Is there a `ssh-add` Linux alpine one liner
You have to quote the variable in your first command:
echo "$SSH_PRIVATE_KEY" | ssh-add -
^----------------^
Or specify -
as the filename in your second command:
printf '%s\n' "$SSH_PRIVATE_KEY" | ssh-add -
-----^
Running OpenSSH in an Alpine Docker Container
A container is not a full installed environment.
The official document is for that installed alpine on some machine.
With power on, boot up services, etc. that a container does not have.
So, anything in /etc/init.d/
can not be used directly in a container which is used by boot up service (like systemd, or alpine's rc*). That's why you got error messages cause the rc*
isn't installed in the container.
What you need to do is start sshd manuanlly.
You can take look on below example:
https://hub.docker.com/r/danielguerra/alpine-sshd/~/dockerfile/
How to login by ssh in Alpine Linux without passwords?
You indicated in a comment that this user "zym" has UID 0. You also show that zym's home directory and .ssh
directory are owned by UID 1000:
drwxr-sr-x 3 1000 zym 4096 May 16 15:04 .
drwxr-xr-x 3 root root 4096 May 16 14:44 ..
-rw------- 1 1000 zym 251 May 16 15:04 .ash_history
drwx------ 2 1000 zym 4096 May 16 14:56 .ssh
The OpenSSH server enforces strict permissions on the authorized_keys file:
~/.ssh/authorized_keys
Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used for logging in as this user. The format of this file is described above. The content of the file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others.If this file, the ~/.ssh directory, or the user's home directory are writable by other users, then the file could be modified or replaced by unauthorized users. In this case, sshd will not allow it to be used unless the StrictModes option has been set to “no”.
The actual permissions-checking performed by sshd is complicated. But basically it checks for two things:
- The authorized_keys file must be owned by the user logging in, and it must not be group- or world-writable.
- The directory containing authorized_keys, the .ssh directory, and the home directory must be owned by root or the user logging in, and must not be group- or world-writable.
The OpenSSH server is probably ignoring your authorized_keys file because these requirements aren't being met. You're trying to log in as a user with UID 0, while the authorized_keys file, .ssh directory, and home directory are owned by a different UID.
You can fix this by making the UIDs match. Either set "zym" to have UID 1000, or change zym's home directory and the files contained there to be owned by zym's actual UID of 0.
Alternately, you can disable this permissions check by setting StrictModes to "no" in sshd_config on the server and restarting sshd.
Using SSH keys inside docker container
Turns out when using Ubuntu, the ssh_config isn't correct. You need to add
RUN echo " IdentityFile ~/.ssh/id_rsa" >> /etc/ssh/ssh_config
to your Dockerfile in order to get it to recognize your ssh key.
Installing ssh-keyscan on Alpine linux?
The command you're looking for is actually ssh-keyscan
and you can easily find it using pkgs.alpinelinux.org/contents.
Setup Docker Container with SSH server?
In order to start, the SSH daemon does need host keys.
Those does not represents the keys that you are going to use to connect to your container, just the keys that define this specific host.
A host key is a cryptographic key used for authenticating computers in the SSH protocol.
Source: https://www.ssh.com/ssh/host-key
So you have to generate some keys for your host, you can then safely ignore those if you do not really intend to use them.
Generating those keys can be done via
ssh-keygen -A
So in your image, just adding a
RUN ssh-keygen -A
should do.
For the record, here is my own sshd
Alpine image:
FROM alpine
RUN apk add --no-cache \
openssh \
&& ssh-keygen -A \
&& mkdir /root/.ssh \
&& chmod 0700 /root/.ssh \
&& echo "root:$(openssl rand 96 | openssl enc -A -base64)" | chpasswd \
&& ln -s /etc/ssh/ssh_host_ed25519_key.pub /root/.ssh/authorized_keys
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D", "-e"]
Extra notes:
- I am reusing the SSH keys generated by
ssh-keygen -A
, exposing them in a volume, this is the reason why I am doing the command:ln -s /etc/ssh/ssh_host_ed25519_key.pub /root/.ssh/authorized_keys
- Because this is just an Ansible node cluster lab, I am SSH'ing this machine as the
root
user, this is why I need the, quite insecureecho "root:$(openssl rand 96 | openssl enc -A -base64)" | chpasswd
Related Topics
How to Execute Shell Builtin from Scala
Install Library in Home Directory
What's The Difference Between Insmod and Modprobe
How to Get Errno When Epoll_Wait Returns Epollerr
Docker Run Hello-World Still Fails, Permission Denied
Are System Calls on Windows Inherently Slower Than Linux
Ssh Connection to Azure Vm with Terraform
Can 'Find' or Any Other Tool Search for Files Breadth-First
How to View Svn Diff in Vimdiff Style in Svn
What's The Meaning of 'Blacklisted' on Gstreamer
Getting Following Error After The Command Sudo Apt-Get Update on Ubuntu 16.04
How to Redirect Ip Address Using Iptables
Linux - Check If There Is an Empty Line at The End of a File
Running Docker on Google Colab
Linux Kernel: Kernel Version String Appended with Either ''+" or "-Dirty"
How to Build The Elf Interpreter (Ld-Linux.So.2/Ld-2.17.So) as Static Library
How Does Linux Support More Than 512Gb of Virtual Address Range in X86-64
Short Command to Find Total Size of Files Matching a Wild Card