Use it in a docker compose file

[sp90]

Hey kingsquare nice tool,

I would love to have this working in docker-compose have you tested it out:

right now i have the following config:

dbtunnel:
  container_name: dbtunnel
  image: tunnel (my own build of your container)
  volumes: 
    - $SSH_AUTH_SOCK:/ssh-agent
  command: 0.0.0.0:9200:192.168.3.10:9200 -L 0.0.0.0:15432:192.168.3.16:5432 -L 0.0.0.0:25432:192.168.3.19:5432 -L 0.0.0.0:6379:192.168.3.16:6379 -vvvv user@example.com

[fruitl00p]

I would expect docker-compose to work the same way docker run would. Are you running into specific errors ? (remember to have the actual $SSH_AUTH_SOCK available on the host via the ssh-agent...)

[sp90]

Its because it cant prompt me and ask for the password when its running all the containers in the same view

[fruitl00p]

@sp90 but if you start the ssh-agent beforehand:

# start the ssh-agent in the background
eval "$(ssh-agent -s)"
Agent pid 59566

then the agent would already have your keys loaded?

[saranrapjs]

@sp90 which version of Docker/docker-compose are you using, and on what host?

[sp90]

Docker mac: Version 1.11.1-beta12 (build: 7528)
Docker-compose: version 1.7.1, (build: 0a9ab35)

[saranrapjs]

So @sp90 I just (recently) ran into the same issue with the Docker for Mac beta build, trying to get this to work. After digging a bit, I'm pretty sure this is just a current limitation of the Docker for Mac beta. Per their help documentation:

File types
Symlinks, hardlinks, socket files, named pipes, regular files, and directories are supported. Socket files and named pipes only transmit between containers and between OS X processes -- no transmission across the hypervisor is supported, yet.

Because the ssh agent on a mac is a socket, it sounds like this isn't (yet) capable of being correctly mounted into the container w/ Docker for Mac.

[sp90]

ahh makes sense 👍

[kevin-cantwell]

Just to follow up on this. Using Docker for Mac, mounting ~/.ssh as a volume seems to work perfectly well:

docker run --rm -it -v $HOME/.ssh:/root/.ssh -p:[host_port]:[container_port] kingsquare/tunnel *:[container_port]:[destination_address]:[destination_port] [user]@[gateway_address]

[sp90]

@kevin-cantwell and i agree, i've gotten it to worker later 👍

[fruitl00p]

Cool. Should i add it somewhere in the docs for clearity?

[sp90]

@fruitl00p maybe just a link to this issue, and a little text explaining that updating docker for mac solves the problem?

[fruitl00p]

👍 see the commit 0018e20

[vce-xx]

This docker-tunnel is nicely done.

I could pass my key as an argument and it worked like a sharm. However, I couldn't get it to work with the ssh-agent with Docker for Mac and I am quite puzzled by the Mac support note in the readme (pointing to this thread) and which I interpreted as "now it should be working".

According to @saranrapjs the ssh agent on a mac is a socket and cannot be correctly mounted with Docker for Mac.

This is confirmed by those Docker for Mac issues $SSH_AUTH_SOCK is not being forwarded to docker and Support for sharing unix sockets #483 this is indeed a Docker for Mac limitation. As of today, both issues (open is Aug 2016) are still Open.

According to @kevin-cantwell : "Just to follow up on this. Using Docker for Mac, mounting ~/.ssh as a volume seems to work perfectly well"

Mounting ~/.ssh wasn't enough to have the ssh-agent authentication work for me with Docker for Mac Version 18.03.0-ce-mac58.

What would be the actual status about making docker-tunnel work with SSH_AUTH_SOCK and the current versions of Docker for Mac ?

[fruitl00p]

@vce-xx i'm not a mac user and have particular other issues with docker on mac's through a collegue of mine... Thus I wont be able to assist here... Will ping some docker/mac users to see how they do it

[vce-xx]

@fruitl00p I could work around the Docker for Mac limitation with docker-ssh-agent-forward. docker-tunnel works perfectly on my Mac now. Thanks.

[fruitl00p]

@vce-xx Awesome! I'll leave this open and await the pings from mac users in my vicinity :)