Docker Load key "/root/.ssh/id_rsa": invalid format
If the key is "invalid format", try and regenerate it with the old PEM format.
ssh-keygen -m PEM -t rsa -P ""
Make sure to add the public key to your GitHub account for proper authentication.
The OP Shammir adds in the comments:
I think the issue is that nothing is being copied from host machine to docker image during build.
In "docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)"
returning empty", Shammir uses dockito/vault
to manage the private key, but also configure it to "AddKeysToAgent": that is not needed if the private key is not passphrase protected (as in my command above)
Another possible gotcha is if you're using a Makefile to run the docker build command. In that case the command in the Makefile would look something like:
docker-build: docker build --build-arg SSH_PRIVATE_KEY="$(shell cat ~/.ssh/id_rsa)"
Make
unfortunately replaces newlines with spaces (make shell)
This means that the ssh key which is written into the container has a different format, yielding the error above.
I was unable to find a way to retain the newlines in the Makefile command, so I resorted to a workaround of copying the .ssh directory into the docker build context, copying the files through the Dockerfile, then removing them afterwards.
Do not use echo "${SSH_PRIVATE_KEY}" >> /root/.ssh/id_rsa
to pass the private key (same for the public key). I had a similar error Load key "/root/.ssh/id_rsa": invalid format
when I tried
RUN echo "$ssh_prv_key" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
This led to errors like identity file /root/.ssh/id_rsa type -1 invalid format
and read_passphrase: can't open /dev/tty
.
The right way would be to use
COPY id_rsa /root/.ssh/id_rsaRUN chmod 600 /root/.ssh/id_rsa
The solution explained: my private key was wrongly formatted - instead of many lines, it was passed as a one-liner, and you might have any other format issue like a forgotten "-" at the start or end, or something wrong at the end of the lines, like a missing newline format or an additional letter at the end of a line.
See Dockerfile: clone repo with passwordless private key. Errors: “authentication agent” or “read_passphrase: can't open /dev/tty” for more details, with the main idea from Add private key to ssh-agent in docker file, which again had the idea from Gitlab CI/Docker: ssh-add keeps asking for passphrase.