After re-evaluating the situation, I once again strongly advice you not use this Docker image. It is hard-coded to not perform host key checking, which critically undermines SSH security to provide some negligible comfort. Additional problems exist with the image.
Your config
file has a slight mistake. The image copies everything from /root/ssh
to /root/.ssh
and then fixes the permissions. For this to be effective, the configuration needs to point at the private key at /root/.ssh
. As such, you must use this:
IdentityFile /root/.ssh/key.pem
It will then work.
Using Docker for this task is overkill. I recommend using the OpenSSH client that ships with Windows instead. It will be faster and use tremendously fewer resources. Alternatively, you could use Plink from the PuTTY suite of tools.
Yet another possibility is to use a full VPN tunnel with WireGuard. Setup is relatively easy, too.
Obsolete answer because I didn’t read the original Dockerfile
correctly:
This Docker Desktop behavior is documented. From the Troubleshooting page:
Permissions errors on data directories for shared volumes
When sharing files from Windows, Docker Desktop sets permissions on shared volumes to a default value of 0777 (read
, write
, execute
permissions for user
and for group
).
The default permissions on shared volumes are not configurable. If you are working with applications that require permissions different from the shared volume defaults at container runtime, you need to either use non-host-mounted volumes or find a way to make the applications work with the default file permissions.
So you cannot make this work with a mounted file.
The way forward with this problem is to use a Dockerfile
to built your own specialized image:
FROM cagataygurturk/docker-ssh-tunnel:latest
ADD key.pem /root/.ssh/
ADD config /root/.ssh/
RUN chmod 600 /root/.ssh/key.pem /root/.ssh/config
In your docker-compose.yml
, have this instead:
version: '3'
services:
pg-tunnel:
build: .
environment:
TUNNEL_HOST: ec2-tunnel
REMOTE_HOST: ---.rds.amazonaws.com
LOCAL_PORT: 5432
REMOTE_PORT: 5432
ports:
- 5432:5432