Initial setup for ssh on docker-compose











up vote
0
down vote

favorite












I am using docker for MacOS / Win.



I connect to external servers via ssh from shell in docker container,



For now, I generate ssh-key in docker shell, and manually send sshkey to servers.



However in this method, everytime I re-build container, sshkey is deleted.



So I want to set initial sshkey when I build images.



I have 2 ideas




  1. Mount .ssh folder from my macOS to docker folder and persist.
    (Permission control might be difficult and complex....)


  2. Write scripts that makes the ssh-keymake & sends this to servers in docker-compose.yml or Dockerfile.
    (Everytime I build , new key is send...??)



Which is the best practice? or do you have any idea to set ssh-key automatically??










share|improve this question






















  • i dont understand why do you want to use ssh this way, but you could build image with your ssh crap, and then use this image as base image in your Dockerfile of the apps... that way the keys stays there, so you will do FROM whitebear/sshcrap:latest
    – Mazel Tov
    Aug 21 at 14:30

















up vote
0
down vote

favorite












I am using docker for MacOS / Win.



I connect to external servers via ssh from shell in docker container,



For now, I generate ssh-key in docker shell, and manually send sshkey to servers.



However in this method, everytime I re-build container, sshkey is deleted.



So I want to set initial sshkey when I build images.



I have 2 ideas




  1. Mount .ssh folder from my macOS to docker folder and persist.
    (Permission control might be difficult and complex....)


  2. Write scripts that makes the ssh-keymake & sends this to servers in docker-compose.yml or Dockerfile.
    (Everytime I build , new key is send...??)



Which is the best practice? or do you have any idea to set ssh-key automatically??










share|improve this question






















  • i dont understand why do you want to use ssh this way, but you could build image with your ssh crap, and then use this image as base image in your Dockerfile of the apps... that way the keys stays there, so you will do FROM whitebear/sshcrap:latest
    – Mazel Tov
    Aug 21 at 14:30















up vote
0
down vote

favorite









up vote
0
down vote

favorite











I am using docker for MacOS / Win.



I connect to external servers via ssh from shell in docker container,



For now, I generate ssh-key in docker shell, and manually send sshkey to servers.



However in this method, everytime I re-build container, sshkey is deleted.



So I want to set initial sshkey when I build images.



I have 2 ideas




  1. Mount .ssh folder from my macOS to docker folder and persist.
    (Permission control might be difficult and complex....)


  2. Write scripts that makes the ssh-keymake & sends this to servers in docker-compose.yml or Dockerfile.
    (Everytime I build , new key is send...??)



Which is the best practice? or do you have any idea to set ssh-key automatically??










share|improve this question













I am using docker for MacOS / Win.



I connect to external servers via ssh from shell in docker container,



For now, I generate ssh-key in docker shell, and manually send sshkey to servers.



However in this method, everytime I re-build container, sshkey is deleted.



So I want to set initial sshkey when I build images.



I have 2 ideas




  1. Mount .ssh folder from my macOS to docker folder and persist.
    (Permission control might be difficult and complex....)


  2. Write scripts that makes the ssh-keymake & sends this to servers in docker-compose.yml or Dockerfile.
    (Everytime I build , new key is send...??)



Which is the best practice? or do you have any idea to set ssh-key automatically??







docker ssh docker-compose






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Aug 21 at 13:31









whitebear

2,787114190




2,787114190












  • i dont understand why do you want to use ssh this way, but you could build image with your ssh crap, and then use this image as base image in your Dockerfile of the apps... that way the keys stays there, so you will do FROM whitebear/sshcrap:latest
    – Mazel Tov
    Aug 21 at 14:30




















