initial import

avsm · avsm · commit 18f48b379ac5 · 2016-03-22T16:20:11.000Z
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,12 @@
+FROM alpine
+MAINTAINER Anil Madhavapeddy <anil@recoil.org>
+RUN apk update && apk add openssh && \
+    apk add --update --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ tini
+RUN mkdir /root/.ssh && \
+    chmod 700 /root/.ssh && \
+    ssh-keygen -A
+COPY ssh-find-agent.sh /root/ssh-find-agent.sh
+EXPOSE 22
+VOLUME ["/root/.ssh/authorized_keys"]
+ENTRYPOINT ["/usr/bin/tini","--"]
+CMD ["/usr/sbin/sshd","-D"]
diff --git a/Makefile b/Makefile
@@ -0,0 +1,17 @@
+all:
+	./pinata-build-sshd.sh
+	@echo Please run "make install"
+
+PREFIX ?= /usr/local
+BINDIR ?= $(PREFIX)/bin
+
+install:
+	@if [ ! -d "$(PREFIX)" ]; then echo Error: need a $(PREFIX) directory; exit 1; fi
+	@mkdir -p $(PREFIX)/share/pinata-ssh-agent
+	cp Dockerfile $(PREFIX)/share/pinata-ssh-agent
+	cp ssh-build.sh $(PREFIX)/share/pinata-ssh-agent/ssh-build
+	cp ssh-find-agent.sh $(PREFIX)/share/pinata-ssh-agent/ssh-find-agent.sh
+	@mkdir -p $(BINDIR)
+	cp pinata-build-sshd.sh $(BINDIR)/pinata-build-sshd
+	cp pinata-ssh-forward.sh $(BINDIR)/pinata-ssh-forward
+	cp pinata-ssh-mount.sh $(BINDIR)/pinata-ssh-mount
diff --git a/README.md b/README.md
@@ -0,0 +1,3 @@
+Forward SSH agent socket into a container
+
+Still experimental -- contact anil@recoil.org if you want help.
diff --git a/pinata-build-sshd.sh b/pinata-build-sshd.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+cd /usr/local/share/pinata-ssh-agent
+docker build -t pinata-sshd .
diff --git a/pinata-ssh-forward.sh b/pinata-ssh-forward.sh
@@ -0,0 +1,29 @@
+#!/bin/sh -e
+
+IMAGE_NAME=pinata-sshd
+CONTAINER_NAME=pinata-sshd
+LOCAL_STATE=~/.pinata-sshd
+LOCAL_PORT=2244
+
+docker rm -f ${CONTAINER_NAME} >/dev/null 2>&1 || true
+rm -rf ${LOCAL_STATE}
+mkdir -p ${LOCAL_STATE}
+
+docker run --name ${CONTAINER_NAME} \
+  -v ~/.ssh/id_rsa.pub:/root/.ssh/authorized_keys \
+  -v ${LOCAL_STATE}:/tmp \
+  -d -p ${LOCAL_PORT}:22 ${IMAGE_NAME} > /dev/null
+
+IP=`docker inspect --format '{{(index (index .NetworkSettings.Ports "22/tcp") 0).HostIp }}' ${CONTAINER_NAME}`
+ssh-keyscan -p ${LOCAL_PORT} ${IP} > ${LOCAL_STATE}/known_hosts 2>/dev/null
+
+ssh -f -o "UserKnownHostsFile=${LOCAL_STATE}/known_hosts" \
+  -A -p ${LOCAL_PORT} root@${IP} \
+  /root/ssh-find-agent.sh
+
+echo 'Agent forwarding successfully started.'
+echo 'Run "pinata-ssh-mount" to get a command-line fragment that'
+echo 'can be added to "docker run" to mount the SSH agent socket.'
+echo ""
+echo 'For example:'
+echo 'docker run -it `pinata-ssh-mount` ocaml/opam ssh git@github.com'
diff --git a/pinata-ssh-mount.sh b/pinata-ssh-mount.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+LOCAL_STATE=~/.pinata-sshd
+AGENT=`cat ${LOCAL_STATE}/agent_socket_path | sed -e 's,/tmp/,,g'`
+echo "-v ${LOCAL_STATE}/$AGENT:/tmp/ssh-agent.sock --env SSH_AUTH_SOCK=/tmp/ssh-agent.sock"
diff --git a/ssh-build.sh b/ssh-build.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+IMAGE_NAME=pinata-sshd
+
+docker build -q -t ${IMAGE_NAME} .
diff --git a/ssh-find-agent.sh b/ssh-find-agent.sh
@@ -0,0 +1,9 @@
+#!/bin/sh -e
+# Log the location of the SSH agent to a file
+
+finish() {
+ rm -f /tmp/agent_socket_path
+}
+trap finish EXIT
+echo $SSH_AUTH_SOCK > /tmp/agent_socket_path
+tail -f /dev/null

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Forward SSH agent socket into a container`
	`2`	`+`
	`3`	`+Still experimental -- contact [email protected] if you want help.`