ssh key generation using dockerfile

I am using Docker for few of my projects, where one requirement is to generate ssh keys using Docker file, so that when the container builds it will generate a pair of rsa keys.I have seen some examples where key generation happens via .sh file and Dockerfile has the commond to run that .sh file. Is there a way we can do it directly in Dockerfile instead of .sh

Currently I am using following in Dockerfile to generate ssh key pair. But this gives me error saying “/bin/sh ssh-keygen not found”

  • docker image running a mac osx installation
  • Building an Android project from the command line with Docker
  • start apache in start container in windows docker-compose system
  • Changing default subnet for docker custom networks
  • nginx ipv6 communication with docker containers
  • Why PHP-FPM prefixes a warning when writing to stdout?
  • RUN ssh-keygen -q -t rsa -N '' -f /home/docker/.ssh/id_rsa

    will be really very helpful if someone can provide a way to achieve the same.


  • Node and docker - how to handle babel or typescript build?
  • Dockerhub automated build: BitBucket repository with private submodules
  • Difference between Resident Set Size (RSS) and Java total committed memory (NMT) for a JVM running in Docker container
  • How to push a docker image with README file to docker hub?
  • Error run scrapy after install docker
  • Connect to a docker host that is managed by dockercloud-agent
  • 2 Solutions collect form web for “ssh key generation using dockerfile”

    The problem is that ssh-keygen is not available in your container yet. This can be easily solved, for example by installing the openssl-client package on a ubuntu base image.

    The following Dockerfile does precisely that and places a key in the container’s root folder

    FROM ubuntu:latest
    RUN apt-get -y install openssh-client
    RUN ssh-keygen -q -t rsa -N '' -f /id_rsa

    My strong advice is not to place keys, certificates whatsoever into the container’s file system at all! This might lead to strong security risks, as essentially anyone who obtains the container image can authenticate himself at services the key is valid for; it forces you to handle container images with the same care you would treat cryptographic keys and certificates!

    Hence, it is advisable to keep the keys outside of the container. This can be easily achieved by using Docker VOLUMES; and you’d simply mount a volume holding keys/containers into the Docker container when launching it.

    The following Dockerfile does instead create the key once the container is started, and it may be used to create the key outside the container’s file system

    FROM ubuntu:latest
    RUN apt-get -y install openssh-client 
    CMD ssh-keygen -q -t rsa -N '' -f /keys/id_rsa

    First, build the container with the following command:

    docker build -t keygen-container .

    Starting the container using

    docker run -v /tmp/:/keys keygen-container

    will create a key on the host in /tmp.

    The answer is almost correct above but you need to apt-get update first. Maybe it was correct on the previous ubuntu image but did not work for me. Also, I remove any id_rsa files that could exist on localhost directory first.

    printf "FROM ubuntu:latest \nRUN apt-get update; apt-get -y install openssh-client \nCMD rm /keys/id_rsa*; ssh-keygen -q -t rsa -N '' -f /keys/id_rsa" > Dockerfile
    docker build -t keygen-container .
    docker run -v /tmp/:/keys keygen-container
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.