Share .ssh/config with your devcontainer

How to share your ~/.ssh/config with devcontainers

The purpose is to enable using git with your provider directly from the devcontainer.

The problem is when running on mac-OS you typically add UseKeychain yes to your config file. Which is a mac specific setting killing your ssh agent.

MacOS - first

Your ~/.ssh folder probably looks something like this:

❯ tree
.
├── config
├── hetzner_id_ed25519
├── hetzner_id_ed25519.pub
├── known_hosts
├── known_hosts.old
├── README.md
├── sukkerfrit.github
├── sukkerfrit.github.pub
└── test.sh

And the content of your config something like this:

Host tahh
    HostName github.com
    User git
    AddKeysToAgent yes
    IdentityFile ~/.ssh/sukkerfrit.github
    IdentitiesOnly yes
    ForwardAgent yes

Host hetzner-ktk-test
    HostName xx.xx.xx.xx
    User root
    AddKeysToAgent yes
    UseKeychain yes
    IdentityFile ~/.ssh/hetzner_id_ed25519

UseKeychain
Is a mac-OS specific SSH setting. We use it to save and fetch the SSH-key passphrase automatically.

BUT it doesn't work on Linux and will actually course an exception on load rendering using eg. git directly from your devcontainer impossible.

This image is just working on root which i normally never do. I use to create a container-user in my container - I guess I was just lazy today.

This is way I share my ~/.ssh/config with devcontainers.

1. Add host's ~/.ssh to docker as mount

My 'trick' is to just mount my host's .ssh folder as read only - but to eg. /root/.sshtemplate.

Then you don't end up editing your host's config.

devcontainer.json

{
  "name": "some-funkey-name",
  "dockerComposeFile": "docker-compose.yml",
  "service": "development",
  "workspaceFolder": "/xyz",
  "postCreateCommand": "./.devcontainer/post-container-install.sh",
  "mounts": [
    "source=${localEnv:HOME}/.ssh,target=/root/.sshtemplate,type=bind,readonly,consistency=cached"
  ],

Change the target if you work on a different user.

2. Copy from .sshtemplate -> .ssh

copy-ssh-files.sh

#!/usr/bin/env bash
set -u

if [ -d /root/.sshtemplate ]; then
  cp -rf /root/.sshtemplate/. ~/.ssh/
  chmod 700 ~/.ssh
  chmod 600 ~/.ssh/* 2>/dev/null || true
fi

3. Remove lines with `UseKeychain`

remove-usekeychain-lines.sh

#!/usr/bin/env bash
set -u

# Remove UseKeychain (case-insensitive) from a config file if it exists
if [ -f "$1" ]; then
  sed -i '/UseKeychain/I d' "$1"
  echo "UseKeychain removed from $1."
fi

4. Create post install file

post-container-install.sh

#!/usr/bin/env bash
...
"$SCRIPTS_DIR/copy-ssh-files.sh"
"$SCRIPTS_DIR/remove-usekeychain-lines.sh" ~/.ssh/config

Enjoy!

Share .ssh/config with your devcontainer

How to share your ~/.ssh/config with devcontainers

1. Add host's ~/.ssh to docker as mount

2. Copy from .sshtemplate -> .ssh

3. Remove lines with `UseKeychain`

4. Create post install file

Tags

Author

Stats

Published

You Might Also Like

macOS Still Has No Volume Mixer, So I Built One

Running a local coding agent on a Mac Mini — the actual setup

macOS Still Has No Volume Mixer, So I Built One

launchd's minimal PATH breaks MCP servers: uv command not found

why a simple string match beat apple's nlembedding for local rag

I built a macOS security tool that locks your secrets when you walk away

Share .ssh/config with your devcontainer

How to share your ~/.ssh/config with devcontainers

1. Add host's ~/.ssh to docker as mount

2. Copy from .sshtemplate -> .ssh

3. Remove lines with UseKeychain

4. Create post install file

Tags

Author

Stats

Published

You Might Also Like

macOS Still Has No Volume Mixer, So I Built One

Running a local coding agent on a Mac Mini — the actual setup

macOS Still Has No Volume Mixer, So I Built One

launchd's minimal PATH breaks MCP servers: uv command not found

why a simple string match beat apple's nlembedding for local rag

I built a macOS security tool that locks your secrets when you walk away

3. Remove lines with `UseKeychain`