Git clone with ssh in docker image build
If you are sure the correct public key is in bitbucket, the answer (in my experience) is almost always the permissions on the .ssh folder and files within. I see above that you just create that folder and the private key within, but do not update permissions.
Expected Permissions
.ssh should be:
drwx------ 2 user user 4096 Feb 6 11:18 .ssh
The private key:
-rw------- 1 user user 1675 Feb 6 11:18 id_rsa
Finally your home dir should at the very least not be writable by group or other, generally you want:
drwx------ 84 user user 16384 Feb 16 18:23 user
Putting it all together:
chmod go-w /root
chmod 700 /root/.ssh
chmod 600 /root/.ssh/id_rsa
Related videos on Youtube
Victor
I had worked as a Backend Software Engineer since 2007, mostly working with Java and C/C++.
Updated on September 18, 2022Comments
-
Victor over 1 year
I'm building a docker image, and I want to clone a repository from bitbucket.
If I create a `debian' container and execute step-by-step, everything works fine. But when I try to create the image, it does not work.
I have added the key to bitbucket settings.
Here is my
Dockerfile
FROM debian:stretch RUN apt-get update && apt-get -y upgrade && apt-get -y install nginx curl software-properties-common gnupg git RUN curl -sL https://deb.nodesource.com/setup_6.x | bash - RUN apt-get install -y nodejs RUN mkdir /backend RUN npm install pm2 ts-node -g WORKDIR /backend RUN mkdir /root/.ssh RUN echo -e "-----BEGIN RSA PRIVATE KEY-----\n(...)-----END RSA PRIVATE KEY-----" >> /root/.ssh/id_rsa RUN chmod 400 /root/.ssh/id_rsa RUN ssh-keyscan bitbucket.org >> /root/.ssh/known_hosts RUN git clone [email protected]:xxx/xxx.git
Here is the error:
Cloning into 'xxx'... Warning: Permanently added the RSA host key for IP address '104.192.143.3' to the list of known hosts. Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
How can I create this image to work properly?
-
Scott - Слава Україні about 5 yearsTo be paranoid, you might say
touch /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa && echo -e "-----BEGIN RSA PRIVATE KEY-----\n(...)-----END RSA PRIVATE KEY-----" >> /root/.ssh/id_rsa
, to avoid having the sensitive data in a world-readable file for even a microsecond.