Using `:ssh` module in docker container

linusdm · August 9, 2023, 9:59am

Hi,

I’m hitting an error when trying to use the :ssh module in a docker container:

[notice] Erlang SSH :client version: 5.0.1 (OpenSSL 3.0.9 30 May 2023).
Address: 1.2.3.4:56789
Peer server version: ~c"SSH-2.0-OpenSSH_for_Windows_8.1"
Peer address: 4.3.2.1:22
Disconnects with code = 11 [RFC4253 11.1]: Internal error
State = {key_exchange,client,init}
Module = ssh_connection_handler, Line = 1387.
Details:
  Reason: {badmatch,{error,enoent}}

I’m passing in the {:silently_accept_hosts, true} option, but I’m probably still missing some setup to use the SSL client in the docker environment (locally, not in docker, it works fine).

# hostname, username, passwords are charlists
:ssh.connect(hostname, port, [{:user, username}, {:password, password}, {:silently_accept_hosts, true}])

The runner image in Dockerfile has the openssl installed (which is added by default when using mix release), but maybe there is still some package missing?

I’m not sure what needs to be available on the host Docker OS (debian in my case) to enable ssh client communication. Any help is greatly appreciated!

D4no0 · August 9, 2023, 10:54am

I had this issue when installing OTP-26 on my mac, turns out openssl 3 is not officially supported yet in OTP.

linusdm · August 9, 2023, 12:18pm

The default USERDIR for the ssh application is /home/LOCALUSER/.ssh (e.g. ~/.ssh). This folder doesn’t exist in the docker debian environment. Passing in the :user_dir option when connecting, pointing it to a writable folder, solves the issue:

:ssh.connect(hostname, port, [{:user_dir, ~c"/app"}, ...])

This is the folder where authorised_keys, known_hosts, etc. are kept.

I’ve created a dedicated folder in the Dockerfile, and passed it in as an environment variable, so it can be used when connecting (or omitted when not in docker).

linusdm · August 9, 2023, 12:25pm

Although I’m happy I found the culprit, it baffles me that there is nothing in the original error hinting to a filesystem related issue… I guess this is deep in the erlang ssh-code…

LostKobrakai · August 9, 2023, 12:34pm

{error,enoent} is a filesystem related error, but I agree it’s not much of a signal.