Docker connect to remote daemon via ssh - Permission denied (publickey)

Question

I have a problem with connecting to my remote(DigitalOcean) docker engine. What I've done is

1. Made a droplet with Docker 19.03.12 on Ubuntu 20.04.
2. Made a new user myuser and add to docker group on the remote host.
3. Made a .ssh/authorized_keys for the new user it's home and set the permissions, owner etc.
4. Restarted both ssh and docker services.

Result

1. I can ssh from my Mac notebook to my remote host with myuser. (when I run ssh keychain asks for the passphrase for the id_rsa.key.)
2. After I logged in to remote host via ssh I can run docker ps, docker info without any problem.

Problem

Before I make a new context for the remote engine, I tried to run some docker command from my local client on my Mac laptop. Interesting part for me is none of the commands below asks for the id_rsa passphrase)

1. docker -H ssh://myuser@droplet_ip ps -> Error
2. DOCKER_HOST=ssh://myuser@droplet_ip docker ps -> Error

Error

docker -H ssh://myuser@droplet_ip ps
error during connect: Get http://docker/v1.40/containers/json: command [ssh -l myuser -- droplet_ip docker system dial-stdio] has exited with exit status 255, please make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=myuser@droplet_ip: Permission denied (publickey).

What step I missed? How can I connect to a remote docker engine?

Answer 1

It sounds like Docker may not allow ssh to prompt for a key passphrase when connecting. The easiest solution is probably to load your key into an ssh-agent, so that Docker will be able to use the key without requesting a password.

If you want to add your default key (~/.ssh/id_rsa) you can just run:

ssh-add

You can add specific keys by providing a path to the key:

ssh-add ~/.ssh/id_rsa_special

Most modern desktop environments run an ssh-agent process by default.