2

I'm trying to clone a project from gitlab in a docker but having authentication failure issue. Outside of docker, it works well to checkout the project using git clone command.

$ git clone "git repo url"

I started docker image using the command as follow.

$ docker run -it -u $(id -u):$(id -g) -v /home/user1:/home/user1 build:001 /bin/bash

I see $(id -u) and $(id -g) displays the same user id and group id between inside of docker and outside of docker. But if I run the command git clone "git repo url" inside, I see the error as follow.

This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'gitlab.com' (ED25519) to the list of known hosts.
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
ubuntu@c94de1e3de20:$

And this is the list of ls -la /home/user/.ssh in the docker.

ubuntu@bfe53a9a6d12:/home/user1$ cd .ssh/
ubuntu@bfe53a9a6d12:/home/user1/.ssh$ ls -la
total 24
drwx------  2 ubuntu ubuntu 4096 Aug 19 18:25 .
drwxr-x--- 24 ubuntu ubuntu 4096 Aug 20 18:24 ..
-rw-------  1 ubuntu ubuntu    0 May  9 16:12 authorized_keys
-rw-------  1 ubuntu ubuntu  399 Jul  3 18:28 id_ed25519
-rw-r--r--  1 ubuntu ubuntu   93 Jul  3 18:28 id_ed25519.pub
-rw-------  1 ubuntu ubuntu 1120 Jul 15 20:16 known_hosts
-rw-r--r--  1 ubuntu ubuntu  284 Jul 15 20:16 known_hosts.old
ubuntu@bfe53a9a6d12:/home/user1/.ssh$

I am searching on the web, not didn't have any good luck yet. It would be great if someone can find what I did incorrectly.

Improve this question
5
  • 1) Is /home/user1 and the home directory of the ubuntu user within the container the same path? 2) Can you post the output of ls -l /home/user1/.ssh/ from within the container? Commented Aug 20 at 17:56
  • I updated the original question with the output of ls -la /home/user1/.ssh Commented Aug 20 at 18:29
  • The problem here is that it's expecting the keys to be at /home/ubuntu/.ssh, but the keys are actually at /home/user1/.ssh. The permissions look fine though. Commented Aug 20 at 19:08
  • I also think that is a problem. I originally created the key outside of docker under /home/user1/.ssh and run docker with a command as described in original question. If so, how can I expose the keys in /home/user1/.ssh to /home/ubuntu/.ssh? Also, I registered the public key to gitlab server. If I use ubuntu user inside docker instead of using user1, will it be working without another problem? Commented Aug 20 at 19:15
  • 1
    "If so, how can I expose the keys in /home/user1/.ssh to /home/ubuntu/.ssh" In the flag -v /home/user1:/home/user1, this is mounting the first part before the : into the container at the path in the second part. So you can present the files under a different path inside the container by doing -v /home/user1:/home/ubuntu. "Also, I registered the public key to gitlab server. If I use ubuntu user inside docker instead of using user1, will it be working without another problem?" No, that isn't a problem. Commented Aug 20 at 19:21

2 Answers 2

Reset to default
0

Inside

/home/user1

you need to have an .ssh folder inside of which you need to have your public and private ssh key inside your Docker container. Hence you need to make sure Docker has them. You will need to set up your keys there, for example this way: https://www.geeksforgeeks.org/devops/how-to-use-ssh-keys-inside-docker-container/

Here's another article about it: https://docs.docker.com/reference/cli/docker/buildx/build/#ssh

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The issue is that your Docker build does not have your Git credentials.

If it is a private repo, the simplest fix is to make a build argument with a personal access token:

ARG GIT_TOKEN
RUN git clone https://${GIT_TOKEN}@github.com/username/your-repo.git

Then build with:

docker build --build-arg GIT_TOKEN=your_token_here -t myimage .

Just make sure that you are using a personal access token from GitHub, and not your password - GitHub does not allow password auth anymore.

If it is a public repo and is still not working, try:

RUN git config --global url."https://".insteadOf git://
RUN git clone https://github.com/username/repo.git

Sometimes the git:// protocol will mess up Docker images.

Edit: Also, as mentioned in comments, be careful about tokens in build args - because they may appear in image history, and this could pose a risk. For production purposes, consider using Docker BuildKit's --mount=type=ssh option instead.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.