Full Code of avsm/docker-ssh-agent-forward for AI

Repository: avsm/docker-ssh-agent-forward
Branch: master
Commit: 86ec6df9a582
Files: 9
Total size: 4.3 KB

Directory structure:
gitextract_7_l1ndja/

├── Dockerfile
├── LICENSE.md
├── Makefile
├── README.md
├── pinata-build-sshd.sh
├── pinata-ssh-forward.sh
├── pinata-ssh-mount.sh
├── ssh-build.sh
└── ssh-find-agent.sh

================================================
FILE CONTENTS
================================================

================================================
FILE: Dockerfile
================================================
FROM alpine
MAINTAINER Anil Madhavapeddy <anil@recoil.org>
RUN apk update && apk add openssh && \
    apk add --update --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ tini
RUN mkdir /root/.ssh && \
    chmod 700 /root/.ssh && \
    ssh-keygen -A
COPY ssh-find-agent.sh /root/ssh-find-agent.sh
EXPOSE 22
VOLUME ["/root/.ssh/authorized_keys"]
ENTRYPOINT ["/usr/bin/tini","--"]
CMD ["/usr/sbin/sshd","-D"]


================================================
FILE: LICENSE.md
================================================
Copyright (c) 2016 Anil Madhavapeddy <anil@recoil.org>

Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.


================================================
FILE: Makefile
================================================
all:
	./pinata-build-sshd.sh
	@echo Please run "make install"

PREFIX ?= /usr/local
BINDIR ?= $(PREFIX)/bin

install:
	@if [ ! -d "$(PREFIX)" ]; then echo Error: need a $(PREFIX) directory; exit 1; fi
	@mkdir -p $(PREFIX)/share/pinata-ssh-agent
	cp Dockerfile $(PREFIX)/share/pinata-ssh-agent
	cp ssh-build.sh $(PREFIX)/share/pinata-ssh-agent/ssh-build
	cp ssh-find-agent.sh $(PREFIX)/share/pinata-ssh-agent/ssh-find-agent.sh
	@mkdir -p $(BINDIR)
	cp pinata-build-sshd.sh $(BINDIR)/pinata-build-sshd
	cp pinata-ssh-forward.sh $(BINDIR)/pinata-ssh-forward
	cp pinata-ssh-mount.sh $(BINDIR)/pinata-ssh-mount


================================================
FILE: README.md
================================================
Forward SSH agent socket into a container

Still experimental -- contact anil@recoil.org if you want help.

## Installation

Assuming you have a `/usr/local`

```
$ git clone git://github.com/avsm/docker-ssh-agent-forward
$ make
$ make install
```

On every boot, do:

```
$ pinata-ssh-forward
```

and the you can run `pinata-ssh-mount` to get a Docker CLI fragment
that adds the SSH agent socket and set `SSH_AUTH_SOCK` within the container.

```
$ pinata-ssh-mount 
-v /Users/avsm/.pinata-sshd/ssh-1azk9Mmd27/agent.16:/tmp/ssh-agent.sock --env SSH_AUTH_SOCK=/tmp/ssh-agent.sock

$ docker run -it `pinata-ssh-mount` ocaml/opam ssh git@github.com
The authenticity of host 'github.com (192.30.252.128)' can't be established.
RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,192.30.252.128' (RSA) to the list of known hosts.
PTY allocation request failed on channel 0
Hi avsm! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.
```

## Contributors

* Justin Cormack

[License](LICENSE.md) is ISC.


================================================
FILE: pinata-build-sshd.sh
================================================
#!/bin/sh

cd /usr/local/share/pinata-ssh-agent
docker build -t pinata-sshd .


================================================
FILE: pinata-ssh-forward.sh
================================================
#!/bin/sh -e

IMAGE_NAME=pinata-sshd
CONTAINER_NAME=pinata-sshd
LOCAL_STATE=~/.pinata-sshd
LOCAL_PORT=2244

docker rm -f ${CONTAINER_NAME} >/dev/null 2>&1 || true
rm -rf ${LOCAL_STATE}
mkdir -p ${LOCAL_STATE}

docker run --name ${CONTAINER_NAME} \
  -v ~/.ssh/id_rsa.pub:/root/.ssh/authorized_keys \
  -v ${LOCAL_STATE}:/tmp \
  -d -p ${LOCAL_PORT}:22 ${IMAGE_NAME} > /dev/null

IP=`docker inspect --format '{{(index (index .NetworkSettings.Ports "22/tcp") 0).HostIp }}' ${CONTAINER_NAME}`
ssh-keyscan -p ${LOCAL_PORT} ${IP} > ${LOCAL_STATE}/known_hosts 2>/dev/null

ssh -f -o "UserKnownHostsFile=${LOCAL_STATE}/known_hosts" \
  -A -p ${LOCAL_PORT} root@${IP} \
  /root/ssh-find-agent.sh

echo 'Agent forwarding successfully started.'
echo 'Run "pinata-ssh-mount" to get a command-line fragment that'
echo 'can be added to "docker run" to mount the SSH agent socket.'
echo ""
echo 'For example:'
echo 'docker run -it `pinata-ssh-mount` ocaml/opam ssh git@github.com'


================================================
FILE: pinata-ssh-mount.sh
================================================
#!/bin/sh

LOCAL_STATE=~/.pinata-sshd
AGENT=`cat ${LOCAL_STATE}/agent_socket_path | sed -e 's,/tmp/,,g'`
echo "-v ${LOCAL_STATE}/$AGENT:/tmp/ssh-agent.sock --env SSH_AUTH_SOCK=/tmp/ssh-agent.sock"


================================================
FILE: ssh-build.sh
================================================
#!/bin/sh

IMAGE_NAME=pinata-sshd

docker build -q -t ${IMAGE_NAME} .


================================================
FILE: ssh-find-agent.sh
================================================
#!/bin/sh -e
# Log the location of the SSH agent to a file

finish() {
 rm -f /tmp/agent_socket_path
}
trap finish EXIT
echo $SSH_AUTH_SOCK > /tmp/agent_socket_path
tail -f /dev/null