How to forward 1Password SSH agent to docker container (MacOS)?

andrepereira
andrepereira
Community Member
edited June 2022 in SSH

Apparently there's a magic going on in Docker Desktop for MacOS to allow forwarding SSH_AUTH_SOCK to the docker container, as discussed here. I doubt this is possible but it wouldn't hurt to ask, is there a way to forward 1Password SSH agent to a docker container?

Command: docker run --mount "type=bind,src=$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock,target=/run/host-services/ssh-auth.sock" -e SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock --rm golang:latest ssh-add -l

Output: Error connecting to agent: Connection refused

Without docker works as expected:

export SSH_AUTH_SOCK="$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock,target=/run/host-services/ssh-auth.sock"
ssh-add -l

Output: 256 SHA256:... SSH Key (xxx) (ED25519)

1Password-cli version: 2.4.1


1Password Version: 8.7.1
Extension Version: 2.3.5
OS Version: macOS 12.1
Referrer: forum-search:Forward 1Password SSH agent to docker container (MacOS)

Comments

  • ronaldmiranda
    ronaldmiranda
    Community Member
    edited June 2022

    on linux that works perfectly, but i have this same issue on docker for mac, because it's different the way that bind mount is done between linux and macos machines.
    the only workaround (Extremely unsecure )that you could do is to use socat , you need to expose your ssh socket as tcp service and then inside your container use the socat again to consume that tcp socket and transform it to unix socket.

  • Hi @andrepereira, just a heads up that I've moved this discussion over from the CLI forum to the SSH forum. The 1Password SSH agent is independent of 1Password CLI. It is shipped with 1Password 8.

    I'll ask the SSH team to look at your question about running it in a docker container.

  • andrepereira
    andrepereira
    Community Member

    Thank you @simon_1P !

  • floris_1P
    edited June 2022

    @andrepereira Could you try if this works:

    export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
    docker run -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" alpine sh -c 'apk add openssh && ssh-add -l'
    
This discussion has been closed.