Use host yubikey-agent inside a docker container

[junze-smg]

Hi, thanks for the great agent. I've been using it on my Mac without a problem! However recently I need to use the Yubikey-agent inside a docker container because we need to ssh to a remote machine inside the container, but we'd like to have everyone use their own local ssh setup, i.e. yubikey-agent on my Mac. Setting up the environment SSH_AUTH_SOCK inside the container to the agent socket on my host machine with proper mounting didn't work. I also saw other ways to mount special path /run/host-services/ssh-auth.sock to the container, but it didn't work out either. Do you have any suggestion on how to use this agent inside a docker container? Thanks!

[gmmephisto]

Hi! If you don't use default osx ssh-agent, you can remap it socket to yubikey-agent socket with such launch agent:

$ cat ~/Library/LaunchAgents/link-ssh-auth-sock.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http:https://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>link-ssh-auth-sock</string>
  <key>ProgramArguments</key>
  <array>
    <string>/bin/sh</string>
    <string>-c</string>
    <string>/bin/ln -sf /usr/local/var/run/yubikey-agent.sock $SSH_AUTH_SOCK</string>
  </array>
  <key>RunAtLoad</key>
  <true/>
</dict>
</plist>

Then, force to launch it with launchctl load -F ~/Library/LaunchAgents/link-ssh-auth-sock.plist and run docker container:

$ docker run -ti --rm -v /run/host-services/ssh-auth.sock:/ssh-agent -e SSH_AUTH_SOCK="/ssh-agent"

So, /run/host-services/ssh-auth.sock socket in docker virtual machine point to default osx ssh-agent which linked to yubikey-agent socket.

docker/for-mac#4242 (comment)