Expose coder user SSH key to envbuilder

Hello, I'm new to coder and I've setup a template to use devcontainer in kubernetes heavily based on the template example. The repo URL I pass is SSH based, and the coder user's SSH key as been added to my git provider's security settings. Since envbuilder expects a path to a file or an ssh agent socket, how can I expose the SSH key from the coder user to it in order to successfully clone the repository?
5 Replies
Codercord
Codercord5mo ago
<#1271267669622132777>
Category
Help needed
Product
Coder OSS (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
wizrds
wizrdsOP5mo ago
I've attempted to add the user's ssh private key to a k8s secret, then mount that file in the envbuilder deployment and set the env var ENVBUILDER_GIT_SSH_KEY_PATH. However I get some errors, and it apparently still doesn't find it:
2024-08-09 02:43:23.443 [warn] Sending logs via AgentAPI v2 coder_version=v2.14.0+a0411a3
envbuilder v1.0.0-rc.5+618ea11 - Build development environments from repositories in a container
#1: 🔑 Using SSH authentication!
#1: 🔑 No SSH key found, falling back to agent!
#1: ❌ Failed to connect to SSH agent: error creating SSH agent: "SSH agent requested but SSH_AUTH_SOCK not-specified"
#1: 📦 Cloning [email protected]/gitrepo.git to /workspaces/gitrepo...
Failed to clone repository: clone "[email protected]:group/gitrepo.git": error creating SSH agent: "SSH agent requested but SSH_AUTH_SOCK not-specified"
Falling back to the default image...
Failed to locate devcontainer.json: open /workspaces/gitrepo/.devcontainer: no such file or directory
Falling back to the default image...
error: temp remount: temp remount: bind mount /.ssh/id_rsa => /.envbuilder/mnt/.ssh/id_rsa: permission denied
2024-08-09 02:43:23.443 [warn] Sending logs via AgentAPI v2 coder_version=v2.14.0+a0411a3
envbuilder v1.0.0-rc.5+618ea11 - Build development environments from repositories in a container
#1: 🔑 Using SSH authentication!
#1: 🔑 No SSH key found, falling back to agent!
#1: ❌ Failed to connect to SSH agent: error creating SSH agent: "SSH agent requested but SSH_AUTH_SOCK not-specified"
#1: 📦 Cloning [email protected]/gitrepo.git to /workspaces/gitrepo...
Failed to clone repository: clone "[email protected]:group/gitrepo.git": error creating SSH agent: "SSH agent requested but SSH_AUTH_SOCK not-specified"
Falling back to the default image...
Failed to locate devcontainer.json: open /workspaces/gitrepo/.devcontainer: no such file or directory
Falling back to the default image...
error: temp remount: temp remount: bind mount /.ssh/id_rsa => /.envbuilder/mnt/.ssh/id_rsa: permission denied
What am I doing wrong? It turns out the documentation for envbuilder is incorrect, and mentions the env var being ENVBUILDER_GIT_SSH_KEY_PATH, when instead it expects ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH. When changing to that variable it correctly finds the key, but still is unable to clone the repository:
2024-08-09 02:58:42.606 [warn] Sending logs via AgentAPI v2 coder_version=v2.14.0+a0411a3
envbuilder v1.0.0-rc.5+618ea11 - Build development environments from repositories in a container
#1: 🔑 Using SSH authentication!
#1: 🔑 Using ssh-ed25519 key!
#1: 🔓 SSH_KNOWN_HOSTS not set, accepting all host keys!
#1: 📦 Cloning [email protected]/gitrepo.git to /workspaces/gitrepo...
#1: 🔑 Got host key: **REDACTED**
Failed to clone repository: clone "[email protected]:group/gitrepo.git": ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Falling back to the default image...
Failed to locate devcontainer.json: open /workspaces/gitrepo/.devcontainer: no such file or directory
Falling back to the default image...
error: temp remount: temp remount: bind mount /.ssh/id_rsa => /.envbuilder/mnt/.ssh/id_rsa: permission denied
2024-08-09 02:58:42.606 [warn] Sending logs via AgentAPI v2 coder_version=v2.14.0+a0411a3
envbuilder v1.0.0-rc.5+618ea11 - Build development environments from repositories in a container
#1: 🔑 Using SSH authentication!
#1: 🔑 Using ssh-ed25519 key!
#1: 🔓 SSH_KNOWN_HOSTS not set, accepting all host keys!
#1: 📦 Cloning [email protected]/gitrepo.git to /workspaces/gitrepo...
#1: 🔑 Got host key: **REDACTED**
Failed to clone repository: clone "[email protected]:group/gitrepo.git": ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Falling back to the default image...
Failed to locate devcontainer.json: open /workspaces/gitrepo/.devcontainer: no such file or directory
Falling back to the default image...
error: temp remount: temp remount: bind mount /.ssh/id_rsa => /.envbuilder/mnt/.ssh/id_rsa: permission denied
I have verified I added the corresponding public key to my git provider's configuration for my user. What could be going wrong here?
Cian
Cian5mo ago
Which version of envbuilder are you using? (EDIT: I see the version string now) Can you set ENVBUILDER_VERBOSE=true and try again? Thanks for the heads-up on the documentation inconsistency as well! I updated it just now.
Phorcys
Phorcys4mo ago
hello @wizrds -- did you get this sorted out?
Cian
Cian4mo ago
Looking more at the last message
error: temp remount: temp remount: bind mount /.ssh/id_rsa => /.envbuilder/mnt/.ssh/id_rsa: permission denied
Are you sure your envbuilder container is running as root? Do you have some container security policy in place?

Did you find this page helpful?