[Feature Request] Using 1P SSH from inside a local Docker container

2»

Comments

  • girish
    girish
    Community Member

    Okey got to the bottom of it - It's my Docker container not using the right open-ssh

    @Jack.P_1P here is my host file FYI

    Host *
  IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
  ForwardAgent yes

    Steps I did to fix this:
    1. install openssh-server via Dockerfile

    FROM python
RUN apt-get update \ 
    && apt-get install -y --no-install-recommends build-essential openssh-server
    1. Open vscode via this method https://developer.1password.com/docs/ssh/agent/compatibility#ssh-auth-sock
    $ export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
$ open -a /Applications/Visual\ Studio\ Code.app
  • coolgoose
    coolgoose
    Community Member

    Seems there's something funky with both 1password and Docker.
    I can add the export SSH_AUTH_SOCK to my ~/.zshrc but I still need to open docker with open -a Docker in order to properly be able to forward the ssh keys.

  • floris_1P
    floris_1P

    @coolgoose That's because Docker for Mac is managed by launchd and will inherit the launchd environment rather than the zsh environment. So in other words: launchd needs to be aware of the socket, which requires an additional setup step, described here.

  • coolgoose
    coolgoose
    Community Member

    The problem is that If i specify SSH_AUTH_SOCK to the 1password one, the gcloud auth + docker helper don't work anymore :)

  • floris_1P
    floris_1P

    What issue are you then encountering with the glcoud Docker helper?

  • coolgoose
    coolgoose
    Community Member

    I can't pull any images from the internal registry. My best bet right now to have everything fully working is the following:

    Host *
    IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
    ForwardAgent yes
Host *
    IgnoreUnknown AddKeysToAgent,UseKeychain
    AddKeysToAgent yes
    UseKeychain yes
    IdentityFile ~/.ssh/id_rsa
  • tavlima
    tavlima
    Community Member

    The agent integration with Docker works fine for me (using the SSH_AUTH_SOCK volume and env var), but 1Password is not correctly prompting for unlocking.

    With ssh -vv I could see the keys were accepted by the server, but SSH timeout while waiting for the agent. That led me to 1Password logs, where I saw entries similar to this:

    INFO  2023-09-22T16:41:36.526 tokio-runtime-worker(ThreadId(3)) [1P:ssh/op-ssh-agent/src/lib.rs:538] Notifying user through tray icon that they have a background prompt waiting

    But I was seeing no unlock prompts... So I checked (clicked) the 1Password in the top menu bar and there I saw a message about the pending SSH authorization (don't recall exactly the message).

    After clicking that, the unlock prompt showed up and I authorized it, everything worked.

    Looks like a bug, to me: I shouldn't have to click the menu bar icon for that...

  • floris_1P
    floris_1P

    @tavlima Which OS are you on?

  • guin0x
    guin0x
    Community Member

    Hi all, I have followed this discussion entirely but I still am not able to reproduce or make this work.

    My host is Windows and the container is Linux. I'm not sure if anyone else here was trying in this set up? I see the majority of people are either from Mac -> Linux or Windows -> Windows... I'm not sure how can I mount the named pipe //./pipe/openssh-ssh-agent to the container in a way that makes sense...

This discussion has been closed.