dockersshdocker-engine

Docker connect to remote daemon via ssh - Permission denied (publickey)


I have a problem with connecting to my remote(DigitalOcean) docker engine. What I've done is

  1. Made a droplet with Docker 19.03.12 on Ubuntu 20.04.
  2. Made a new user myuser and add to docker group on the remote host.
  3. Made a .ssh/authorized_keys for the new user it's home and set the permissions, owner etc.
  4. Restarted both ssh and docker services.

Result

  1. I can ssh from my Mac notebook to my remote host with myuser. (when I run ssh keychain asks for the passphrase for the id_rsa.key.)
  2. After I logged in to remote host via ssh I can run docker ps, docker info without any problem.

Problem

Before I make a new context for the remote engine, I tried to run some docker command from my local client on my Mac laptop. Interesting part for me is none of the commands below asks for the id_rsa passphrase)

  1. docker -H ssh://myuser@droplet_ip ps -> Error
  2. DOCKER_HOST=ssh://myuser@droplet_ip docker ps -> Error

Error

docker -H ssh://myuser@droplet_ip ps
error during connect: Get http://docker/v1.40/containers/json: command [ssh -l myuser -- droplet_ip docker system dial-stdio] has exited with exit status 255, please make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=myuser@droplet_ip: Permission denied (publickey).

What step I missed? How can I connect to a remote docker engine?


Solution

  • It sounds like Docker may not allow ssh to prompt for a key passphrase when connecting. The easiest solution is probably to load your key into an ssh-agent, so that Docker will be able to use the key without requesting a password.

    If you want to add your default key (~/.ssh/id_rsa) you can just run:

    ssh-add
    

    You can add specific keys by providing a path to the key:

    ssh-add ~/.ssh/id_rsa_special
    

    Most modern desktop environments run an ssh-agent process by default.