今晚我已经阅读了很多关于同样事情的问题,但如果任何解决方案真的有效,我会被诅咒。
简单地说,我需要将GitHub上托管的私有Git repo克隆到我的docker镜像。
这是我到目前为止在Dockerfile中的内容:
FROM debian:wheezy
ENV DEBIAN_FRONTEND noninteractive
# Update aptitude with new repo
RUN apt-get update
# Install software
RUN apt-get install -y \
# All of my packages here...
# Make ssh dir
RUN mkdir /root/.ssh/
# Copy over private key, and set permissions
ADD ssh/id_rsa /root/.ssh/id_rsa
RUN chmod 700 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
# Add GithHubs key
RUN ssh-keyscan -T 60 github.com >> /root/.ssh/known_hosts
# Create the Development directory and then move into the directory.
RUN mkdir -p /var/www/dev
WORKDIR /var/www/dev
# Start-up Git and pull in the Dev branch.
RUN ssh -v git@github.com
#RUN git init
#RUN git remote add origin git@github.com:<my_git_repo>
#RUN git fetch
#RUN git checkout -t origin/dev
#RUN git clone git@github.com:<my_git_repo>
ssh -v为我提供了以下调试日志:
OpenSSH_6.0p1 Debian-4+deb7u4, OpenSSL 1.0.1e 11 Feb 2013
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to github.com [192.30.252.131] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version libssh-0.7.0
debug1: no match: libssh-0.7.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
Warning: Permanently added the RSA host key for IP address '192.30.252.131' to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
我尝试过将StrictHostChecking设置为no的选项。我在SSH目录下尝试了一个单独的配置文件来指定主机,端口,身份文件(作为私钥,而不是公共密钥)。
我在这里缺少什么?创建的VM上的密钥与我本地计算机上的密钥完全相同。
答案 0 :(得分:1)
最好使用GitHub个人访问令牌而不是ssh密钥。
https://help.github.com/articles/creating-an-access-token-for-command-line-use/
这使您无需将ssh密钥烘焙到图像中,这样更安全,并且它允许使用https克隆,这样可以简化dockerfile。如果您需要撤销令牌,可以通过他们的网站轻松完成,并且您无需在任何地方更换个人ssh密钥。
如果你看了这个,并且不能使用这个选项,请告诉我,我可以帮你解决ssh密钥问题。
答案 1 :(得分:0)
其中一个问题可能是.ssh/config文件需要具有特定权限。尝试使用权限600,即rw- --- ---代替700,即rwx --- ---。
您可以尝试在容器内执行以下操作,以确保设置正常:
ssh -T git@github.com
如果设置正确,您应该看到:
Hi username! You've successfully authenticated, but GitHub does not provide shell
access.
当它在docker中克隆私有存储库时,我通过挂载相关套接字在容器内的本地主机上使用ssh代理会话。详情请见:https://ahmadnazir.github.io/posts/2016-06-24-accessing-private-repos-in-docker.html