Dockerfile: skip passphrase for private key
I’m using private keys for downloading my repository from Github in my Docker file. I have something like this:
RUN mkdir -p /root/.ssh && echo "$MY_PRIVATE_KEY" >/root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa && ssh-keyscan github.com >> /root/.ssh/known_hosts && cat /root/.ssh/known_hosts && ssh -vvv email@example.com && pip install git+ssh://firstname.lastname@example.orgemail@example.com && rm /root/.ssh/id_rsa
MY_PRIVATE_KEY is an argument. I’m not able to re-create this key.
My issue is that during connection process I’m getting the following error:
key_load_private_type: incorrect passphrase supplied to decrypt private key
Is it possible to skip passphrase somehow?
2 Solutions collect form web for “Dockerfile: skip passphrase for private key”
The passphrase is required to decrypt the key. You can’t “skip” it. You could remove the passphrase on the key using
ssh-keygen -p (see the man page for details).
You may want to investigate the use of a GitHub Deploy Key, which is a per-repository ssh key that grants read-only access to the repository. These are meant to solve exactly the situation you find yourself in: needing to automaticaly deploy software from a GitHub repository that requires authentication.
MY_PRIVATE_KEY seems to be passphrase-protected (a key with an empty passphrase is not the same as a non-encrypted key).
The key in
.ssh/id_rsa is normally not passphrase-protected, instead it is protected by permissions to allow only owner access (0600).
You can remove the passphrase from your key using OpenSSL like this:
set MY_PRIVATE_KEY = `echo $MY_PRIVATE_KEY | openssl rsa`
The contents of
id_rsa should look like:
-----BEGIN RSA PRIVATE KEY----- . . . -----END RSA PRIVATE KEY-----