5

Folks, After following a few threads on how to add ssh keys to the docker container for the application build phase, I am getting an interesting error:

Load key "/root/.ssh/id_rsa": invalid format

My Dockerfile:

RUN mkdir /root/.ssh/
ADD serviceBitbucketKey.ssh /root/.ssh/id_rsa
RUN chmod 400 /root/.ssh/id_rsa

RUN touch /root/.ssh/`known_hosts
RUN ssh-keyscan bitbucket.org >> /root/.ssh/known_hosts
RUN git ls-remote [email protected]:orgName/repo.git
RUN git config --global url.ssh://[email protected]/.insteadOf https://bitbucket.org/

I do know the key is fine... it was generated via

ssh-keygen -t rsa -b 4096 -f serviceBitbucketKey.ssh

Suggestions? Thanks!

Improve this question
5
  • I’d suggest not packaging your image with keys, whoever gets a copy of the image may be able to obtain a copy from a container / the image / image layers. Running docker in experimental mode and using buildkit you can add the keys to a ssh-agent then mount the ssh-agent during the build. Commented Oct 7, 2019 at 6:38
  • Any solution? I am a bit stuck right now and I need to push my container to google cloud however I have dependencies from private gitlabs.. Commented Nov 22, 2019 at 22:23
  • @masseyb Using a multistage build in docker means you no longer need to worry about leaking secrets used in the build phase, instead you just need to make sure you're not using them in the final stage. It's a good pattern since you can reduce the size of your image by separating building from running. You probably don't need git to run your code. Commented Jan 3, 2020 at 1:30
  • @KevinHarker OP does not seem to be using a multi stage build and you can (should imho) avoid copying your keys during the build rather forward the SSH agent using SSH to access private data in builds. This example is multi stage and uses SSH during the build. Commented Jan 3, 2020 at 7:44
  • @masseyb Since the OP didn't share the whole dockerfile it's unclear if they're using a multistage build. Using the ssh agent is a pain today and requires using the experimental features. I hope they make it easier in the coming releases. Commented Jan 3, 2020 at 17:29

2 Answers 2

Reset to default
2

Try, assuming, as detailed in Adiii's answer, that the permissions are OK, to generate a key using the old PEM format (instead of the new OpenSSH one):

ssh-keygen -t rsa -P "" -C "your-email-address" -m PEM
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I thing its permission issue if the key is valid, try with this

FROM alpine:3.7
#copy key
ADD serviceBitbucketKey.ssh /root/.ssh/id_rsa

#install git
RUN apk --no-cache update git

#set proper permission
RUN chmod 600 /root/.ssh/id_rsa && \
touch /root/.ssh/known_hosts && \
ssh-keyscan bitbucket.org > ~/.ssh/known_hosts
RUN git ls-remote [email protected]:myorg/myrepo.git
Improve this answer

1 Comment

Did this help @cmag?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.