Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH keys from host not configured in container due to apparent error in load-keys.sh #53

Open
thery-dh opened this issue Sep 15, 2023 · 2 comments
Open

SSH keys from host not configured in container due to apparent error in load-keys.sh #53

thery-dh opened this issue Sep 15, 2023 · 2 comments
Labels
bug Something isn't working

Comments

@thery-dh
Copy link

Issue summary
Upon building and starting new containers, ssh keys from the host located in ~/.ssh correctly get mounted under /user/.ssh however they are not configured in the container's ssh_config file by the script: load-keys.sh.
-> This means that ssh will by default look for keys under the wrong location.

Apparent cause
After some debugging I noticed that load-keys.sh expect to be run by the root user and only load keys owned by $LANDO_WEBROOT_USER, which by default is user.
However, mounted keys automatically get assigned ownership of the current user. This can be reproduced by running ls -la /user/.ssh as both user and root.
Example:
Result as root:

-rw-------  1 root root 1831 Aug 12 00:28 id_rsa
-rw-r--r--  1 root root  405 Aug 12 00:28 id_rsa.pub

Result as user:

-rw-------  1 user dialout 1831 Aug 12 00:28 id_rsa
-rw-r--r--  1 user dialout  405 Aug 12 00:28 id_rsa.pub

Fix suggestion
Replace the following line with
readarray -t RAW_LIST < <(find "$SSH_DIR" -maxdepth 1 -not -name '*.pub' -not -name 'known_hosts' -type f) to prevent a user check which seems pointless since the SSH_CANDIDATE will be assigned correct permissions and ownership further down the same script.

Happy to make a PR if that helps.

Current config for reference:

  • Host machine: MacBook Pro M2 - Ventura 13.5.1
  • Lando v3.18.0
  • Docker host: OrbStack - 0.17.1

Project specific config:

recipe: lagoon
config:
  flavor: laravel

Container: Alpine Linux v3.18
@thery-dh thery-dh added the bug Something isn't working label Sep 15, 2023
@thery-dh
Copy link
Author

Also noting a quick workaround for whoever is stuck on this until it gets fixed, list the key you want configured in your lando file under keys, for example:

keys:
  - id_rsa

@deviantintegral
Copy link

Your workaround above didn't work for me unfortunately. I noticed you're using orbstack, and I'm using colima. I tested with Docker Desktop and then the keys workaround did work (I have an id_ed25519 and only that one was added).

However, the permissions and user mappings are the same in docker desktop as orb, so I'm not fully sure what's going on here:

Docker Desktop:

-rw-------   1 www-data dialout   3434 Apr 17 17:28 id_rsa

Colima:

-rw-------   1 www-data www-data   3434 Apr 17 17:28 id_rsa

I expect this will be fixed if lando/lando#3388 is.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@deviantintegral @thery-dh