Permission Denied when trying to load config file using Docker mode about sshwifty HOT 5 CLOSED

Thank you @nirui I got it working with docker volume mode and everything works smoothly.
The "Permission Denied" problem was that the program doesn't have access to /root folder inside the container, so I moved the files to /opt folder.

Here is the config I used:

$ docker run --detach
--restart always
--publish 8182:8182
--name sshwifty
-v /opt/sshwifty.conf.json:/opt/sshwifty.conf.json
-v /opt/.ssh/id_rsa:/opt/.ssh/id_rsa
--env SSHWIFTY_CONFIG=/opt/sshwifty.conf.json
niruix/sshwifty:latest

Thanks for your support and kind reply.

from sshwifty.

Well, the environment variable SSHWIFTY_CONFIG only tells where should Sshwifty fetch it's configuration, it does not copy the config file into the Container.

In your case you need to mount the file/folder as a Docker Volume (via -v parameter), so the file/folder actually "exists" in the Container.

Or, you can config Sshwifty with just environment variables, and skip the configfile all together. Take look the Readme file if you want to give this method a try. And yes, you can setup Presets via environment variable as well (via SSHWIFTY_PRESETS), the format of it is identical to the one in the configfile.

Also, the internet equipment at my home is down for maintenance, which is why it took such long time for me to respond. Sorry for keep you waiting :P

from sshwifty.

Thanks for your reply. I'm kind a new in Docker. So, it should be something like:

$ docker run --detach
--restart always
--publish 8182:8182
--name sshwifty
-v /root/sshwifty.conf.json:/root/sshwifty.conf.json
--env SSHWIFTY_CONFIG=/root/sshwifty.conf.json
niruix/sshwifty:latest

Can you provide an example of a Preset format loaded in ENVIRONMENT VARIABLE?

from sshwifty.

The format the same as the one used in sshwifty.conf.example.json. For example, based on your configuration, it should look like:

[
    {
        "Title": "Host 1",
        "Type": "SSH",
        "Host": "10.0.1.1",
        "Meta": {
            "User": "root",
            "Encoding": "utf-8",
            "Private Key": "-----BEGIN RSA PRIV...\nMIIE...\n-----END RSA PRI...\n",
            "Authentication": "Private Key",
            "Fingerprint": "SHA256:bgO...."
        }
    },
    ......
]

Then you save the content to a file, say "presets.json".

When you start the Docker Container, run the command like docker run ..... --env SSHWIFTY_PRESETS="$(cat <PATH/TO/THE/presets.json>)" .... This will load the content of presets.json into an environment variable SSHWIFTY_PRESETS available in the Container.

Keep in mind, however, if you do this, the "Private Key": "file:///root/.ssh/id_rsa" setting will be invalid, because there is no /root/.ssh/id_rsa inside the Container, you have to use literal value such as "Private Key": "-----BEGIN RSA PRIV...\nMIIE...\n-----END RSA PRI...\n".

Another thing to keep in mind is the value of the Fingerprint. Sshwifty only support the fingerprints that are generated by itself. That means it, will treat ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoY... as invalid. Sshwifty will display the server fingerprint when it connects to a SSH remote via "New Remote" wizard, you can grab the supported one from there.

So, to sum up, you could:

1. Use Docker Volume to mount all necessary file/folders into the container so Sshwifty running in the container can read them (docker run ... -v </HOST/PATH>:</CONTAINER/PATH>:ro ...). Learn more about Volumes here: https://docs.docker.com/storage/volumes/ (, also exposing /root is almost never a good idea)
2. Or, use --env variable to import all necessary settings into the container as environment variables, so you don't have to setup volume

from sshwifty.

Oh, I should have realized this earlier. Sshwifty runs as a normal, non-root user in the container. That means it cannot read /root, as well as anything mounted under it. Which is probably the root cause of the "Permission Denied" error.

Anyway, I'm glad you've sorted it out ☺️

One suggestion: You might want to mount the Volume as read-only (via :ro) for better security. See: https://docs.docker.com/storage/volumes/#use-a-read-only-volume

from sshwifty.