SSH forwarding using WSL2 and VS code containers on Windows
Question
I have Ubuntu running under WSL2 on Windows. Inside Ubuntu I have cloned my repository, which is set up to run docker. When I run docker-compose up inside the project, it successfully starts, and I can open the container from VS code on Windows.
The issue arises when I try to use any git feature from inside VS code. I just get a permission denied (publickey) . If I open the terminal inside VS code (which is connected to the container), I get the same error when running git pull .
If I run docker-compose run web bash from the Ubuntu terminal, I can successfully run git pull . So the agent is forwarded to the container, it just doesn't work from VS Code.
Is there some setup I'm missing?
1 answers
solution1
0 2021-11-23 04:05:19
To get VS Code to forward your SSH keys from your WSL2 instance into a Docker conatiner running on the WSL2 backend, you need to tell WSL2 to create an ssh-agent at startup , and add your ssh key to the agent . When VS Code attaches to a container running on the WSL2 backend, it will automatically pick up the running ssh-agent, and allow you to authenticate with your WSL2 SSH keys inside your container.
For either of the methods, you will need socat installed in WSL2
sudo apt install socat
Method 1 - Manual Bash Script
To tell your WSL2 distro to start it's ssh-agent on boot, you will need to add these lines to your ~/.bash_profile or ~/.zprofile (for Zsh) so ssh-agent starts when WSL2 starts:
if [ -z "$SSH_AUTH_SOCK" ]; then
# Check for a currently running instance of the agent
RUNNING_AGENT="`ps -ax | grep 'ssh-agent -s' | grep -v grep | wc -l | tr -d '[:space:]'`"
if [ "$RUNNING_AGENT" = "0" ]; then
# Launch a new instance of the agent
ssh-agent -s &> $HOME/.ssh/ssh-agent
fi
eval `cat $HOME/.ssh/ssh-agent`
fi
# also add your key to this ssh-agent session
#
# When run without arguments, it adds the files ~/.ssh/id_rsa, ~/.ssh/id_dsa,
# ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, and ~/.ssh/id_ed25519_sk.
# Source: https://man.cx/ssh-add
ssh-add
# if you had to create ~/.bash_profile, these lines may also be needed
# to load your ~/.bashrc config
#
# test and run the .bashrc file if it exists (this is the default on Ubuntu for WSL2)
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
Method 2 - Keychain
Keychain basically does the same as above, but with one easy command. It is not installed by default so you will have to install it using your distro's package manager or from source.
sudo apt install keychain
Once keychain is installed, add the following to your ~/.bash_profile or ~/.zprofile :
# keychain will start the ssh agent and add the keys, or reuse the ssh agent
# if it is already running
eval `keychain --eval --agents ssh id_rsa`
# ...
You can also use keychain to set up your GPG keys, if any.
If ~/.bash profile did not already exist, (which it does not for a default install of Ubuntu on WSL2), then you will need to add the following lines to the end of your ~/.bash_profile so that ~/.bashrc is properly sourced when using bash.
# run the .bashrc file if it exists (this is the default on WSL2 if this does not already exist)
# these lines may already exist if .bash_profile already exists
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
References
https://code.visualstudio.com/docs/remote/containers#_using-ssh-keys
https://github.com/microsoft/vscode-remote-release/issues/2925#issuecomment-652558889
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.