ssh key generation using dockerfile

I am using Docker for few of my projects, where one requirement is to generate ssh keys using Docker file, so that when the container builds it will generate a pair of rsa keys.I have seen some examples where key generation happens via .sh file and Dockerfile has the commond to run that .sh file. Is there a way we can do it directly in Dockerfile instead of .sh

Currently I am using following in Dockerfile to generate ssh key pair. But this gives me error saying “/bin/sh ssh-keygen not found”

  • sha256sum error while building nvidia-docker on ppc64le
  • docker container hanging when run dotnet new
  • docker - installing java 8 with curl
  • Docker driver for Openstack
  • Detach from docker run from script without killing container
  • “python install” does not work from Dockerfile but i can go in the container and do the same..any pointers?
  • RUN ssh-keygen -q -t rsa -N '' -f /home/docker/.ssh/id_rsa

    will be really very helpful if someone can provide a way to achieve the same.


  • Automatic build with Add from URL
  • Ubuntu: Cronjob for renew cerbot certificates
  • openwhisk postdeploy fails on single node ubuntu virtual machine
  • pthread_create failed: Resource temporarily unavailable on MongoDB
  • Docker says: No connection could be made because the target machine actively refused it
  • Boot2docker very slow on Windows without shared folders
  • 2 Solutions collect form web for “ssh key generation using dockerfile”

    The problem is that ssh-keygen is not available in your container yet. This can be easily solved, for example by installing the openssl-client package on a ubuntu base image.

    The following Dockerfile does precisely that and places a key in the container’s root folder

    FROM ubuntu:latest
    RUN apt-get -y install openssh-client
    RUN ssh-keygen -q -t rsa -N '' -f /id_rsa

    My strong advice is not to place keys, certificates whatsoever into the container’s file system at all! This might lead to strong security risks, as essentially anyone who obtains the container image can authenticate himself at services the key is valid for; it forces you to handle container images with the same care you would treat cryptographic keys and certificates!

    Hence, it is advisable to keep the keys outside of the container. This can be easily achieved by using Docker VOLUMES; and you’d simply mount a volume holding keys/containers into the Docker container when launching it.

    The following Dockerfile does instead create the key once the container is started, and it may be used to create the key outside the container’s file system

    FROM ubuntu:latest
    RUN apt-get -y install openssh-client 
    CMD ssh-keygen -q -t rsa -N '' -f /keys/id_rsa

    First, build the container with the following command:

    docker build -t keygen-container .

    Starting the container using

    docker run -v /tmp/:/keys keygen-container

    will create a key on the host in /tmp.

    The answer is almost correct above but you need to apt-get update first. Maybe it was correct on the previous ubuntu image but did not work for me. Also, I remove any id_rsa files that could exist on localhost directory first.

    printf "FROM ubuntu:latest \nRUN apt-get update; apt-get -y install openssh-client \nCMD rm /keys/id_rsa*; ssh-keygen -q -t rsa -N '' -f /keys/id_rsa" > Dockerfile
    docker build -t keygen-container .
    docker run -v /tmp/:/keys keygen-container
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.