Using ssh with Inspec via the docker container

weaverslodge · June 12, 2018, 9:34pm

Guys,

A couple of caveats - I am new to both Inspect and Docker so I am bound to be doing something wrong.

I have created a bunch of tests in Inspec and attempted to test them on a target host using SSH and keys. I am using the containerised version of Inspec but I can’t get it to authenticate. I’m sure it’s obvious but my head is getting sore banging on the desk.

So here’s what I’m doing

Daves-MacBook-Pro:InSpec dave$ docker run -it --rm -v $(pwd):/share chef/inspec exec initial -t ssh://dave@distribution --key-files=~/.ssh/id_rsa --user=dave --log-level=debug
D, [2018-06-12T21:20:25.321296 #1] DEBUG – : [SSH] dave@distribution<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :auth_methods=>[“none”, “publickey”], :keys_only=>true, :keys=>["~/.ssh/id_rsa"], :password=>"", :forward_agent=>nil, :proxy_command=>nil, :verify_host_key=>false}> (uname -s)
D, [2018-06-12T21:20:25.321553 #1] DEBUG – : [SSH] opening connection to dave@distribution<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :auth_methods=>[“none”, “publickey”], :keys_only=>true, :keys=>["~/.ssh/id_rsa"], :password=>"", :forward_agent=>nil, :proxy_command=>nil, :verify_host_key=>false}>
I, [2018-06-12T21:20:25.709652 #1] INFO – : [SSH] connection failed, retrying in 1 seconds (#<Net::SSH::AuthenticationFailed: Authentication failed for user dave@distribution>)
D, [2018-06-12T21:20:26.711534 #1] DEBUG – : [SSH] opening connection to dave@distribution<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :auth_methods=>[“none”, “publickey”], :keys_only=>true, :keys=>["~/.ssh/id_rsa"], :password=>"", :forward_agent=>nil, :proxy_command=>nil, :verify_host_key=>false}>
I, [2018-06-12T21:20:26.863483 #1] INFO – : [SSH] connection failed, retrying in 1 seconds (#<Net::SSH::AuthenticationFailed: Authentication failed for user dave@distribution>)
D, [2018-06-12T21:20:27.863964 #1] DEBUG – : [SSH] opening connection to dave@distribution<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :auth_methods=>[“none”, “publickey”], :keys_only=>true, :keys=>["~/.ssh/id_rsa"], :password=>"", :forward_agent=>nil, :proxy_command=>nil, :verify_host_key=>false}>
I, [2018-06-12T21:20:28.135679 #1] INFO – : [SSH] connection failed, retrying in 1 seconds (#<Net::SSH::AuthenticationFailed: Authentication failed for user dave@distribution>)
D, [2018-06-12T21:20:29.137781 #1] DEBUG – : [SSH] opening connection to dave@distribution<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :auth_methods=>[“none”, “publickey”], :keys_only=>true, :keys=>["~/.ssh/id_rsa"], :password=>"", :forward_agent=>nil, :proxy_command=>nil, :verify_host_key=>false}>
I, [2018-06-12T21:20:29.389034 #1] INFO – : [SSH] connection failed, retrying in 1 seconds (#<Net::SSH::AuthenticationFailed: Authentication failed for user dave@distribution>)
D, [2018-06-12T21:20:30.392144 #1] DEBUG – : [SSH] opening connection to dave@distribution<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :auth_methods=>[“none”, “publickey”], :keys_only=>true, :keys=>["~/.ssh/id_rsa"], :password=>"", :forward_agent=>nil, :proxy_command=>nil, :verify_host_key=>false}>
W, [2018-06-12T21:20:30.736623 #1] WARN – : [SSH] connection failed, terminating (#<Net::SSH::AuthenticationFailed: Authentication failed for user dave@distribution>)
Transport error, can’t connect to ‘ssh’ backend: SSH session could not be established

To prove that the key file is valid

Daves-MacBook-Pro:InSpec dave$ ssh distribution -i ~/.ssh/id_rsa
Last login: Tue Jun 12 22:18:24 2018 from 192.168.1.150
Distribution-Server:~ dave$

What am I doing wrong - apologies if it’s really obvious

Regards

Dave

chris-rock · June 23, 2018, 4:09pm

If you run InSpec via docker, you need to make sure you ssh directory is mapped into the container too, otherwise InSpec running inside the container has no access to your local ssh key.
~/.ssh/id_rsa

You can test that by:

docker run -it --rm -v $(pwd):/share -v /Users/chartmann/.ssh:/ssh centos /bin/bash
[root@bc70254721d3 /]# ls /ssh
id_rsa  id_rsa.pub  known_hosts
[root@bc70254721d3 /]#

Therefore

docker run -it --rm -v $(pwd):/share -v /Users/dave/.ssh:/ssh chef/inspec exec initial -t ssh://dave@distribution --key-files=/ssh/id_rsa --user=dave --log-level=debug

should work

weaverslodge · June 23, 2018, 4:40pm

Many thanks, I’ve been meaning to update the question myself - the problem was my understanding of containers. I realised (after my head was sore from banging on the desk) that the container couldn’t see the key file. Thanks for confirming.

Topic		Replies	Views
Inspec -t ssh not possible Chef InSpec	1	880	March 8, 2018
Chef inspec authetication error Chef InSpec	1	897	January 16, 2018
In Spec for Containers on Openshift Chef InSpec	1	876	March 28, 2019
Using kitchen-ssh driver to run Inspec tests on remote node Chef Infra (archive)	5	3808	July 29, 2016
InSpec v1.21.0 released! Chef Release Announcements	0	688	April 24, 2017

Using ssh with Inspec via the docker container

Related topics