SSH certificates not working anymore


Upgraded my Docker image to the 0.20.4 image, and suddenly my known_host mount doesn't seem to inject the Git SSH key into the container anymore. Did something change?

Command below:

docker run --restart=always --name nodered --user=1000 -dit -p 1880:1880 -v /srv/node-red:/data -v /home/user/.ssh/known_hosts:/usr/src/node-red/.ssh/known_hosts:ro -e TZ=America/New_York nodered/node-red-docker:latest

Edit: Also my keys ARE under the mounted volume, /srv/node-red/projects/.sshkeys



Hi - the latest image is 0.20.3 not .4.

What version did you upgrade from? Hard to say whether something has changed without knowing across what version range you are asking.

I have to admit I can't quite understand your question. Your docker command is mounting the individual file /home/user/.ssh/known_hosts into the container - not the whole directory of keys. So I'm not sure what you mean by it not injecting the Git SSH key into the container.



I was on the 0.19 branch, but not sure which build version.

The docker mount was necessary to pass in a known_hosts file specifically (if I remember right, otherwise it would reject the host). The keys themselves, as I said in my edit, were under the mounted "projects/.sshkeys" folder as a .pub public key, and matching private key.

I did look at the docs and saw this which I think is new: "If you have adminAuth enabled, the files are scoped to the current logged in user so they do not need to share credentials for the remote."



Given the topic is "known_hosts" not working anymore I assumed that is what you meant.

A bug was fixed yesterday that if you have adminAuth enabled and using projects it wasn't properly picking up the keys for the authenticated user.

0.20.4 will be released on Thursday.



Ah, sorry, I posted before reminding myself of the setup. Yeah once I read the documentation it seemed to be not picking up the certificates themselves. Will wait for that release.



Did this make it into 20.4 / 20.5? Im still not seeing my SSH keys again.



Yes, the fix was in 0.20.4.

Can you provide some more details to help understand what problem you are hitting?

What are the files names of the keys you have under /srv/node-red/projects/.sshkeys?

You've not confirmed whether or not you have adminAuth enabled - if you do, how is that configured? Is it with the built-in auth scheme or a custom one? What username do you use to log in?



Yes I use adminAuth, standard built in auth scheme. I use "admin" to login.

Have two files in /srv/node-red/projects/.sshkeys (which is mounted correctly into the container), owned by the use ID running the docker container:

__default_DiskStation -rw------ -rw-r--r--



If you login as the admin user then it won't list the keys for the __default user.

If you rename those files as admin_Diskstation... then the admin user will be allowed to use them



That did it, thank you!