ssh-agent forwarding into docker-compose environment is not working

Question

I have been having serious troubles to get ssh-agent forwarded into the docker container (with my docker-compose installation). I have Mac running Catalina, with docker-engine 19.03.8 and Compose @ 1.24. The following is my docker-compose file:

version: '3.7'
services:
  platform:
    build:
      context: .
      dockerfile: ./platform/compose/Dockerfile.platform.local
    working_dir: /root/platform
    ports:
      - "3000:3000"
    command: ["./compose/scripts/start_rails.sh"]
    tty: true
    stdin_open: true
    volumes:
      - type: bind
        source: /run/host-services/ssh-auth.sock
        target: /run/host-services/ssh-auth.sock
    env_file: ./platform/.env
    environment:
      TERM: xterm-256color
      SSH_AUTH_SOCK: /run/host-services/ssh-auth.sock

volumes:

The way I have configured ssh-agent forwarding is as specified in docker-compose documentation

The ./compose/scripts/start_rails.sh script does bundle install && bundle exec rails s. I have few gems that I am pulling from private-repositories and I thought I should be able to install these gems by forwarding ssh-agent.

I have also tried starting the ssh-agent before I spin the docker-compose up, but that doesnt seem to do anything.

{
  "debug": true,
  "experimental": true,
  "features": {
    "buildkit": true
  }
}

This is what I have added inside my docker configuration file. Any help is appreciated.

**UPDATE: 0 **

The following in my .ssh directory structure and config:

tree ~/.ssh

├── config
├── known_hosts
├── midhun
│   ├── id_rsa
│   └── id_rsa.pub
└── client
    ├── id_rsa
    └── id_rsa.pub

cat ~/.ssh/config

Host github.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/client/id_rsa

Host me.github.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/midhun/id_rsa  

UPDATE: 1

Updated my config with ForwardAgent Yes and it didn't work either. I have recorded entire ssh-logs in this gist -> https://gist.github.com/midhunkrishna/8f77ebdc90c7230d2ffae0834dc477cc .

Answer 1

I believe below change to your ~/.ssh/config should fix the issue:

Host github.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/client/id_rsa
    ForwardAgent yes

Host me.github.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/midhun/id_rsa
    ForwardAgent yes

Update 1: 5th May 2020

In your case, the reason it may not be working is that the agent on the host is key less.

You can confirm that using:

$ ssh-add -L
$ ssh-add -l

The agent will only forward the keys it has in its memory, nothing on your disk. Else you risk exposing every key that is there without any permission. What you need do is make sure you add those keys to your ssh-agent at startup:

$ ssh-add ~/.ssh/client/id_rsa
$ ssh-add ~/.ssh/midhun/id_rsa

Then if you do ssh-add -L on host and inside the docker terminal you should see both keys. And the ssh-agent also will work.