How to forward 1Password SSH agent to docker container (MacOS)?
Apparently there's a magic going on in Docker Desktop for MacOS to allow forwarding SSH_AUTH_SOCK to the docker container, as discussed here. I doubt this is possible but it wouldn't hurt to ask, is there a way to forward 1Password SSH agent to a docker container?
Command: docker run --mount "type=bind,src=$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock,target=/run/host-services/ssh-auth.sock" -e SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock --rm golang:latest ssh-add -l
Output: Error connecting to agent: Connection refused
Without docker works as expected:
export SSH_AUTH_SOCK="$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock,target=/run/host-services/ssh-auth.sock"
ssh-add -l
Output: 256 SHA256:... SSH Key (xxx) (ED25519)
1Password-cli version: 2.4.1
1Password Version: 8.7.1
Extension Version: 2.3.5
OS Version: macOS 12.1
Referrer: forum-search:Forward 1Password SSH agent to docker container (MacOS)
Comments
-
on linux that works perfectly, but i have this same issue on docker for mac, because it's different the way that bind mount is done between linux and macos machines.
the only workaround (Extremely unsecure )that you could do is to use socat , you need to expose your ssh socket as tcp service and then inside your container use the socat again to consume that tcp socket and transform it to unix socket.0 -
Hi @andrepereira, just a heads up that I've moved this discussion over from the CLI forum to the SSH forum. The 1Password SSH agent is independent of 1Password CLI. It is shipped with 1Password 8.
I'll ask the SSH team to look at your question about running it in a docker container.
0 -
Thank you @simon_1P !
0 -
@andrepereira Could you try if this works:
export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock docker run -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" alpine sh -c 'apk add openssh && ssh-add -l'
0