ssh-forwarding is not working on colima version 0.3.2

[georgettica]

Issue

I have a container that needs the ssh-agent for managing connections, and I saw there are multiple issues that note that in 0.3.x it will be fixed.

how to test

$ cd $(mktemp -d)
$ cat <<EOF >Dockerfile
FROM fedora
RUN dnf install openssh-clients -y
EOF
$ docker build -t test .
...
$ source <( ssh-agent )
Agent pid XXX
$ colima start --ssh-agent
...
$ docker run --rm -it test
[] $ ssh-add -l
Could not open a connection to your authentication agent.

stuff about my machine

$ uname -a
Darwin MacBook-Pro 20.6.0 Darwin Kernel Version 20.6.0: XXX; root:xnu-XXX/RELEASE_X86_64 x86_64 i386 MacBookPro16,1 Darwin
$ colima version
colima version 0.3.2
git commit: 272db4732b90390232ed9bdba955877f46a50552

runtime: docker
arch: x86_64
client: v20.10.7
server: v20.10.11

related

#66
#64
#56

[abiosoft]

It is supported, though I agree the documentation is lacking a bit.

SSH Auth Sock

Colima must be started with --ssh-agent flag colima start --ssh-agent.
It can easily be verified by seeing an output after running colima ssh echo '$SSH_AUTH_SOCK'.

Docker Runtime

export SSH_AUTH_SOCK="$(colima ssh echo '$SSH_AUTH_SOCK')"
docker run -it -v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK -e SSH_AUTH_SOCK ubuntu
# the ssh-agent works now, you may need to install openssh-client and git

Containerd Runtime

Note: single quote is used to prevent the host shell from interpreting the variables.

nerdctl run -it -v '$SSH_AUTH_SOCK:$SSH_AUTH_SOCK' -e SSH_AUTH_SOCK='$SSH_AUTH_SOCK' ubuntu
# the ssh-agent works now, you may need to install openssh-client and git

[georgettica]

I'll try it and report back

[georgettica]

export SSH_AUTH_SOCK="$(colima ssh echo '$SSH_AUTH_SOCK')"
docker run -it -v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK -e SSH_AUTH_SOCK ubuntu

this works but I would not that then the ssh-add commands outside the container won't work (as they are using the SSH_AUTH_SOCK of the VM

but it can be closed ❤️

[ChaseOnTheWeb]

For anyone searching for this problem, I wanted to add that I never could get colima ssh echo '$SSH_AUTH_SOCK' to work from my shell. No matter what combination of quotes or backslashes I tried, I couldn't get the escaping right and would always get back either "$SSH_AUTH_SOCK" or the path to the host's $SSH_AUTH_SOCK. This is in colima 0.3.3, bash 3.2.57, macOS 11.6.4.

This is what I got to work for me:

COLIMA_SSH_AUTH_SOCK=$(colima ssh env | grep SSH_AUTH_SOCK | cut -d = -f 2)
docker run -it -v $COLIMA_SSH_AUTH_SOCK:$COLIMA_SSH_AUTH_SOCK -e SSH_AUTH_SOCK=$COLIMA_SSH_AUTH_SOCK alpine

[ghost]

COLIMA_SSH_AUTH_SOCK=$(colima ssh env | grep SSH_AUTH_SOCK | cut -d = -f 2)

I got it working with $(colima ssh eval 'echo $SSH_AUTH_SOCK'), which is a tiny bit safer as grep can potentially match multiple lines.