今晚我已经阅读了很多关于同一件事的问题,但如果任何解决方案真的有效,我会被诅咒的。
简而言之,我需要将托管在 GitHub 上的私有(private) Git 存储库克隆到我的 docker 镜像中。
这是我目前在 Dockerfile 中的内容:
FROM debian:wheezy
ENV DEBIAN_FRONTEND noninteractive
# Update aptitude with new repo
RUN apt-get update
# Install software
RUN apt-get install -y \
# All of my packages here...
# Make ssh dir
RUN mkdir /root/.ssh/
# Copy over private key, and set permissions
ADD ssh/id_rsa /root/.ssh/id_rsa
RUN chmod 700 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
# Add GithHubs key
RUN ssh-keyscan -T 60 github.com >> /root/.ssh/known_hosts
# Create the Development directory and then move into the directory.
RUN mkdir -p /var/www/dev
WORKDIR /var/www/dev
# Start-up Git and pull in the Dev branch.
RUN ssh -v git@github.com
#RUN git init
#RUN git remote add origin git@github.com:<my_git_repo>
#RUN git fetch
#RUN git checkout -t origin/dev
#RUN git clone git@github.com:<my_git_repo>
ssh -v给了我以下调试日志:OpenSSH_6.0p1 Debian-4+deb7u4, OpenSSL 1.0.1e 11 Feb 2013
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to github.com [192.30.252.131] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version libssh-0.7.0
debug1: no match: libssh-0.7.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
Warning: Permanently added the RSA host key for IP address '192.30.252.131' to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
我尝试了将 StrictHostChecking 设置为 no 的选项。我在 SSH 目录下尝试了一个单独的配置文件来指定主机、端口、身份文件(作为私钥,而不是公钥)。
我在这里想念什么?创建的 VM 上的 key 与我在本地计算机上的 key 完全相同。
最佳答案
使用 GitHub 个人访问 token 而不是 ssh key 可能会更好。
https://help.github.com/articles/creating-an-access-token-for-command-line-use/
这消除了您将 ssh key 烘焙到镜像中的需要,这样更安全,并且它允许通过 https 进行克隆,这应该会简化您的 dockerfile。如果您需要撤销 token ,可以从他们的网站上轻松完成,而且您无需到处更换您的个人 ssh key 。
如果您查看了此选项,但无法使用此选项,请告诉我,我可以帮助您找出 ssh key 问题。
关于git - Docker + SSH + Git 克隆问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36931423/