  • i dont understand why do you want to use ssh this way, but you could build image with your ssh crap, and then use this image as base image in your Dockerfile of the apps... that way the keys stays there, so you will do FROM whitebear/sshcrap:latest
    – Mazel Tov
    Aug 21 at 14:30


















i dont understand why do you want to use ssh this way, but you could build image with your ssh crap, and then use this image as base image in your Dockerfile of the apps... that way the keys stays there, so you will do FROM whitebear/sshcrap:latest
– Mazel Tov
Aug 21 at 14:30






i dont understand why do you want to use ssh this way, but you could build image with your ssh crap, and then use this image as base image in your Dockerfile of the apps... that way the keys stays there, so you will do FROM whitebear/sshcrap:latest
– Mazel Tov
Aug 21 at 14:30














2 Answers
2






active

oldest

votes

















up vote
1
down vote



accepted










Best practice is typically to not make outbound ssh connections from containers. If what you’re trying to add to your container is a binary or application code, manage your source control setup outside Docker and COPY the data into an image. If it’s data your application needs to run, again fetch it externally and use docker run -v to inject it into the container.



As you say, managing this key material securely, and obeying ssh’s Unix permission requirements, is incredibly tricky. If I really didn’t have a choice but to do this I’d write an ENTRYPOINT script that copied the private key from a bind-mounted volume to my container user’s .ssh directory. But my first choice would be to redesign my application flow to not need this at all.






share|improve this answer





















  • I am a Windows user. I used to use OSX before. OSX's shell is bash so you can use less cat and so on. However, On Windows Power Shell I need to learn the Power Shell command. So I try to use docker as daily works bash. But, it might not be good idea. I will install app like Cygwin or MingW
    – whitebear
    Aug 28 at 12:45




















up vote
0
down vote













After reading the "I'm a windows user .." comment I'm thinking you are solving the wrong problem. You are looking for an easy (sane) shell access to your servers. The are are two simpler solutions.
1. Windows Linux subsystem -- https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux. (not my choice)




  1. Cygwin -- http://www.cygwin.com -- for that comfy Linux feel to your cmd :-)


How I install it.




  1. Download and install it (be careful to only pick the features beyond base that you need. (there is a LOT and most of it you will not need -- like the compilers and X). Make sure that SSH is selected. Don't worry you can rerun the setup as many times as you want (I do that occasionally to update what I use)


  2. Start the bash shell (there will be a link after the installation)
    a. run 'cygpath -wp $PATH'
    b. look at the results -- there will be a couple of folders in the begging of the path that will look like "C:cygwinbin;C:cygwinusrlocalbin;..." simply all the paths that start with "C:cygwin" provided you installed your Cygwin into "C:Cygwin" directory.
    c. Add these paths to your system path
    d. Start a new instance of CMD. run 'ls' it should now work directly under windows shell.



  3. Extra credit.



    a. move the all the ".xxx" files that were created during the first launch of the shell in your C:cygwinhome<username> directory to you windows home directory (C:Users<username>).



    b. exit any bash shells you have running



    c. delete c:cygwinhome directory



    d. use windows mklink utility to create a link named home under cygwin pointing to C:Users (Administrator shell) 'mklink /J C:Cygwinhome C:Users'
    This will make your windows home directory the same as your cygwin home.




After that you follow the normal setup for ssh under Cygwin bash and you will be able to generate the keys and distribute them normally to servers.



NOTE: you will have to sever the propagation of credentials from windows to your <home>/.ssh folder (in the folder's security settings) leave just your user id. then set permissions on the folder and various key files underneath appropriately for SSH using 'chmod'.



Enjoy -- some days I have to squint to remember I'm on a windows box ...






share|improve this answer





















    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














     

    draft saved


    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f51949904%2finitial-setup-for-ssh-on-docker-compose%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    1
    down vote



    accepted










    Best practice is typically to not make outbound ssh connections from containers. If what you’re trying to add to your container is a binary or application code, manage your source control setup outside Docker and COPY the data into an image. If it’s data your application needs to run, again fetch it externally and use docker run -v to inject it into the container.



