Docker --ssh标志-主机密钥验证失败

时间:2019-06-05 17:57:56

标签: docker ssh

我正在尝试使用Docker构建映像,以便导入托管在私有github存储库中的npm软件包:"mypackage": "git@github.com:myaccount/myrepo.git#v0.0.2"

由于我具有SSH访问权限,因此在本地运行良好,但显然我的Docker容器没有。我遵循以下指南使用在18.09中启用的ssh转发来实现此目的:

https://medium.com/@tonistiigi/build-secrets-and-ssh-forwarding-in-docker-18-09-ae8161d066

https://docs.docker.com/develop/develop-images/build_enhancements/#using-ssh-to-access-private-data-in-builds

使用以下docker文件:

# syntax=docker/dockerfile:experimental
FROM alpine

# Install ssh client and git
RUN apk add --no-cache openssh-client git

# Download public key for github.com
RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts

# Clone private repository
RUN --mount=type=ssh npm install

然后,运行docker build --ssh default .失败,并显示以下错误:

#13 1.309 npm ERR! Host key verification failed.
#13 1.309 npm ERR! fatal: Could not read from remote repository.
#13 1.309 npm ERR!
#13 1.309 npm ERR! Please make sure you have the correct access rights
#13 1.309 npm ERR! and the repository exists.
#13 1.310 npm ERR!
#13 1.310 npm ERR! exited with error code: 128

我正在按照这份文件来信,但没有运气。我想念什么吗?我在OSX上,但是在我的Travis环境中也失败,并出现相同的错误。救命!

1 个答案:

答案 0 :(得分:0)

这对我有用。

Dockerfile提取:

# syntax=docker/dockerfile:experimental
...
RUN mkdir -p -m 0600 /root/.ssh
RUN ssh-keyscan bitbucket.org >> /root/.ssh/known_hosts
COPY development/config /root/.ssh
RUN chmod 0600 /root/.ssh/config
RUN --mount=type=ssh git clone **MY_PVT_REPOSITORY**

这是开发/配置文件的内容,您可以看到它在第三行被复制

Host bitbucket.org
  StrictHostKeyChecking no
  IdentityFile **MY LOCAL PATH**/.ssh/id_rsa 

棘手的是,您必须将主机文件路径放入id_rsa,而不是docker上的主机文件路径(例如/home/fabio/.ssh/id_rsa和NOT /root/.ssh/id_rsa)

然后刚刚启动

  ssh-agent
  export DOCKER_BUILDKIT=1
  docker build --ssh default -f development/Dockerfile .