running git or ssh client in docker as user: No user exists for uid

ssh docker authentication passwd

19,556

Using this bash function:

function docker--run() {
    if [[ -z $1 ]]; then
        echo 'docker--run [-v $PWD:/src] IMAGE'
        return 1
    fi
    # useradd for ubuntu (which has adduser as well)
    # adduser for alpine, others not tested
    docker run -it --rm --entrypoint sh "$@" -c "
          [ -x /usr/sbin/useradd ] && useradd -m -u $(id -u) u1 -s /bin/sh || adduser -D -u $(id -u) u1 -s /bin/sh;
          exec su - u1"
}

You can run it as

docker--run -v /home/$USER:/home/u1 kiesel/debian-ssh-client

It will create a user u1 with your userid in the docker container and then switch to that user.

19,556

Jörn Hees

Python, Semantic Web, Machine Learning guy...

Updated on September 18, 2022

Comments

Jörn Hees over 1 year
Problem:

I'm trying to run a git clone myuser@server:repo.git from within a docker container. Inside the container (due to policy) I am the same user as on the docker host system (non-root) and have my home mounted.

Sadly when cloning from or trying to ssh into server i get an error message like this:
```
No user exists for uid 1337
```
MVCE:

To reproduce the problem you can run the following docker container:
```
docker run --rm -it -v /home/$USER:/home/$USER -e HOME=/home/$USER -w /home/$USER -u $UID:100 --cap-drop=ALL kiesel/debian-ssh-client
```
and inside the container either of the following commands:
```
git clone myuser@server:repo.git
ssh -vT myuser@server
```
Workaround:

Adding a faked /etc/passwd with a line for my uid seems to fix the problem (e.g., getent passwd $USER > /tmp/mypasswd, then add a -v /tmp/mypasswd:/etc/passwd:ro to the docker run cmd).

Sadly this requires shadowing/modifying the container's /etc/passwd, which i can imagine will lead to trouble at some point.

Questions:
- Why is ssh (client) looking at the local (container's) /etc/passwd?
- Is there a simple way to deactivate that (with user permissions)?
- derabbink over 4 years
  
  This question was asked (& answered) in a very similar form on Stackoverflow: stackoverflow.com/a/57531352/1296709
- try-catch-finally over 4 years
  
  The related code might be this line. The code further references fields from a struct (I don't pretend to know, but) named "dir" and "name". So SSH likes to determine the username and home, like muru guessed.
- dedunumax almost 4 years
  
  You are injecting a user ID that doesn't exist in the docker container. docker run --rm -it -v /home/$USER:/home/$USER -e HOME=/home/$USER -w /home/$USER kiesel/debian-ssh-client worked find for me. But the folder created from docker git is owned by root.