As I’ve been working on Docker containers I’ve been having to use local containerised versions of ssh key pairs and
known_hosts. I need to be able to carry out key creation etc. without upsetting my own personal keys under
This may be bread and butter stuff to many long time Linux admins, but it’s not something I’ve had to do on a daily basis until recently.
Creating a Key Pair
$ ssh-keygen -f rsa -b 4096 -f [key name]
Where I can specify the location and name of the key files to create eg.
$ ssh-keygen -t rsa -b 4096 -f folder/id_rsa
Will give me the
id_rsa.pub files in the folder called folder.
Updating a known_host File
If I’m using two containers and need to get the remote containers key finger prints into my local containers
known_hosts I can use
ssh-keyscan to grab the fingerprints and then direct them to a file. Be careful as the order of the parameters is important, especially if you have ssh daemons on different ports on the remote.
$ ssh-keyscan -H -p 22 [remote host] >> folder/known_hosts
You can change the port that the keyscan pulls fingerprints from by changing the
-p 22 to your required port.
This can even be scripted into your containers “entrypoint” so the connection is always ready and avoid the messages:
ECDSA host key for IP address ‘192.168.122.99’ not in list of known hosts.
Host key verification failed.
Using ssh-agent to Remember Your Password
After a while relentlessly typing your keys passphrase gets wearing. Use the
ssh-agent in your current environment to provide it for you.
$ eval `ssh-agent`
You’ll be asked for your password and then the agent will pass it along to all the future requests for that session.