    As you say, managing this key material securely, and obeying ssh’s Unix permission requirements, is incredibly tricky. If I really didn’t have a choice but to do this I’d write an ENTRYPOINT script that copied the private key from a bind-mounted volume to my container user’s .ssh directory. But my first choice would be to redesign my application flow to not need this at all.






    share|improve this answer





















    • I am a Windows user. I used to use OSX before. OSX's shell is bash so you can use less cat and so on. However, On Windows Power Shell I need to learn the Power Shell command. So I try to use docker as daily works bash. But, it might not be good idea. I will install app like Cygwin or MingW
      – whitebear
      Aug 28 at 12:45

















    up vote
    1
    down vote



    accepted










    Best practice is typically to not make outbound ssh connections from containers. If what you’re trying to add to your container is a binary or application code, manage your source control setup outside Docker and COPY the data into an image. If it’s data your application needs to run, again fetch it externally and use docker run -v to inject it into the container.



    As you say, managing this key material securely, and obeying ssh’s Unix permission requirements, is incredibly tricky. If I really didn’t have a choice but to do this I’d write an ENTRYPOINT script that copied the private key from a bind-mounted volume to my container user’s .ssh directory. But my first choice would be to redesign my application flow to not need this at all.






    share|improve this answer





















    • I am a Windows user. I used to use OSX before. OSX's shell is bash so you can use less cat and so on. However, On Windows Power Shell I need to learn the Power Shell command. So I try to use docker as daily works bash. But, it might not be good idea. I will install app like Cygwin or MingW
      – whitebear
      Aug 28 at 12:45















    up vote
    1
    down vote



    accepted







    up vote
    1
    down vote



    accepted






    Best practice is typically to not make outbound ssh connections from containers. If what you’re trying to add to your container is a binary or application code, manage your source control setup outside Docker and COPY the data into an image. If it’s data your application needs to run, again fetch it externally and use docker run -v to inject it into the container.



    As you say, managing this key material securely, and obeying ssh’s Unix permission requirements, is incredibly tricky. If I really didn’t have a choice but to do this I’d write an ENTRYPOINT script that copied the private key from a bind-mounted volume to my container user’s .ssh directory. But my first choice would be to redesign my application flow to not need this at all.






    share|improve this answer












    Best practice is typically to not make outbound ssh connections from containers. If what you’re trying to add to your container is a binary or application code, manage your source control setup outside Docker and COPY the data into an image. If it’s data your application needs to run, again fetch it externally and use docker run -v to inject it into the container.



    As you say, managing this key material securely, and obeying ssh’s Unix permission requirements, is incredibly tricky. If I really didn’t have a choice but to do this I’d write an ENTRYPOINT script that copied the private key from a bind-mounted volume to my container user’s .ssh directory. But my first choice would be to redesign my application flow to not need this at all.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Aug 21 at 14:48









    David Maze

    7,8122820




    7,8122820












    • I am a Windows user. I used to use OSX before. OSX's shell is bash so you can use less cat and so on. However, On Windows Power Shell I need to learn the Power Shell command. So I try to use docker as daily works bash. But, it might not be good idea. I will install app like Cygwin or MingW
      – whitebear
      Aug 28 at 12:45




















    • I am a Windows user. I used to use OSX before. OSX's shell is bash so you can use less cat and so on. However, On Windows Power Shell I need to learn the Power Shell command. So I try to use docker as daily works bash. But, it might not be good idea. I will install app like Cygwin or MingW
      – whitebear
      Aug 28 at 12:45


















    I am a Windows user. I used to use OSX before. OSX's shell is bash so you can use less cat and so on. However, On Windows Power Shell I need to learn the Power Shell command. So I try to use docker as daily works bash. But, it might not be good idea. I will install app like Cygwin or MingW
    – whitebear
    Aug 28 at 12:45






    I am a Windows user. I used to use OSX before. OSX's shell is bash so you can use less cat and so on. However, On Windows Power Shell I need to learn the Power Shell command. So I try to use docker as daily works bash. But, it might not be good idea. I will install app like Cygwin or MingW
    – whitebear
    Aug 28 at 12:45














    up vote
    0
    down vote













    After reading the "I'm a windows user .." comment I'm thinking you are solving the wrong problem. You are looking for an easy (sane) shell access to your servers. The are are two simpler solutions.
    1. Windows Linux subsystem -- https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux. (not my choice)




    1. Cygwin -- http://www.cygwin.com -- for that comfy Linux feel to your cmd :-)


    How I install it.




