Docker, how to deal with ssh keys, known_hosts and authorized_keys

To trust github.com host you can issue this command when you start or build your container:

 ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts

This will add github public key to your known hosts file.

If everything is done in the Dockerfile it's easy.In my Dockerfile:

ARG PRIVATE_SSH_KEY# Authorize SSH HostRUN mkdir -p /root/.ssh && \    chmod 0700 /root/.ssh && \    ssh-keyscan example.com > /root/.ssh/known_hosts && \    # Add the keys and set permissions    echo "$PRIVATE_SSH_KEY" > /root/.ssh/id_rsa && \    chmod 600 /root/.ssh/id_rsa...do stuff with private key# Remove SSH keysRUN rm -rf /root/.ssh/

You need to obviously need to pass the private key as an argument to the building(docker-compose build or docker build).

This is how I do it, not sure if you will like this solution though. I have a private git repository containing authorized_keys with a collection of public keys. Then, I use ansible to clone this repository and replace authorized_keys:

- git: repo=my_repo dest=my_local_folder force=yes accept_hostkey=yes- shell: "cp my_local_folder/authorized_keys ~/.ssh/"

Using accept_hostkey is what actually allows me to automate the process (I trust the source, of course).