Adding openssh package to alpine docker

Question

Adding openssh package to alpine docker

2.1k Views Asked by Alex At 17 April 2025 at 18:34

I have the following Dockerfile:

FROM alpine:latest
RUN apk update
RUN apk add --no-cache curl openssh sshpass rsync
#etc

And this docker-compose.yml:

[...]
services:
  my-container:
    build:
      context: ./my-folder
      dockerfile: Dockerfile
    container_name: my-container
    restart: unless-stopped
    #etc

And I'm running this command:

docker-compose up -d --remove-orphans --build

I'm getting this error on build:

 => ERROR [3/7] RUN apk add --no-cache curl openssh sshpass rsync                                                                                                                                               3.7s
------                                                                                                                                                                                                               
 > [3/7] RUN apk add --no-cache curl openssh sshpass rsync:                                                                                                                                                          
#0 1.448 fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/main/aarch64/APKINDEX.tar.gz                                                                                                                              
#0 1.859 fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/community/aarch64/APKINDEX.tar.gz                                                                                                                         
#0 2.732 ERROR: unable to select packages:                                                                                                                                                                           
#0 2.741   openssh-client-common-9.3_p1-r3:
#0 2.741     breaks: openssh-client-default-9.3_p2-r0[openssh-client-common=9.3_p2-r0]

And for the life of me I cannot figure this out. I tried changing the the alpine image version to a few other options, I ran docker builder prune just in case this was some kind of caching problem. I also tried forcing specific versions numbers for openssh and running just with RUN apk add --no-cache openssh, but the error still appeared.

Any ideas would be very much appreciated.

EDIT: answers to comments.

Docker is running on Raspberry Pi OS (64 bit), fully updated.

$ docker version
Client: Docker Engine - Community
 Version:           24.0.4
 API version:       1.43
 Go version:        go1.20.5
 Git commit:        3713ee1
 Built:             Fri Jul  7 14:50:52 2023
 OS/Arch:           linux/arm64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          24.0.4
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.5
  Git commit:       4ffc614
  Built:            Fri Jul  7 14:50:52 2023
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
 runc:
  Version:          1.1.7
  GitCommit:        v1.1.7-0-g860f061
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Original Q&A

There are 3 best solutions below

**Andre Theron** · Answer 1

We got the same issue for the last week or so on our gitlab pipelines running on on-demand aws t2.Large instances running scripts in docker:git containers (Runtime platform arch=amd64 os=linux revision=79704081 version=16.0.1).

.gitlab-ci.yml

deploy:
    stage: deploy
    image: docker:git
    services: 
        - docker:dind
    before_script:
        - apk update
        - apk add openssh gettext ca-certificates

Resulting in:

$ apk add openssh gettext ca-certificates ERROR: unable to select packages: openssh-client-common-9.3_p1-r3: breaks: openssh-client-default-9.3_p2-r0[openssh-client-common=9.3_p2-r0]

The fix was to remove the openssh from apk add

I think the issue was related to this Alpine release with a security fix for OpenSSH. Noticing that openssh-client-default is already in Alpine, and is conflicting with the version that we are trying to add, made us realize that we can just remove the add.

**Outshined** · Answer 2

The openssh-client (and it's dependency openssh-client-common) that is installed in an image is older then the one in package repository. When you are trying to install a newer openssh server package, the conflict with older common packages occurs. I think upgrading the packages on the image should fix the issue:

RUN apk update && apk --no-cache upgrade
# or, for smaller impact:
RUN apk update && apk --no-cache upgrade openssh-client

Or you can wait for newer alpine version to be released (should work already).

**Han-lin Pai** · Answer 3

TL;DR The docker>=24.0.5 is able to install openssh properly.

docker run --rm -it docker:24.0.2 /bin/sh
# apk add openssh
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/community/x86_64/APKINDEX.tar.gz
ERROR: unable to select packages:
  openssh-client-common-9.3_p1-r3:
    breaks: openssh-client-default-9.3_p2-r0[openssh-client-common=9.3_p2-r0]

docker run --rm -it docker:24.0.3 /bin/sh
# apk add openssh
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/community/x86_64/APKINDEX.tar.gz
ERROR: unable to select packages:
  openssh-client-common-9.3_p1-r3:
    breaks: openssh-client-default-9.3_p2-r0[openssh-client-common=9.3_p2-r0]

docker run --rm -it docker:24.0.4 /bin/sh
# apk add openssh
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/community/x86_64/APKINDEX.tar.gz
ERROR: unable to select packages:
  openssh-client-common-9.3_p1-r3:
    breaks: openssh-client-default-9.3_p2-r0[openssh-client-common=9.3_p2-r0]

docker run --rm -it docker:24.0.5 /bin/sh
# apk add openssh
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/community/x86_64/APKINDEX.tar.gz
(1/4) Installing openssh-sftp-server (9.3_p2-r0)
(2/4) Installing openssh-server-common (9.3_p2-r0)
(3/4) Installing openssh-server (9.3_p2-r0)
(4/4) Installing openssh (9.3_p2-r0)
Executing busybox-1.36.1-r2.trigger
OK: 33 MiB in 59 packages

I also checked the pkgs of alpine:3.18 and the openssh-client-common-9.3_p1-r3 package is no longer exists.

It turns out the OpenSSH before 9.3p2 has impacted by CVE-2023-38408. https://nvd.nist.gov/vuln/detail/CVE-2023-38408

Adding openssh package to alpine docker

There are 3 best solutions below

Related Questions in DOCKER

Related Questions in ALPINE-LINUX

Related Questions in OPENSSH

Related Questions in ALPINE-PACKAGE-KEEPER

Trending Questions

Popular # Hahtags

Popular Questions