    1. Download and install it (be careful to only pick the features beyond base that you need. (there is a LOT and most of it you will not need -- like the compilers and X). Make sure that SSH is selected. Don't worry you can rerun the setup as many times as you want (I do that occasionally to update what I use)


    2. Start the bash shell (there will be a link after the installation)
      a. run 'cygpath -wp $PATH'
      b. look at the results -- there will be a couple of folders in the begging of the path that will look like "C:cygwinbin;C:cygwinusrlocalbin;..." simply all the paths that start with "C:cygwin" provided you installed your Cygwin into "C:Cygwin" directory.
      c. Add these paths to your system path
      d. Start a new instance of CMD. run 'ls' it should now work directly under windows shell.



    3. Extra credit.



      a. move the all the ".xxx" files that were created during the first launch of the shell in your C:cygwinhome<username> directory to you windows home directory (C:Users<username>).



      b. exit any bash shells you have running



      c. delete c:cygwinhome directory



      d. use windows mklink utility to create a link named home under cygwin pointing to C:Users (Administrator shell) 'mklink /J C:Cygwinhome C:Users'
      This will make your windows home directory the same as your cygwin home.




    After that you follow the normal setup for ssh under Cygwin bash and you will be able to generate the keys and distribute them normally to servers.



    NOTE: you will have to sever the propagation of credentials from windows to your <home>/.ssh folder (in the folder's security settings) leave just your user id. then set permissions on the folder and various key files underneath appropriately for SSH using 'chmod'.



    Enjoy -- some days I have to squint to remember I'm on a windows box ...






    share|improve this answer

























      up vote
      0
      down vote













      After reading the "I'm a windows user .." comment I'm thinking you are solving the wrong problem. You are looking for an easy (sane) shell access to your servers. The are are two simpler solutions.
      1. Windows Linux subsystem -- https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux. (not my choice)




      1. Cygwin -- http://www.cygwin.com -- for that comfy Linux feel to your cmd :-)


      How I install it.




      1. Download and install it (be careful to only pick the features beyond base that you need. (there is a LOT and most of it you will not need -- like the compilers and X). Make sure that SSH is selected. Don't worry you can rerun the setup as many times as you want (I do that occasionally to update what I use)


      2. Start the bash shell (there will be a link after the installation)
        a. run 'cygpath -wp $PATH'
        b. look at the results -- there will be a couple of folders in the begging of the path that will look like "C:cygwinbin;C:cygwinusrlocalbin;..." simply all the paths that start with "C:cygwin" provided you installed your Cygwin into "C:Cygwin" directory.
        c. Add these paths to your system path
        d. Start a new instance of CMD. run 'ls' it should now work directly under windows shell.



      3. Extra credit.



        a. move the all the ".xxx" files that were created during the first launch of the shell in your C:cygwinhome<username> directory to you windows home directory (C:Users<username>).



        b. exit any bash shells you have running



        c. delete c:cygwinhome directory



        d. use windows mklink utility to create a link named home under cygwin pointing to C:Users (Administrator shell) 'mklink /J C:Cygwinhome C:Users'
        This will make your windows home directory the same as your cygwin home.




      After that you follow the normal setup for ssh under Cygwin bash and you will be able to generate the keys and distribute them normally to servers.



      NOTE: you will have to sever the propagation of credentials from windows to your <home>/.ssh folder (in the folder's security settings) leave just your user id. then set permissions on the folder and various key files underneath appropriately for SSH using 'chmod'.



      Enjoy -- some days I have to squint to remember I'm on a windows box ...






      share|improve this answer























        up vote
        0
        down vote










        up vote
        0
        down vote









        After reading the "I'm a windows user .." comment I'm thinking you are solving the wrong problem. You are looking for an easy (sane) shell access to your servers. The are are two simpler solutions.
        1. Windows Linux subsystem -- https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux. (not my choice)




        1. Cygwin -- http://www.cygwin.com -- for that comfy Linux feel to your cmd :-)


        How I install it.




