What happened?
Description
The container currently mounts a single authorized_keys file as a read-only bind mount and then attempts to modify ownership and permissions (chown/chmod) at container startup. Because the file is mounted read-only, these operations either fail or are silently ignored. This can cause OpenSSH to reject the key under its StrictModes checks, preventing SSH login for the ansible user. The behavior results in unreliable or failing SSH access despite valid keys.
Proposed changes
Mount the entire .ssh directory instead of a single file:
Compose:
- ./ssh:/home/ansible/.ssh:ro
Ensure correct permissions and ownership on the host:
chmod 700 ./ssh
chmod 600 ./ssh/authorized_keys
ensure ownership matches uid 1000 (ansible user) if StrictModes is enforced
Update the entrypoint script to avoid chown/chmod on read-only mounts, or perform these operations only when the filesystem is writable.
Image/Tag
No response
Relevant logs
What happened?
Description
The container currently mounts a single authorized_keys file as a read-only bind mount and then attempts to modify ownership and permissions (chown/chmod) at container startup. Because the file is mounted read-only, these operations either fail or are silently ignored. This can cause OpenSSH to reject the key under its StrictModes checks, preventing SSH login for the ansible user. The behavior results in unreliable or failing SSH access despite valid keys.
Proposed changes
Mount the entire .ssh directory instead of a single file:
Compose:
Ensure correct permissions and ownership on the host:
ensure ownership matches uid 1000 (ansible user) if StrictModes is enforced
Update the entrypoint script to avoid chown/chmod on read-only mounts, or perform these operations only when the filesystem is writable.
Image/Tag
No response
Relevant logs