Forum Discussion

Former Member's avatar
Former Member
4 years ago

"Error connecting to agent: permission denied" when forwarding 1Password SSH agent to Docker

I am trying to mount the 1Password SSH agent's socket inside a Docker container using the process described in https://docs.docker.com/desktop/networking/#ssh-agent-forwarding. In my docker-compos...
SSH
Former Member's avatar
Former Member
4 years ago

Results of some further investigation:

https://github.com/docker/for-mac/issues/4242#issuecomment-822027581 appears to describe what's going on—Docker Desktop's $SSH_AUTH_SOCK comes from launchd unless explicitly started from a shell.

If I inspect the Docker process's environment it is clearly not picking up the correct $SSH_AUTH_SOCK (CRs added for readability)


$ ps Eww 8510
PID TT STAT TIME COMMAND
8510 ?? S 0:00.16 /Applications/Docker.app/Contents/MacOS/Docker
USER=<me>
SECURITYSESSIONID=186fe
__CFBundleIdentifier=com.docker.docker
COMMAND_MODE=unix2003
DISPLAY=/private/tmp/com.apple.launchd.himcQtrOZF/org.xquartz:0
LOGNAME=<me>
PATH=/usr/bin:/bin:/usr/sbin:/sbin
SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.1YAMzFNnmk/Listeners
SHELL=/bin/bash
HOME=/Users/<me>
__CF_USER_TEXT_ENCODING=0x1F5:0x0:0x0
LaunchInstanceID=7A5BB568-BB71-4335-A5D0-87D22CE7BC2E
TMPDIR=/var/folders/np/kfknfjg550g6lr8k1wsdmr_h0000gn/T/ XPC_SERVICE_NAME=application.com.docker.docker.6088138.6088438
XPC_FLAGS=1

I tried creating a launch agent according to https://web.archive.org/web/20170912205535/http://drjackyl.de/how/to/2017/08/15/Set_Global_Environment_Variables_in_macOS_10.10_and_later.html but, after a restart, unfortunately:


$ launchctl getenv SSH_AUTH_SOCK
/Users/<me>/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock
$ ps Eww 887
PID TT STAT TIME COMMAND
887 ?? S 0:00.17 /Applications/Docker.app/Contents/MacOS/Docker
USER=<me>
SECURITYSESSIONID=186b1
__CFBundleIdentifier=com.docker.docker
COMMAND_MODE=unix2003
DISPLAY=/private/tmp/com.apple.launchd.HL2M5C2c66/org.xquartz:0
LOGNAME=<me>
PATH=/usr/bin:/bin:/usr/sbin:/sbin
SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.NtvX8s84bQ/Listeners
SHELL=/bin/bash
HOME=/Users/<me>
__CF_USER_TEXT_ENCODING=0x1F5:0x0:0x0
LaunchInstanceID=C16BCFC2-1665-45C5-808D-5670FB7DA0AA
TMPDIR=/var/folders/np/kfknfjg550g6lr8k1wsdmr_h0000gn/T/
XPC_SERVICE_NAME=application.com.docker.docker.6088138.6088438
XPC_FLAGS=1

…Docker's environment still has the Apple $SSH_AUTH_SOCK.