        1. Download and install it (be careful to only pick the features beyond base that you need. (there is a LOT and most of it you will not need -- like the compilers and X). Make sure that SSH is selected. Don't worry you can rerun the setup as many times as you want (I do that occasionally to update what I use)


        2. Start the bash shell (there will be a link after the installation)
          a. run 'cygpath -wp $PATH'
          b. look at the results -- there will be a couple of folders in the begging of the path that will look like "C:cygwinbin;C:cygwinusrlocalbin;..." simply all the paths that start with "C:cygwin" provided you installed your Cygwin into "C:Cygwin" directory.
          c. Add these paths to your system path
          d. Start a new instance of CMD. run 'ls' it should now work directly under windows shell.



        3. Extra credit.



          a. move the all the ".xxx" files that were created during the first launch of the shell in your C:cygwinhome<username> directory to you windows home directory (C:Users<username>).



          b. exit any bash shells you have running



          c. delete c:cygwinhome directory



          d. use windows mklink utility to create a link named home under cygwin pointing to C:Users (Administrator shell) 'mklink /J C:Cygwinhome C:Users'
          This will make your windows home directory the same as your cygwin home.




        After that you follow the normal setup for ssh under Cygwin bash and you will be able to generate the keys and distribute them normally to servers.



        NOTE: you will have to sever the propagation of credentials from windows to your <home>/.ssh folder (in the folder's security settings) leave just your user id. then set permissions on the folder and various key files underneath appropriately for SSH using 'chmod'.



        Enjoy -- some days I have to squint to remember I'm on a windows box ...






        share|improve this answer












        After reading the "I'm a windows user .." comment I'm thinking you are solving the wrong problem. You are looking for an easy (sane) shell access to your servers. The are are two simpler solutions.
        1. Windows Linux subsystem -- https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux. (not my choice)




        1. Cygwin -- http://www.cygwin.com -- for that comfy Linux feel to your cmd :-)


        How I install it.




        1. Download and install it (be careful to only pick the features beyond base that you need. (there is a LOT and most of it you will not need -- like the compilers and X). Make sure that SSH is selected. Don't worry you can rerun the setup as many times as you want (I do that occasionally to update what I use)


        2. Start the bash shell (there will be a link after the installation)
          a. run 'cygpath -wp $PATH'
          b. look at the results -- there will be a couple of folders in the begging of the path that will look like "C:cygwinbin;C:cygwinusrlocalbin;..." simply all the paths that start with "C:cygwin" provided you installed your Cygwin into "C:Cygwin" directory.
          c. Add these paths to your system path
          d. Start a new instance of CMD. run 'ls' it should now work directly under windows shell.



        3. Extra credit.



          a. move the all the ".xxx" files that were created during the first launch of the shell in your C:cygwinhome<username> directory to you windows home directory (C:Users<username>).



          b. exit any bash shells you have running



          c. delete c:cygwinhome directory



          d. use windows mklink utility to create a link named home under cygwin pointing to C:Users (Administrator shell) 'mklink /J C:Cygwinhome C:Users'
          This will make your windows home directory the same as your cygwin home.




        After that you follow the normal setup for ssh under Cygwin bash and you will be able to generate the keys and distribute them normally to servers.



        NOTE: you will have to sever the propagation of credentials from windows to your <home>/.ssh folder (in the folder's security settings) leave just your user id. then set permissions on the folder and various key files underneath appropriately for SSH using 'chmod'.



        Enjoy -- some days I have to squint to remember I'm on a windows box ...







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 10 at 18:09









        nrapopor

        458147




        458147






























             

            draft saved


            draft discarded



















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f51949904%2finitial-setup-for-ssh-on-docker-compose%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Florida Star v. B. J. F.

            Danny Elfman

            Lugert, Oklahoma