Repository: avsm/docker-ssh-agent-forward Branch: master Commit: 86ec6df9a582 Files: 9 Total size: 4.3 KB Directory structure: gitextract_7_l1ndja/ ├── Dockerfile ├── LICENSE.md ├── Makefile ├── README.md ├── pinata-build-sshd.sh ├── pinata-ssh-forward.sh ├── pinata-ssh-mount.sh ├── ssh-build.sh └── ssh-find-agent.sh ================================================ FILE CONTENTS ================================================ ================================================ FILE: Dockerfile ================================================ FROM alpine MAINTAINER Anil Madhavapeddy RUN apk update && apk add openssh && \ apk add --update --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ tini RUN mkdir /root/.ssh && \ chmod 700 /root/.ssh && \ ssh-keygen -A COPY ssh-find-agent.sh /root/ssh-find-agent.sh EXPOSE 22 VOLUME ["/root/.ssh/authorized_keys"] ENTRYPOINT ["/usr/bin/tini","--"] CMD ["/usr/sbin/sshd","-D"] ================================================ FILE: LICENSE.md ================================================ Copyright (c) 2016 Anil Madhavapeddy Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ================================================ FILE: Makefile ================================================ all: ./pinata-build-sshd.sh @echo Please run "make install" PREFIX ?= /usr/local BINDIR ?= $(PREFIX)/bin install: @if [ ! -d "$(PREFIX)" ]; then echo Error: need a $(PREFIX) directory; exit 1; fi @mkdir -p $(PREFIX)/share/pinata-ssh-agent cp Dockerfile $(PREFIX)/share/pinata-ssh-agent cp ssh-build.sh $(PREFIX)/share/pinata-ssh-agent/ssh-build cp ssh-find-agent.sh $(PREFIX)/share/pinata-ssh-agent/ssh-find-agent.sh @mkdir -p $(BINDIR) cp pinata-build-sshd.sh $(BINDIR)/pinata-build-sshd cp pinata-ssh-forward.sh $(BINDIR)/pinata-ssh-forward cp pinata-ssh-mount.sh $(BINDIR)/pinata-ssh-mount ================================================ FILE: README.md ================================================ Forward SSH agent socket into a container Still experimental -- contact anil@recoil.org if you want help. ## Installation Assuming you have a `/usr/local` ``` $ git clone git://github.com/avsm/docker-ssh-agent-forward $ make $ make install ``` On every boot, do: ``` $ pinata-ssh-forward ``` and the you can run `pinata-ssh-mount` to get a Docker CLI fragment that adds the SSH agent socket and set `SSH_AUTH_SOCK` within the container. ``` $ pinata-ssh-mount -v /Users/avsm/.pinata-sshd/ssh-1azk9Mmd27/agent.16:/tmp/ssh-agent.sock --env SSH_AUTH_SOCK=/tmp/ssh-agent.sock $ docker run -it `pinata-ssh-mount` ocaml/opam ssh git@github.com The authenticity of host 'github.com (192.30.252.128)' can't be established. RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'github.com,192.30.252.128' (RSA) to the list of known hosts. PTY allocation request failed on channel 0 Hi avsm! You've successfully authenticated, but GitHub does not provide shell access. Connection to github.com closed. ``` ## Contributors * Justin Cormack [License](LICENSE.md) is ISC. ================================================ FILE: pinata-build-sshd.sh ================================================ #!/bin/sh cd /usr/local/share/pinata-ssh-agent docker build -t pinata-sshd . ================================================ FILE: pinata-ssh-forward.sh ================================================ #!/bin/sh -e IMAGE_NAME=pinata-sshd CONTAINER_NAME=pinata-sshd LOCAL_STATE=~/.pinata-sshd LOCAL_PORT=2244 docker rm -f ${CONTAINER_NAME} >/dev/null 2>&1 || true rm -rf ${LOCAL_STATE} mkdir -p ${LOCAL_STATE} docker run --name ${CONTAINER_NAME} \ -v ~/.ssh/id_rsa.pub:/root/.ssh/authorized_keys \ -v ${LOCAL_STATE}:/tmp \ -d -p ${LOCAL_PORT}:22 ${IMAGE_NAME} > /dev/null IP=`docker inspect --format '{{(index (index .NetworkSettings.Ports "22/tcp") 0).HostIp }}' ${CONTAINER_NAME}` ssh-keyscan -p ${LOCAL_PORT} ${IP} > ${LOCAL_STATE}/known_hosts 2>/dev/null ssh -f -o "UserKnownHostsFile=${LOCAL_STATE}/known_hosts" \ -A -p ${LOCAL_PORT} root@${IP} \ /root/ssh-find-agent.sh echo 'Agent forwarding successfully started.' echo 'Run "pinata-ssh-mount" to get a command-line fragment that' echo 'can be added to "docker run" to mount the SSH agent socket.' echo "" echo 'For example:' echo 'docker run -it `pinata-ssh-mount` ocaml/opam ssh git@github.com' ================================================ FILE: pinata-ssh-mount.sh ================================================ #!/bin/sh LOCAL_STATE=~/.pinata-sshd AGENT=`cat ${LOCAL_STATE}/agent_socket_path | sed -e 's,/tmp/,,g'` echo "-v ${LOCAL_STATE}/$AGENT:/tmp/ssh-agent.sock --env SSH_AUTH_SOCK=/tmp/ssh-agent.sock" ================================================ FILE: ssh-build.sh ================================================ #!/bin/sh IMAGE_NAME=pinata-sshd docker build -q -t ${IMAGE_NAME} . ================================================ FILE: ssh-find-agent.sh ================================================ #!/bin/sh -e # Log the location of the SSH agent to a file finish() { rm -f /tmp/agent_socket_path } trap finish EXIT echo $SSH_AUTH_SOCK > /tmp/agent_socket_path tail -f /dev/null