Refactor SSH key handling in Dockerfile to ensure known_hosts is created before ssh-keyscan

2025-09-14 13:16:51 +02:00
parent 57b20df159
commit 87b282d9d0
1 changed files with 4 additions and 2 deletions
--- a/6
+++ b/6
@@ -12,13 +12,15 @@ RUN mkdir -p /root/.ssh && chmod 700 /root/.ssh
 # ssh-add ssh key from env var but do not keep env var around
 ARG SSH_PRIVATE_KEY
 ARG SSH_PUBLIC_KEY
+ARG OLLAMA_HOST
 RUN echo "$SSH_PRIVATE_KEY" > /root/.ssh/id_rsa && \
 	echo "$SSH_PUBLIC_KEY" > /root/.ssh/id_rsa.pub && \
 	chmod 600 /root/.ssh/id_rsa && \
 	chmod 644 /root/.ssh/id_rsa.pub && \
 	unset SSH_PRIVATE_KEY && unset SSH_PUBLIC_KEY
-RUN ssh-keyscan -H $OLLAMA_HOST >> /root/.ssh/known_hosts
-RUN chmod 600 /root/.ssh/known_hosts
+# Prepare known_hosts and try to pre-fetch host key (non-fatal if unreachable at build time)
+RUN touch /root/.ssh/known_hosts && chmod 600 /root/.ssh/known_hosts
+RUN ssh-keyscan -T 5 -H "$OLLAMA_HOST" >> /root/.ssh/known_hosts || true

 # Copy script
 WORKDIR /app