[ { "path": "Dockerfile", "content": "FROM alpine\nMAINTAINER Anil Madhavapeddy \nRUN apk update && apk add openssh && \\\n apk add --update --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ tini\nRUN mkdir /root/.ssh && \\\n chmod 700 /root/.ssh && \\\n ssh-keygen -A\nCOPY ssh-find-agent.sh /root/ssh-find-agent.sh\nEXPOSE 22\nVOLUME [\"/root/.ssh/authorized_keys\"]\nENTRYPOINT [\"/usr/bin/tini\",\"--\"]\nCMD [\"/usr/sbin/sshd\",\"-D\"]\n" }, { "path": "LICENSE.md", "content": "Copyright (c) 2016 Anil Madhavapeddy \n\nPermission to use, copy, modify, and distribute this software for any\npurpose with or without fee is hereby granted, provided that the above\ncopyright notice and this permission notice appear in all copies.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES\nWITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF\nMERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR\nANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES\nWHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN\nACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF\nOR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.\n" }, { "path": "Makefile", "content": "all:\n\t./pinata-build-sshd.sh\n\t@echo Please run \"make install\"\n\nPREFIX ?= /usr/local\nBINDIR ?= $(PREFIX)/bin\n\ninstall:\n\t@if [ ! -d \"$(PREFIX)\" ]; then echo Error: need a $(PREFIX) directory; exit 1; fi\n\t@mkdir -p $(PREFIX)/share/pinata-ssh-agent\n\tcp Dockerfile $(PREFIX)/share/pinata-ssh-agent\n\tcp ssh-build.sh $(PREFIX)/share/pinata-ssh-agent/ssh-build\n\tcp ssh-find-agent.sh $(PREFIX)/share/pinata-ssh-agent/ssh-find-agent.sh\n\t@mkdir -p $(BINDIR)\n\tcp pinata-build-sshd.sh $(BINDIR)/pinata-build-sshd\n\tcp pinata-ssh-forward.sh $(BINDIR)/pinata-ssh-forward\n\tcp pinata-ssh-mount.sh $(BINDIR)/pinata-ssh-mount\n" }, { "path": "README.md", "content": "Forward SSH agent socket into a container\n\nStill experimental -- contact anil@recoil.org if you want help.\n\n## Installation\n\nAssuming you have a `/usr/local`\n\n```\n$ git clone git://github.com/avsm/docker-ssh-agent-forward\n$ make\n$ make install\n```\n\nOn every boot, do:\n\n```\n$ pinata-ssh-forward\n```\n\nand the you can run `pinata-ssh-mount` to get a Docker CLI fragment\nthat adds the SSH agent socket and set `SSH_AUTH_SOCK` within the container.\n\n```\n$ pinata-ssh-mount \n-v /Users/avsm/.pinata-sshd/ssh-1azk9Mmd27/agent.16:/tmp/ssh-agent.sock --env SSH_AUTH_SOCK=/tmp/ssh-agent.sock\n\n$ docker run -it `pinata-ssh-mount` ocaml/opam ssh git@github.com\nThe authenticity of host 'github.com (192.30.252.128)' can't be established.\nRSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.\nAre you sure you want to continue connecting (yes/no)? yes\nWarning: Permanently added 'github.com,192.30.252.128' (RSA) to the list of known hosts.\nPTY allocation request failed on channel 0\nHi avsm! You've successfully authenticated, but GitHub does not provide shell access.\nConnection to github.com closed.\n```\n\n## Contributors\n\n* Justin Cormack\n\n[License](LICENSE.md) is ISC.\n" }, { "path": "pinata-build-sshd.sh", "content": "#!/bin/sh\n\ncd /usr/local/share/pinata-ssh-agent\ndocker build -t pinata-sshd .\n" }, { "path": "pinata-ssh-forward.sh", "content": "#!/bin/sh -e\n\nIMAGE_NAME=pinata-sshd\nCONTAINER_NAME=pinata-sshd\nLOCAL_STATE=~/.pinata-sshd\nLOCAL_PORT=2244\n\ndocker rm -f ${CONTAINER_NAME} >/dev/null 2>&1 || true\nrm -rf ${LOCAL_STATE}\nmkdir -p ${LOCAL_STATE}\n\ndocker run --name ${CONTAINER_NAME} \\\n -v ~/.ssh/id_rsa.pub:/root/.ssh/authorized_keys \\\n -v ${LOCAL_STATE}:/tmp \\\n -d -p ${LOCAL_PORT}:22 ${IMAGE_NAME} > /dev/null\n\nIP=`docker inspect --format '{{(index (index .NetworkSettings.Ports \"22/tcp\") 0).HostIp }}' ${CONTAINER_NAME}`\nssh-keyscan -p ${LOCAL_PORT} ${IP} > ${LOCAL_STATE}/known_hosts 2>/dev/null\n\nssh -f -o \"UserKnownHostsFile=${LOCAL_STATE}/known_hosts\" \\\n -A -p ${LOCAL_PORT} root@${IP} \\\n /root/ssh-find-agent.sh\n\necho 'Agent forwarding successfully started.'\necho 'Run \"pinata-ssh-mount\" to get a command-line fragment that'\necho 'can be added to \"docker run\" to mount the SSH agent socket.'\necho \"\"\necho 'For example:'\necho 'docker run -it `pinata-ssh-mount` ocaml/opam ssh git@github.com'\n" }, { "path": "pinata-ssh-mount.sh", "content": "#!/bin/sh\n\nLOCAL_STATE=~/.pinata-sshd\nAGENT=`cat ${LOCAL_STATE}/agent_socket_path | sed -e 's,/tmp/,,g'`\necho \"-v ${LOCAL_STATE}/$AGENT:/tmp/ssh-agent.sock --env SSH_AUTH_SOCK=/tmp/ssh-agent.sock\"\n" }, { "path": "ssh-build.sh", "content": "#!/bin/sh\n\nIMAGE_NAME=pinata-sshd\n\ndocker build -q -t ${IMAGE_NAME} .\n" }, { "path": "ssh-find-agent.sh", "content": "#!/bin/sh -e\n# Log the location of the SSH agent to a file\n\nfinish() {\n rm -f /tmp/agent_socket_path\n}\ntrap finish EXIT\necho $SSH_AUTH_SOCK > /tmp/agent_socket_path\ntail -f /dev/null\n" } ]