an update: You can now add an SSH key to the local SSH agent and that will be available in the container. A prerequisite on Mac and Linux is that the environment variable SSH_AUTH_SOCK is set locally and available in VS Code. On Windows 10 it's enough for the ssh-agent (registered as a built-in service) to run (it's disabled by default) on the default socket path \\.\pipe\openssh-ssh-agent.

[alexr00]

Verified on Windows by opening a new devcontainer then using the terminal to ssh.