A few days ago, I had this situation where I checked out the code for an existing project and ran into issues getting the docker build working. There were dependencies in the project which came from private Git repositories which could only be accessed through SSH. Everything looked correct with my set up. I had BuildKit enabled with DOCKER_BUILDKIT=1 set up in my shell environment. I had also validated that my RSA keypair worked properly locally. The builds still threw the notorious Permission denied (publickey) error.

This was the relevant part from my Dockerfile.

# Add github.com to known_hosts to prevent Host Key checking later.
RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts

# Clone private repository
RUN --mount=type=ssh git clone git@github.com:svivekkrishna/<private_repo>

I dug into it and realized that the SSH Agent has to be set up locally, and the private key of the pair added to it before sharing the context from the host to the docker build runtime.

$ ssh-agent
$ ssh-add <path-to-private-key-file>
$ ssh-add -l # Should output the added key

Now, when I run docker build, passing in the SSH context, it works!

docker build --ssh default -t ssh-agent-load .

I’ve put together a Gist of the code snippets used here.