visual-studio-code ssh-keys vscode-devcontainer git-credential-manager

Sharing ssh credentials with dev container in vscode

I have setup a VS Code dev container and I can run and debug my code inside. My ~/.gitconfig from my host system was correctly copied into the container. However, my ssh credentials don't seem to work (or are not available), neither are my gnupg signing files (~/.gnupg) available.

Must I manually copy these files ( ~/.ssh and ~/.gnupg) into the container?

The documentation cautions:

There are some cases when you may be cloning your repository using SSH keys instead of a credential helper. To enable this scenario, the extension will automatically forward your local SSH agent if one is running.

The only stated requirement is the SSH-agent server running on my host system, which it is:

C:\Windows\system32> Get-Service ssh-agent

Status   Name               DisplayName
------   ----               -----------
Running  ssh-agent          OpenSSH Authentication Agent

What is the correct way to make my SSH credentials available to my dev container?

Solution

There are a couple prerequisites.

You must have VS Code setting terminal.integrated.inheritEnv enabled.
You must have your ssh-agent ran at login.

VS Code supports your ssh settings via doing two things:

Copying in known_hosts from your ~/.ssh/known_hosts.
Finding your ssh-agent socket created when you logged into the system.

For me on macOS, the ssh-agent creates a file in a random location, e.g.:

SSH_AUTH_SOCK=/tmp/vscode-ssh-auth-1a6abf46-1c35-41bf-aedd-e08135a38f5f.sock

My login scripts performs two commands, in this example I ran them on the command line:

% eval `ssh-agent`
Agent pid 15376

% ssh-add
Identity added: /Users/risner/.ssh/id_rsa (/Users/risner/.ssh/id_rsa)

For Windows, this answer should help in setting up the agent:
How to run ssh-add on windows?

Once created, all your containers should pick it up without specific settings. Here is a test .devcontainer.json file:

{
  "build": {
    "dockerfile": "Dockerfile",
    "args": { "VARIANT": "hirsute" }
  },
  "forwardPorts": [3000]
}

For a M1 Mac, the hirsute variant picks up the native arm64.

My test Dockerfile is rather generic:

FROM mcr.microsoft.com/devcontainers/javascript-node:0-18
RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
    && apt-get -y install git

Once in the container, I verified the keys worked:

node ➜ /workspaces/MySSH (master) $ set|grep -i ssh
PWD=/workspaces/MySSH
REMOTE_CONTAINERS_SOCKETS='["/tmp/vscode-ssh-auth-1a6abf46-1c35-41bf-aedd-e08135a38f5f.sock","/tmp/.X11-unix/X0"]'
SSH_AUTH_SOCK=/tmp/vscode-ssh-auth-1a6abf46-1c35-41bf-aedd-e08135a38f5f.sock
node ➜ /workspaces/MySSH (master) $ ssh risner@my.example.com
Last login: Mon Mar  6 08:31:03 2023 from 172.59.80.11