Using ssh agent forwarding with a docker container

Say for some reasons such as deployment needs you want some docker hosted process to use your local ssh keys without the need to enter a passphrase.

That’s where ssh-agent forwarding comes in handy !

ssh-agent is a program that keeps your keys in memory, the aim here is to share it with the docker container.

Here’s how to set it up on Ubuntu 16 running a Debian Jessie image :

docker run --rm -it --name container_name \
-v $(dirname $SSH_AUTH_SOCK):$(dirname $SSH_AUTH_SOCK) \
-e SSH_AUTH_SOCK=$SSH_AUTH_SOCK my_image

$SSH_AUTH_SOCK contains the path to the file socket used to communicate with agent, here : /run/user/1001/keyring/ssh

So we mount a volume of its directory on the container, that’s what the -v $(dirname $SSH_AUTH_SOCK):$(dirname $SSH_AUTH_SOCK) part does.

The -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK part defines the environment variable on the container.

You may now use your local ssh keys within the container. Enjoy !

2 thoughts on “Using ssh agent forwarding with a docker container”

Thanks!
Is this method insert my ssh-key into the docker container? is it safe..?

ejsh April 19, 20198:22 am Reply

Safe as your container is. Credentials are passed in-memory, as such they are readable from it.

LikeLike

2 thoughts on “Using ssh agent forwarding with a docker container”