Search code examples
git-cloneopensshwindows-container

Using SSH in a Docker container (Windows)

Starting from the microsoft/aspnetcore docker image, I was able to install chocolatey and then use chocolatey to install some other software:

  • open-ssh
  • git

Now I want to clone a repo from our Bitbucket server:

  • I added the Bitbucket server to the known_hosts file (and even ssh'd into the server from the container to double-check)
  • I added my Bitbucket ssh key, which I've been using successfully on my machine and used successfully from an Ubuntu container
  • I added a config file in my user's .ssh directory to tell git to use my ssh key

I expect to be able to use git clone ssh://git@<host>/<path to repo>, but this command always fails with the following error:

fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

I got this to work in an Ubuntu container with the following command: ssh-agent sh -c 'ssh-add /home/bamboo/.ssh/id_rsa; git clone ssh://git@<host>/<path to repo>', but this command seemingly does nothing on the Windows container. I never get any feedback from ssh-agent so I am unsure if Open-SSH is even working or if there are known issues of Open-SSH in Windows containers? I do get feedback from ssh-add saying that my key was successfully added, but still I am unable to clone my git repo.

Has anybody been able to successfully do this in Windows containers? It works on my Windows machine but I'm not using Open-SSH, I'm using the Git Bash tools, which don't work in the Windows container. This is all very confusing because all the information on this topic pertains to Ubuntu containers and the resolutions all involve Unix commands that I don't have available in the Windows container.

Another strange thing I notice is that cloning using HTTP doesn't work either, instead I get the following error:

error: failed to execute prompt script (exit code 66) fatal: could not read Password for 'http://(user)@(host)': No error

Solution

  • I got a little help from the Git for Windows people who suggested I use the verbose flag with the ssh command, i.e. ssh -vvvvv <host>. This showed that the config file I had in my user's .ssh directory had some extra permissions, indicated by an error message:

    debug3: Bad permissions. Try removing permissions for user: S-1-5-11 on file C:\Users\ContainerAdministrator/.ssh/config

    Using the icacls utility I was able to remove those permissions, which allowed the config file to be used.