SSH certificates not working anymore

#1

Upgraded my Docker image to the 0.20.4 image, and suddenly my known_host mount doesn't seem to inject the Git SSH key into the container anymore. Did something change?

Command below:

docker run --restart=always --name nodered --user=1000 -dit -p 1880:1880 -v /srv/node-red:/data -v /home/user/.ssh/known_hosts:/usr/src/node-red/.ssh/known_hosts:ro -e TZ=America/New_York nodered/node-red-docker:latest

Edit: Also my keys ARE under the mounted volume, /srv/node-red/projects/.sshkeys

0 Likes

#2

Hi - the latest image is 0.20.3 not .4.

What version did you upgrade from? Hard to say whether something has changed without knowing across what version range you are asking.

I have to admit I can't quite understand your question. Your docker command is mounting the individual file /home/user/.ssh/known_hosts into the container - not the whole directory of keys. So I'm not sure what you mean by it not injecting the Git SSH key into the container.

0 Likes

#3

I was on the 0.19 branch, but not sure which build version.

The docker mount was necessary to pass in a known_hosts file specifically (if I remember right, otherwise it would reject the host). The keys themselves, as I said in my edit, were under the mounted "projects/.sshkeys" folder as a .pub public key, and matching private key.

I did look at the docs and saw this which I think is new: "If you have adminAuth enabled, the files are scoped to the current logged in user so they do not need to share credentials for the remote."

0 Likes

#4

Given the topic is "known_hosts" not working anymore I assumed that is what you meant.

A bug was fixed yesterday that if you have adminAuth enabled and using projects it wasn't properly picking up the keys for the authenticated user.

0.20.4 will be released on Thursday.

0 Likes

#5

Ah, sorry, I posted before reminding myself of the setup. Yeah once I read the documentation it seemed to be not picking up the certificates themselves. Will wait for that release.

0 Likes

#6

Did this make it into 20.4 / 20.5? Im still not seeing my SSH keys again.

0 Likes

#7

Yes, the fix was in 0.20.4.

Can you provide some more details to help understand what problem you are hitting?

What are the files names of the keys you have under /srv/node-red/projects/.sshkeys?

You've not confirmed whether or not you have adminAuth enabled - if you do, how is that configured? Is it with the built-in auth scheme or a custom one? What username do you use to log in?

0 Likes

#8

Yes I use adminAuth, standard built in auth scheme. I use "admin" to login.

Have two files in /srv/node-red/projects/.sshkeys (which is mounted correctly into the container), owned by the use ID running the docker container:

__default_DiskStation -rw------
__default_DiskStation.pub -rw-r--r--

0 Likes

#9

If you login as the admin user then it won't list the keys for the __default user.

If you rename those files as admin_Diskstation... then the admin user will be allowed to use them

0 Likes

#10

That did it, thank you!

0 Likes