i have windows as the host, working with devcontainer without wsl, created ssh key with custom name, let say id_github. and managed to set ssh-agent auto run, and can use git fetch with ssh key with no problem on the host,
this is my ~/.ssh/config
Host github.com
IdentityFile "~/.ssh/id_github"
ForwardAgent yes
but somehow my devcontainer not forwarding ssh automatically (the doc tells it will)
that is the 1st question, can i still make it forward ssh-agent automatically?
otherwise, this is my 2nd question:
i was looking for a workaround, my option is mounting .ssh directory to the container, im not using docker-compose, so in my devcontainer.json, i use mounts config, but want to mount it as read only, i cannot find any example,
i've tried:
"mounts": [
"source=~/.ssh,target=/home/vscode/.ssh,readonly,type=bind"
]
but it is not readonly, ls -lha ~/.ssh shows:
drwxr-sr-x 1 vscode vscode 4.0K Oct 15 10:13 ..
-rwxr-xr-x 1 vscode vscode 124 Oct 15 09:47 config
-rwxr-xr-x 1 vscode vscode 133 Oct 15 07:58 id_github
-rwxr-xr-x 1 vscode vscode 133 Oct 15 07:58 id_github.pub
-rwxr-xr-x 1 vscode vscode 828 Oct 14 10:18 known_hosts
-rwxr-xr-x 1 vscode vscode 92 Oct 14 10:16 known_hosts.old
and when i invoke it
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0755 for '/home/vscode/.ssh/id_github' are too open.
3rd question
i tried sudo chmod -R 600 ~/.ssh/, it will change permission on the host too, right?will it be any issue with it? if no, then i also tried to config the command into devcontainer.json file, like:
"postCreateCommand": {
"chmod-ssh": "sudo chmod -R 600 ~/.ssh/"
}
strangely, it is not affecting, althought the log show it was executed
can you guys help me? thanks
search for all documentation, still no luck,
The private key should only be read and writeable for the user. all others should have no access permission.
use
chmod 600 ~/.ssh/id_github
to set the correct permissions