今晚我已经阅读了很多关于同一件事的问题,但如果任何解决方案真的有效,我会被诅咒的。
简而言之,我需要将托管在 GitHub 上的私有(private) Git 存储库克隆到我的 docker 镜像中。
这是我目前在 Dockerfile 中的内容:
FROM debian:wheezy
ENV DEBIAN_FRONTEND noninteractive
# Update aptitude with new repo
RUN apt-get update
# Install software
RUN apt-get install -y \
# All of my packages here...
# Make ssh dir
RUN mkdir /root/.ssh/
# Copy over private key, and set permissions
ADD ssh/id_rsa /root/.ssh/id_rsa
RUN chmod 700 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
# Add GithHubs key
RUN ssh-keyscan -T 60 github.com >> /root/.ssh/known_hosts
# Create the Development directory and then move into the directory.
RUN mkdir -p /var/www/dev
WORKDIR /var/www/dev
# Start-up Git and pull in the Dev branch.
RUN ssh -v git@github.com
#RUN git init
#RUN git remote add origin git@github.com:<my_git_repo>
#RUN git fetch
#RUN git checkout -t origin/dev
#RUN git clone git@github.com:<my_git_repo>
ssh -v给了我以下调试日志:
OpenSSH_6.0p1 Debian-4+deb7u4, OpenSSL 1.0.1e 11 Feb 2013
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to github.com [192.30.252.131] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version libssh-0.7.0
debug1: no match: libssh-0.7.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
Warning: Permanently added the RSA host key for IP address '192.30.252.131' to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
我尝试了将 StrictHostChecking 设置为 no 的选项。我在 SSH 目录下尝试了一个单独的配置文件来指定主机、端口、身份文件(作为私钥,而不是公钥)。
我在这里想念什么?创建的 VM 上的 key 与我在本地计算机上的 key 完全相同。
请您参考如下方法:
使用 GitHub 个人访问 token 而不是 ssh key 可能会更好。
https://help.github.com/articles/creating-an-access-token-for-command-line-use/
这消除了您将 ssh key 烘焙到镜像中的需要,这样更安全,并且它允许通过 https 进行克隆,这应该会简化您的 dockerfile。如果您需要撤销 token ,可以从他们的网站上轻松完成,而且您无需到处更换您的个人 ssh key 。
如果您查看了此选项,但无法使用此选项,请告诉我,我可以帮助您找出 ssh key 问题。
