From c1a96df6dcd2f9334680f661c3212102b2c47154 Mon Sep 17 00:00:00 2001 From: Leonid Makarov Date: Thu, 29 Dec 2016 17:33:25 -0800 Subject: [PATCH 1/2] License and readme updates --- LICENSE | 21 +++++++++++++++++++++ README.md | 53 ++++++++++++++++++++++++----------------------------- 2 files changed, 45 insertions(+), 29 deletions(-) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..80c4eec --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2016-2017 Docksal + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index c9fef41..2d8d6fc 100644 --- a/README.md +++ b/README.md @@ -1,57 +1,52 @@ -# Docker SSH Agent for Docksal +# SSH Agent Docker image for Docksal -## How to use +This image(s) is part of the [Docksal](http://docksal.io) image library. -### 0. Build +The exposed ssh-agent socket will be accessible to all users (not only root) in any container. +This is achieved by exposing a proxy socket (`/.ssh-agent/proxy-socket`) via socat. -``` -docker build -t docksal/ssh-agent:stable -f Dockerfile . -``` -### 1. Run a long-lived container +## Usage + +### 1. Start the ssh-agent container ``` -docker run -d --name=ssh-agent docksal/ssh-agent:stable +docker run -d --name=ssh-agent docksal/ssh-agent ``` ### 2. Add your ssh keys -Run a temporary container with volume mounted from host that includes your SSH keys. SSH key id_rsa will be added to ssh-agent (you can replace id_rsa with your key name): +Replace `~/.ssh` with the path to your keys and `id_rsa` with the key name. +If the key has a passphrase, you will be asked to enter it. ``` -docker run --rm --volumes-from=ssh-agent -v ~/.ssh:/root/.ssh -it docksal/ssh-agent:stable ssh-add /root/.ssh/id_rsa +docker run --rm --volumes-from=ssh-agent -v ~/.ssh:/root/.ssh -it ssh-agent ssh-add /root/.ssh/id_rsa ``` -### 3. Delete all ssh keys from ssh-agent +### 3. Access SSH keys from the ssh-agent in other containers -Run a temporary container and delete all known keys from ssh-agent: +Mount the ssh-agent socket and set the `SSH_AUTH_SOCK` variable in other containers. + +Docker ``` -docker run --rm --volumes-from=ssh-agent -it docksal/ssh-agent:stable ssh-add -D +docker run --rm --volumes-from=ssh-agent -e SSH_AUTH_SOCK=/.ssh-agent/proxy-socket-it ssh-add -l ``` -### 4. Add ssh-agent socket to other container: - -Use two options for running your container: +Docker Compose ``` + ... volumes_from: - ssh-agent + ... environment: - - SSH_AUTH_SOCK=/.ssh-agent/socket + - SSH_AUTH_SOCK /.ssh-agent/proxy-socket + ... ``` -It works only for root user. ssh-agent socket is accessible only to the user which started this agent or for root user. So other users don't have access to /.ssh-agent/socket. If you have another user (for example docker) in your container, do next things: -- install 'socat' utility in your container -- make proxy-socket in your conatainer: -``` -sudo socat UNIX-LISTEN:~/.ssh/socket,fork UNIX-CONNECT:/.ssh-agent/socket & -``` -- change owner for this proxy-socket -``` -sudo chown $(id -u) ~/.ssh/socket -``` -- you need use different SSH_AUTH_SOCK for this user: +### Deleting all keys from the ssh-agent + ``` -SSH_AUTH_SOCK=~/.ssh/socket +docker run --rm --volumes-from=ssh-agent -it docksal/ssh-agent ssh-add -D ``` From 110315926e15b7cf864d1dba547008de35c9e642 Mon Sep 17 00:00:00 2001 From: Leonid Makarov Date: Fri, 20 Jan 2017 14:24:42 -0800 Subject: [PATCH 2/2] Cleanup Minor updates in README.md Removed MAINTAINER in Dockerfile as soon to be deprecated --- Dockerfile | 2 -- README.md | 10 +++++----- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 84f3994..3c47a48 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,5 @@ FROM alpine:3.4 -MAINTAINER Team Docksal, https://docksal.io - RUN apk add --no-cache \ bash \ openssh \ diff --git a/README.md b/README.md index 2d8d6fc..91038e3 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ This is achieved by exposing a proxy socket (`/.ssh-agent/proxy-socket`) via soc ### 1. Start the ssh-agent container -``` +```bash docker run -d --name=ssh-agent docksal/ssh-agent ``` @@ -19,7 +19,7 @@ docker run -d --name=ssh-agent docksal/ssh-agent Replace `~/.ssh` with the path to your keys and `id_rsa` with the key name. If the key has a passphrase, you will be asked to enter it. -``` +```bash docker run --rm --volumes-from=ssh-agent -v ~/.ssh:/root/.ssh -it ssh-agent ssh-add /root/.ssh/id_rsa ``` @@ -29,13 +29,13 @@ Mount the ssh-agent socket and set the `SSH_AUTH_SOCK` variable in other contain Docker -``` +```bash docker run --rm --volumes-from=ssh-agent -e SSH_AUTH_SOCK=/.ssh-agent/proxy-socket-it ssh-add -l ``` Docker Compose -``` +```yaml ... volumes_from: - ssh-agent @@ -47,6 +47,6 @@ Docker Compose ### Deleting all keys from the ssh-agent -``` +```bash docker run --rm --volumes-from=ssh-agent -it docksal/ssh-agent ssh-add -D ```