Question 81975 in Docker Question posted in
The official documentation can be found here.

ssh key in Dockerfile returning Permission denied (publickey)

I’m trying to build a Docker image using DOCKER_BUILDKIT which involves cloning a private remote repository from GitLab, with the following lines of my Dockerfile being used for the git clone:

# Download public key for gitlab.com
RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
RUN --mount=type=ssh git clone [email protected]:*name_of_repo* *download_location*

However, when I run the docker build command using:

DOCKER_BUILDKIT=1 docker build --ssh default --tag test:local .

I get the following error when it is trying to do the git clone:

[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I’ve set up the ssh access successfully on the machine I’m trying to build this image on, and both the ssh -T [email protected] and trying to clone the repository outside of the Docker build work just fine.

I’ve had a look around but can’t find any info on what might be causing this specific issue – any pointers much appreciated.

Tags:

2

Answers


  1. 0

    Make sure you have an SSH agent running and that you added your private key to it.

    Depending on your platform, the commands may vary but since it’s tagged gitlab I will assume that Linux is your platform.

    Verify that you have an SSH agent running with echo $SSH_AUTH_SOCK or echo $SSH_AGENT_SOCK if both echo an empty string, you most likely do not have an agent running.

    To start an agent you can usually type:

    eval `ssh-agent`

    Next, you can verify what key are added (if any) with:

    ssh-add -l

    If the key you need is not listed, you can add it with:

    ssh-add /path/to/your/private-key

    Then you should be good to go.

    More info here: https://www.ssh.com/academy/ssh/agent

    Cheers

    Login or Signup to reply.
  2. 0

    For testing, use a non-encrypted private SSH key (meaning you don’t have to manage an ssh-agent, which is only needed for encrypted private key passphrase caching)

    And use ssh -Tv [email protected] to check where SSH is looking for your key.

    Then, in your Dockerfile, add before the line with git clone:

    ENV GIT_SSH_COMMAND='ssh -Tv'

    You will see again where Docker/SSH is looking when executing git clone with an SSH URL.

    I suggested as much here, and there were some mounting folders missing then.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search