├── Dockerfile ├── LICENSE.md ├── Makefile ├── README.md ├── pinata-build-sshd.sh ├── pinata-ssh-forward.sh ├── pinata-ssh-mount.sh ├── ssh-build.sh └── ssh-find-agent.sh /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine 2 | MAINTAINER Anil Madhavapeddy 3 | RUN apk update && apk add openssh && \ 4 | apk add --update --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ tini 5 | RUN mkdir /root/.ssh && \ 6 | chmod 700 /root/.ssh && \ 7 | ssh-keygen -A 8 | COPY ssh-find-agent.sh /root/ssh-find-agent.sh 9 | EXPOSE 22 10 | VOLUME ["/root/.ssh/authorized_keys"] 11 | ENTRYPOINT ["/usr/bin/tini","--"] 12 | CMD ["/usr/sbin/sshd","-D"] 13 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016 Anil Madhavapeddy 2 | 3 | Permission to use, copy, modify, and distribute this software for any 4 | purpose with or without fee is hereby granted, provided that the above 5 | copyright notice and this permission notice appear in all copies. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | all: 2 | ./pinata-build-sshd.sh 3 | @echo Please run "make install" 4 | 5 | PREFIX ?= /usr/local 6 | BINDIR ?= $(PREFIX)/bin 7 | 8 | install: 9 | @if [ ! -d "$(PREFIX)" ]; then echo Error: need a $(PREFIX) directory; exit 1; fi 10 | @mkdir -p $(PREFIX)/share/pinata-ssh-agent 11 | cp Dockerfile $(PREFIX)/share/pinata-ssh-agent 12 | cp ssh-build.sh $(PREFIX)/share/pinata-ssh-agent/ssh-build 13 | cp ssh-find-agent.sh $(PREFIX)/share/pinata-ssh-agent/ssh-find-agent.sh 14 | @mkdir -p $(BINDIR) 15 | cp pinata-build-sshd.sh $(BINDIR)/pinata-build-sshd 16 | cp pinata-ssh-forward.sh $(BINDIR)/pinata-ssh-forward 17 | cp pinata-ssh-mount.sh $(BINDIR)/pinata-ssh-mount 18 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Forward SSH agent socket into a container 2 | 3 | Still experimental -- contact anil@recoil.org if you want help. 4 | 5 | ## Installation 6 | 7 | Assuming you have a `/usr/local` 8 | 9 | ``` 10 | $ git clone git://github.com/avsm/docker-ssh-agent-forward 11 | $ make 12 | $ make install 13 | ``` 14 | 15 | On every boot, do: 16 | 17 | ``` 18 | $ pinata-ssh-forward 19 | ``` 20 | 21 | and the you can run `pinata-ssh-mount` to get a Docker CLI fragment 22 | that adds the SSH agent socket and set `SSH_AUTH_SOCK` within the container. 23 | 24 | ``` 25 | $ pinata-ssh-mount 26 | -v /Users/avsm/.pinata-sshd/ssh-1azk9Mmd27/agent.16:/tmp/ssh-agent.sock --env SSH_AUTH_SOCK=/tmp/ssh-agent.sock 27 | 28 | $ docker run -it `pinata-ssh-mount` ocaml/opam ssh git@github.com 29 | The authenticity of host 'github.com (192.30.252.128)' can't be established. 30 | RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48. 31 | Are you sure you want to continue connecting (yes/no)? yes 32 | Warning: Permanently added 'github.com,192.30.252.128' (RSA) to the list of known hosts. 33 | PTY allocation request failed on channel 0 34 | Hi avsm! You've successfully authenticated, but GitHub does not provide shell access. 35 | Connection to github.com closed. 36 | ``` 37 | 38 | ## Contributors 39 | 40 | * Justin Cormack 41 | 42 | [License](LICENSE.md) is ISC. 43 | -------------------------------------------------------------------------------- /pinata-build-sshd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cd /usr/local/share/pinata-ssh-agent 4 | docker build -t pinata-sshd . 5 | -------------------------------------------------------------------------------- /pinata-ssh-forward.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | IMAGE_NAME=pinata-sshd 4 | CONTAINER_NAME=pinata-sshd 5 | LOCAL_STATE=~/.pinata-sshd 6 | LOCAL_PORT=2244 7 | 8 | docker rm -f ${CONTAINER_NAME} >/dev/null 2>&1 || true 9 | rm -rf ${LOCAL_STATE} 10 | mkdir -p ${LOCAL_STATE} 11 | 12 | docker run --name ${CONTAINER_NAME} \ 13 | -v ~/.ssh/id_rsa.pub:/root/.ssh/authorized_keys \ 14 | -v ${LOCAL_STATE}:/tmp \ 15 | -d -p ${LOCAL_PORT}:22 ${IMAGE_NAME} > /dev/null 16 | 17 | IP=`docker inspect --format '{{(index (index .NetworkSettings.Ports "22/tcp") 0).HostIp }}' ${CONTAINER_NAME}` 18 | ssh-keyscan -p ${LOCAL_PORT} ${IP} > ${LOCAL_STATE}/known_hosts 2>/dev/null 19 | 20 | ssh -f -o "UserKnownHostsFile=${LOCAL_STATE}/known_hosts" \ 21 | -A -p ${LOCAL_PORT} root@${IP} \ 22 | /root/ssh-find-agent.sh 23 | 24 | echo 'Agent forwarding successfully started.' 25 | echo 'Run "pinata-ssh-mount" to get a command-line fragment that' 26 | echo 'can be added to "docker run" to mount the SSH agent socket.' 27 | echo "" 28 | echo 'For example:' 29 | echo 'docker run -it `pinata-ssh-mount` ocaml/opam ssh git@github.com' 30 | -------------------------------------------------------------------------------- /pinata-ssh-mount.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | LOCAL_STATE=~/.pinata-sshd 4 | AGENT=`cat ${LOCAL_STATE}/agent_socket_path | sed -e 's,/tmp/,,g'` 5 | echo "-v ${LOCAL_STATE}/$AGENT:/tmp/ssh-agent.sock --env SSH_AUTH_SOCK=/tmp/ssh-agent.sock" 6 | -------------------------------------------------------------------------------- /ssh-build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | IMAGE_NAME=pinata-sshd 4 | 5 | docker build -q -t ${IMAGE_NAME} . 6 | -------------------------------------------------------------------------------- /ssh-find-agent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | # Log the location of the SSH agent to a file 3 | 4 | finish() { 5 | rm -f /tmp/agent_socket_path 6 | } 7 | trap finish EXIT 8 | echo $SSH_AUTH_SOCK > /tmp/agent_socket_path 9 | tail -f /dev/null 10 | --------------------------------------------------------------------------------