ssh key generation using dockerfile

I am using Docker for few of my projects, where one requirement is to generate ssh keys using Docker file, so that when the container builds it will generate a pair of rsa keys.I have seen some examples where key generation happens via .sh file and Dockerfile has the commond to run that .sh file. Is there a way we can do it directly in Dockerfile instead of .sh

Currently I am using following in Dockerfile to generate ssh key pair. But this gives me error saying “/bin/sh ssh-keygen not found”

  • Docker Volume not saving
  • Build Docker image in Jenkins (in Docker image) - Cloud docker agent
  • ecs-cli compose service up doesn't terminate
  • Installing ssh-keyscan on Alpine linux?
  • Unable to connect the client to the server using Docker COntainers
  • How to Access Windows Container from a Remote Host using Docker command line tool
  • RUN ssh-keygen -q -t rsa -N '' -f /home/docker/.ssh/id_rsa

    will be really very helpful if someone can provide a way to achieve the same.


  • Post a Json file to elasticsearch running on Docker, Kitematic on Windows 10
  • Why are all ports published by default with this Docker image
  • Docker volume, change file permissions/owner
  • How do I pass the host's IP address to my container in Docker
  • How to pull docker image from docker hub private registry into Azure Container Service (ACS)?
  • Compile .NET project in Docker using .csproj file
  • 2 Solutions collect form web for “ssh key generation using dockerfile”

    The problem is that ssh-keygen is not available in your container yet. This can be easily solved, for example by installing the openssl-client package on a ubuntu base image.

    The following Dockerfile does precisely that and places a key in the container’s root folder

    FROM ubuntu:latest
    RUN apt-get -y install openssh-client
    RUN ssh-keygen -q -t rsa -N '' -f /id_rsa

    My strong advice is not to place keys, certificates whatsoever into the container’s file system at all! This might lead to strong security risks, as essentially anyone who obtains the container image can authenticate himself at services the key is valid for; it forces you to handle container images with the same care you would treat cryptographic keys and certificates!

    Hence, it is advisable to keep the keys outside of the container. This can be easily achieved by using Docker VOLUMES; and you’d simply mount a volume holding keys/containers into the Docker container when launching it.

    The following Dockerfile does instead create the key once the container is started, and it may be used to create the key outside the container’s file system

    FROM ubuntu:latest
    RUN apt-get -y install openssh-client 
    CMD ssh-keygen -q -t rsa -N '' -f /keys/id_rsa

    First, build the container with the following command:

    docker build -t keygen-container .

    Starting the container using

    docker run -v /tmp/:/keys keygen-container

    will create a key on the host in /tmp.

    The answer is almost correct above but you need to apt-get update first. Maybe it was correct on the previous ubuntu image but did not work for me. Also, I remove any id_rsa files that could exist on localhost directory first.

    printf "FROM ubuntu:latest \nRUN apt-get update; apt-get -y install openssh-client \nCMD rm /keys/id_rsa*; ssh-keygen -q -t rsa -N '' -f /keys/id_rsa" > Dockerfile
    docker build -t keygen-container .
    docker run -v /tmp/:/keys keygen-container
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.