Hello,
Following: https://docs.docker.com/develop/develop-images/build_enhancements/#using-ssh-to-access-private-data-in-builds and https://medium.com/@tonistiigi/build-secrets-and-ssh-forwarding-in-docker-18-09-ae8161d066 I spotted an issue with using the mount=type=ssh
as non-root USER
Following example works fine:
# syntax=docker/dockerfile:experimental
FROM ubuntu:18.04
RUN apt-get update && apt-get install -y ssh && apt-get clean -y
RUN \
mkdir -p /root/.ssh \
&& chmod 700 /root/.ssh \
&& touch /root/.ssh/known_hosts \
&& ssh-keyscan github.com >> /root/.ssh/known_hosts
RUN --mount=type=ssh ssh -T git@github.com
it doesn’t really make anything useful, just gives a proof - SSH auth is working:
DOCKER_BUILDKIT=1 docker build -t tmpxxx1 --ssh=default -f Dockerfile-ssh-mount-root --progress=plain .
...
#10 [5/5] RUN --mount=type=ssh ssh -T git@github.com
#10 digest: sha256:29b7e33e4bbd309b873b28459b5903b83ca287c3ddde5d4acdd19f1f2b54decd
#10 name: "[5/5] RUN --mount=type=ssh ssh -T git@github.com"
#10 started: 2019-04-10 10:33:47.935611053 +0000 UTC
#10 0.935 Warning: Permanently added the RSA host key for IP address '140.82.118.4' to the list of known hosts.
#10 1.744 Hi UserName! You've successfully authenticated, but GitHub does not provide shell access.
When trying to use non-root USER
:
# syntax=docker/dockerfile:experimental
FROM ubuntu:18.04
RUN apt-get update && apt-get install -y ssh && apt-get clean -y
RUN groupadd tmpuser \
&& useradd tmpuser -g tmpuser -d /home/tmpuser \
&& mkdir -p /home/tmpuser/.ssh \
&& chmod 700 /home/tmpuser/.ssh \
&& touch /home/tmpuser/.ssh/known_hosts \
&& ssh-keyscan github.com >> /home/tmpuser/.ssh/known_hosts \
&& chown -R tmpuser:tmpuser /home/tmpuser/.ssh
USER tmpuser:tmpuser
RUN --mount=type=ssh ssh -T git@github.com
it doesn’t work:
DOCKER_BUILDKIT=1 docker build -t tmpxxx2 --ssh=default -f Dockerfile-ssh-mount-user --progress=plain .
...
#10 [5/5] RUN --mount=type=ssh ssh -T git@github.com
#10 digest: sha256:4644a12e91d8fd2197fb919d384bb0a03d6b3083ef933a2735ccb9f5a88d2839
#10 name: "[5/5] RUN --mount=type=ssh ssh -T git@github.com"
#10 started: 2019-04-10 10:33:56.249138127 +0000 UTC
#10 0.902 Warning: Permanently added the RSA host key for IP address '140.82.118.3' to the list of known hosts.
#10 1.162 git@github.com: Permission denied (publickey).
am I doing something wrong? Or it’s unsupported feature?
Thanks
Robert