How to forward 1Password SSH agent to docker container (MacOS)?

andrepereiraandrepereira
Community Member
edited June 21 in SSH

Apparently there's a magic going on in Docker Desktop for MacOS to allow forwarding SSH_AUTH_SOCK to the docker container, as discussed here. I doubt this is possible but it wouldn't hurt to ask, is there a way to forward 1Password SSH agent to a docker container?

Command: docker run --mount "type=bind,src=$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock,target=/run/host-services/ssh-auth.sock" -e SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock --rm golang:latest ssh-add -l

Output: Error connecting to agent: Connection refused

Without docker works as expected:

export SSH_AUTH_SOCK="$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock,target=/run/host-services/ssh-auth.sock"
ssh-add -l

Output: 256 SHA256:... SSH Key (xxx) (ED25519)

1Password-cli version: 2.4.1


1Password Version: 8.7.1
Extension Version: 2.3.5
OS Version: macOS 12.1
Referrer: forum-search:Forward 1Password SSH agent to docker container (MacOS)

Comments

  • ronaldmirandaronaldmiranda
    Community Member
    edited June 19

    on linux that works perfectly, but i have this same issue on docker for mac, because it's different the way that bind mount is done between linux and macos machines.
    the only workaround (Extremely unsecure )that you could do is to use socat , you need to expose your ssh socket as tcp service and then inside your container use the socat again to consume that tcp socket and transform it to unix socket.

  • simon_1Psimon_1P

    Team Member

    Hi @andrepereira, just a heads up that I've moved this discussion over from the CLI forum to the SSH forum. The 1Password SSH agent is independent of 1Password CLI. It is shipped with 1Password 8.

    I'll ask the SSH team to look at your question about running it in a docker container.

  • andrepereiraandrepereira
    Community Member

    Thank you @simon_1P !

  • floris_1Pfloris_1P

    Team Member
    edited June 27

    @andrepereira Could you try if this works:

    export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
    docker run -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" alpine sh -c 'apk add openssh && ssh-add -l'
    

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file