ssh key generation using dockerfile
I am using Docker for few of my projects, where one requirement is to generate ssh keys using Docker file, so that when the container builds it will generate a pair of rsa keys.I have seen some examples where key generation happens via .sh file and Dockerfile has the commond to run that .sh file. Is there a way we can do it directly in Dockerfile instead of .sh
Currently I am using following in Dockerfile to generate ssh key pair. But this gives me error saying “/bin/sh ssh-keygen not found”
RUN ssh-keygen -q -t rsa -N '' -f /home/docker/.ssh/id_rsa
will be really very helpful if someone can provide a way to achieve the same.
2 Solutions collect form web for “ssh key generation using dockerfile”
The problem is that ssh-keygen is not available in your container yet. This can be easily solved, for example by installing the openssl-client package on a ubuntu base image.
The following Dockerfile does precisely that and places a key in the container’s root folder
FROM ubuntu:latest RUN apt-get -y install openssh-client RUN ssh-keygen -q -t rsa -N '' -f /id_rsa
BUT READ THIS:
My strong advice is not to place keys, certificates whatsoever into the container’s file system at all! This might lead to strong security risks, as essentially anyone who obtains the container image can authenticate himself at services the key is valid for; it forces you to handle container images with the same care you would treat cryptographic keys and certificates!
Hence, it is advisable to keep the keys outside of the container. This can be easily achieved by using Docker VOLUMES; and you’d simply mount a volume holding keys/containers into the Docker container when launching it.
CREATING KEYS OUTSIDE THE CONTAINER
The following Dockerfile does instead create the key once the container is started, and it may be used to create the key outside the container’s file system
FROM ubuntu:latest RUN apt-get -y install openssh-client CMD ssh-keygen -q -t rsa -N '' -f /keys/id_rsa
First, build the container with the following command:
docker build -t keygen-container .
Starting the container using
docker run -v /tmp/:/keys keygen-container
will create a key on the host in /tmp.
The answer is almost correct above but you need to apt-get update first. Maybe it was correct on the previous ubuntu image but did not work for me. Also, I remove any id_rsa files that could exist on localhost directory first.
printf "FROM ubuntu:latest \nRUN apt-get update; apt-get -y install openssh-client \nCMD rm /keys/id_rsa*; ssh-keygen -q -t rsa -N '' -f /keys/id_rsa" > Dockerfile docker build -t keygen-container . docker run -v /tmp/:/keys keygen-container