Build secrets and SSH forwarding in Docker 18.09

put temporary ssh key in docker to build

# this is our first build stage, it will not persist in the final image
FROM ubuntu as intermediate

# install git
RUN apt-get update
RUN apt-get install -y git

# add credentials on build
ARG SSH_PRIVATE_KEY
RUN mkdir /root/.ssh/
RUN echo "${SSH_PRIVATE_KEY}" > /root/.ssh/id_rsa

# make sure your domain is accepted
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan bitbucket.org >> /root/.ssh/known_hosts

RUN git clone git@bitbucket.org:your-user/your-repo.git

FROM ubuntu
# copy the repository form the previous image
COPY --from=intermediate /your-repo /srv/your-repo
# ... actually use the repo :)

The SSH_PRIVATE_KEY is passed when issuing the build command with --build-arg or in the build block of your docker-compose.yml file. As it is not used in the final image, the value will not be available using the history command. For a better overview of using variables when handling your Docker workflows, read this in-depth guide.

mtputty like

BG Go Further

Sécurisez les parties serveur et client d'OpenSSH sous Debian 8 avec la protection par UFW, l'authentification par échange de clé ED25519 ...

Mobile shell that supports roaming and intelligent local echo. Like SSH secure shell, but allows mobility and more responsive and robust.

ssh -n ServeurDistant -p PORT 'tar zcvf - toto.txt' | cat - > toto.tar.gz

cat .ssh/id_dsa.pub | ssh mlx@M1.foo.org "cat - >>.ssh/authorized_keys"

ne pas avoir de problèmes avec ssh dans une boucle : -n !