11

I have setup a VS Code dev container and I can run and debug my code inside. My ~/.gitconfig from my host system was correctly copied into the container. However, my ssh credentials don't seem to work (or are not available), neither are my gnupg signing files (~/.gnupg) available.

Must I manually copy these files ( ~/.ssh and ~/.gnupg) into the container?

The documentation cautions:

There are some cases when you may be cloning your repository using SSH keys instead of a credential helper. To enable this scenario, the extension will automatically forward your local SSH agent if one is running.

The only stated requirement is the SSH-agent server running on my host system, which it is:

C:\Windows\system32> Get-Service ssh-agent

Status   Name               DisplayName
------   ----               -----------
Running  ssh-agent          OpenSSH Authentication Agent

What is the correct way to make my SSH credentials available to my dev container?

Improve this question
4
  • 1
    Could you share your container config and any relevant settings in your .gitconfig? I'm having difficulty reproducing. Commented Mar 22, 2023 at 22:22
  • Since it works on your machine, I gave it a try on another and it works there as well. I think I found the culprit, the .ssh folder was set to another path and hence the mounting of .ssh pointed to the wrong folder. Feel free to post your example .devcontainer.json and I staple my bounty to it. Don't want the points being lost, so better they serve someone who tried checking out this question. Commented Mar 23, 2023 at 14:01
  • 1
    So I updated my answer this morning, I think maybe the issue is you have terminal.integrated.inheritEnv unchecked? See my answer. Commented Mar 24, 2023 at 12:22
  • 1
    That was it, I overwrote it in my local project. Commented Mar 27, 2023 at 3:48

5 Answers 5

Reset to default
11

It is also possible to achieve this with the mount capability of the devcontainer.json configuration file:

    {
        "name": "container name",
        ...
        "remoteUser": "root",  
        "mounts": [
            "source=${localEnv:HOME}/.ssh,target=/root/.ssh,type=bind,consistency=cached",
        ]
       ...
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I couldn't get it working any other way... I would have expected this to be automatic.
This was the way, but with the target being /home/vscode/.ssh as suggested by @jo_rob below: stackoverflow.com/a/78025690/337103
won't work with non-root devcontainer users, such as "vscode"
8
+300

There are a couple prerequisites.

  1. You must have VS Code setting terminal.integrated.inheritEnv enabled.
  2. You must have your ssh-agent ran at login.

VS Code supports your ssh settings via doing two things:

  • Copying in known_hosts from your ~/.ssh/known_hosts.
  • Finding your ssh-agent socket created when you logged into the system.

For me on macOS, the ssh-agent creates a file in a random location, e.g.:

SSH_AUTH_SOCK=/tmp/vscode-ssh-auth-1a6abf46-1c35-41bf-aedd-e08135a38f5f.sock

My login scripts performs two commands, in this example I ran them on the command line:

% eval `ssh-agent`
Agent pid 15376

% ssh-add
Identity added: /Users/risner/.ssh/id_rsa (/Users/risner/.ssh/id_rsa)

For Windows, this answer should help in setting up the agent:
How to run ssh-add on windows?

Once created, all your containers should pick it up without specific settings. Here is a test .devcontainer.json file:

{
  "build": {
    "dockerfile": "Dockerfile",
    "args": { "VARIANT": "hirsute" }
  },
  "forwardPorts": [3000]
}

For a M1 Mac, the hirsute variant picks up the native arm64.

My test Dockerfile is rather generic:

FROM mcr.microsoft.com/devcontainers/javascript-node:0-18
RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
    && apt-get -y install git

Once in the container, I verified the keys worked:

node ➜ /workspaces/MySSH (master) $ set|grep -i ssh
PWD=/workspaces/MySSH
REMOTE_CONTAINERS_SOCKETS='["/tmp/vscode-ssh-auth-1a6abf46-1c35-41bf-aedd-e08135a38f5f.sock","/tmp/.X11-unix/X0"]'
SSH_AUTH_SOCK=/tmp/vscode-ssh-auth-1a6abf46-1c35-41bf-aedd-e08135a38f5f.sock
node ➜ /workspaces/MySSH (master) $ ssh [email protected]
Last login: Mon Mar  6 08:31:03 2023 from 172.59.80.11
Improve this answer

1 Comment

The official docs indicate that ssh agent forwarding should work by default on macOS however they do not mention that setting terminal.integrated.inheritEnv is required. This answer is the only place I've seen it mentioned in many hours of troubleshooting. Edit: I forgot to mention - the answer is correct and this is incredibly helpful, thanks :)
8

With my version of dev containers there is a folder

/home/vscode

The correct mount option is therefore

"mounts": [
    "source=${localEnv:HOME}/.ssh,target=/home/vscode/.ssh,type=bind,consistency=cached",
]

extra info: I needed this, since I have two github accounts with two ssh keys. When only the ssh agent is forwarded, git is picking up the wrong ssh key and authentication fails.

To solve this I added two hosts in the .ssh/config.

Host git_priv
  Hostname github.com
  IdentityFile ~/.ssh/id_rsa_git_private
  IdentitiesOnly yes

Host github.com
  Hostname github.com
  IdentityFile ~/.ssh/id_rsa
  IdentitiesOnly yes

Basically I set one ssh key as standard (using github.com as the host) and the the other to only work with github-private.com as domain. If I now inlclude this git config with the above command into the devcontainer, I get the correct ssh key resolution.

Improve this answer

Comments

5

As of 2025, your credentials are automatically shared with the Devcontainer. A common issue I see is the key not loaded on the host machine (main computer). You just need to run ssh-add on your host.

How it works

Docker mounts the SSH socket from your host (your computer) to the Devcontainer, allowing you to make authentication requests from inside your Devcontainer. You can see the mount path by running echo $SSH_AUTH_SOCK in your Devcontainer.

Troubleshooting (Tested on MacOS only)

  1. Confirm that you are authenticated on your host (main computer), by running ssh [email protected]. Or to authenticate, follow the instructions to add SSH key.
  2. Make sure the ssh agent is up on your host, by running eval "$(ssh-agent -s)".
  3. Run ssh-add on your host to load the key onto the SSH agent (common problem).
  4. Launch the Devcontainer. Once it starts, run ssh -vT [email protected] to either confirm or diagnose the ssh connection. You might need to install ssh.
  5. If all works, and you're still experiencing issues; confirm that postCreateCommand in your devcontainer.json does not have blocking processes, such as sleep infinity, that can prevent it from finishing.
  6. When all fails, this is what usually fixes for me. Restart the computer and rebuild the containers. Then run eval "$(ssh-agent -s)" and ssh-add.
Improve this answer

1 Comment

I don't think that this is entirely correct, it doesn't seem to inherit automatically for custom Dockerfiles.
1

As of now (2024) I find that devcontainers just work out of the box with the host ssh-agent. I just installed the ssh-agent plugin with zsh and it works with my host ssh credentials when I make a commit. I have not tried the gnupg keys yet.

How exactly it works, I have no clue.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.