这个问题本质上听起来很简单,但我找不到安全和简单的解决方案。
问题如下,我有一个项目,我想从私有(private) git repos 中提取依赖项以构建运行时环境,然后删除 SSH key 和 SSH 密码。我不能跳过密码,因为它是由 git remote repos 强制执行的。
- 我努力推送 SSH 密码,所以 SSH 不会要求密码
- 我很难理解如何安全地做到这一点
我该怎么做的问题,这样该方法也将是安全的?
我在 Docker 中运行,并且有可能在其上安装任何开源软件。
最佳答案
与 buildkit启用:
The docker build has a --ssh option to allow the Docker Engine to forward SSH agent connections.
您可以ssh-add您的私钥到ssh-agent。
来自 ssh-add man 页面:
If any file requires a passphrase,
ssh-addasks for the passphrase from the user.
来自 ssh-agent man 页面:
The idea is that the agent is run in the user's local PC, laptop, or terminal. Authentication data need not be stored on any other machine, and authentication passphrases never go over the network. However, the connection to the agent is forwarded over SSH remote logins, and the user can thus use the privileges given by the identities anywhere in the network in a secure way.
The
ssh-agentwill never send a private key over its request channel. ...
文档中的示例 Dockerfile:
# syntax=docker/dockerfile:experimental
FROM alpine
# Install ssh client and git
RUN apk add --no-cache openssh-client git
# Download public key for github.com
RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
# Clone private repository
RUN --mount=type=ssh git clone git@github.com:myorg/myproject.git myproject
构建镜像:docker build --ssh default
关于git - 如何将ssh密码添加到Docker并在使用后将其删除?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64023920/