A singularity image created from ubuntu 18.04 (or newer) has a run script which, among other things, git clone some repositories using ssh.
Ideally, I would like that: when the image is executed, the (already activated) ssh key of the host is used for the (git ssh clone) authentication.
So things could be run like:
ssh-add ~/.ssh/my_key # and possibly typing password
./myimage.sif
Would this be possible ?
Short answer: yes
SINGULARITY_BIND=$SSH_AUTH_SOCK ./myimage.sifsingularity run -B $SSH_AUTH_SOCK myimage.sifLong answer: yes, as long as the right directories and environment variables passed to the image.
You need:
git/ssh installed in the singularity image (may or may not be in a default docker image)$HOME directory mounted in. This is default, but may need to do it manually (-H /home/my_user) depending on configurationSSH_AUTH_SOCK exported. By default your host environment is passed into the container, but this can be disabled with -e | --cleanenv
$SSH_AUTH_SOCK mounted in. This is why we're using SINGULARITY_BIND or -B $SSH_AUTH_SOCK
An easy way to test if your keys are being accessed correctly:
$ singularity exec -B $SSH_AUTH_SOCK myimage.sif ssh -T git@github.com
Hi tsnowlan! You've successfully authenticated, but GitHub does not provide shell access.