0

I'm running into a curious issue I've never seen before when setting up password-less SSH between docker nodes for a non-root user. To set the stage, here's what has worked: For root user on node 1:

ssh-keygen -t rsa ...
ssh-copy-id node2

I can now ssh from node1 -> node2 without password.

I use a different user (i.e. mark). I perform the same steps above, generating the keys & copying to node2 and still get the prompt. I turned on diagnostics (ssh -v node2) and got the following:

[mark@node1 ~]$ ssh -v node2
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to node2 [172.17.0.3] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
... more stuff
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Next authentication method: password
...

I find it odd, except in another post here (https://stackoverflow.com/questions/18136389/using-ssh-keys-inside-docker-container) one of the posters made the following comment: "Remember that docker runs with sudo (unless you don't), if this is the case you'll be using the root ssh keys." This caught my attention as I suspect that may be the essence of my problem.

Since I couldn't post a follow-up question there, I thought I'd reframe the question here. I can't find any details in the Docker documentation specifically on this but it does seem to influence the behavior of password-less ssh for non-root users.

I appreciate any clarity anyone can provide.

asked May 18, 2015 at 16:33
8
  • I should add that I can successfully do this from the host VM to node1. It seems to be some odd behavior of what the 'perceived' user is when issuing the ssh command. Even if I did 'ssh mark@node2), it still would result in the same attempt to use root's private key. Commented May 18, 2015 at 16:38
  • you could experiment with different values in authorized_keys in the destination system(ssh-copy-id appends public keys from the source system, to authorized_keys on the destination system). And experiment with specifying the private key with ssh -i /path/to/id_rsa Commented May 18, 2015 at 21:02
  • But it begs the question: If I'm logged in as user 'mark', why does it try to read /root/.ssh/id_rsa? It should be reading /home/mark/.ssh/id_rsa. Additionally, I've started with an empty authorized_keys file so as to be sure that only the one entry is there. Commented May 19, 2015 at 22:12
  • I don't know though I often try ssh from windows cygwin with just one user.. But how about when you experiment with ssh -i specifying mark's key? I agree it wouldn't answer your question, though it's worth trying anyway. Commented May 19, 2015 at 23:04
  • Worth trying ssh -i /home/mark/.ssh/id_rsa... (or whatever path it is) to see if it even allows you to use mark's key and whether it works when doing that. Also, (forgetting -i) see if there is a file ~/.ssh/config if so if it has anything in it. And see if there is a line IdentityFile ____ in /etc/ssh_config that might be specifying root's key. And as a test try renaming root's key see what it does then! Commented May 20, 2015 at 20:35

1 Answer 1

0

For troubleshooting / understanding what is going on, it's worth trying ssh -i /home/mark/.ssh/id_rsa... (or whatever path it is) to see if it even allows you to use mark's key and whether it works when doing that. And as a test try renaming root's key see what it does then!

Also, (forgetting -i) see if there is a file ~/.ssh/config if so if it has anything in it. And see if there is a line IdentityFile ____ in /etc/ssh_config that might be specifying root's key.

answered May 21, 2015 at 3:52

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.