Git doesn't work with local SSH agent forwarding when postCreateCommand action and after build process

[n0ct1s-k8sh]

What happened?
Hi. I have some private repos in my BitBucket cloud account to work with them using their devcontainers using my personal SSH identity. Nowadays I can use them as the standalone way with VSCode, but I saw this tool and I'm giving it a try. I've created a workspace for a private repo, sourcing it from a its local folder and used the Docker provider to open it in VSCode/VSCode web. The devcontainer builds successfully but when the postCreateCommand calls a custom shell script to clone other dependent private repos, it fails:

Host key verification failed.
Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.

I've searched for another issues with SSH agent forwarding and apparently they were fixed.

If I try to run the workspace, it opens successfully VSCode but if I try to run the script to clone the repos, it fails again with the same error.

What did you expect to happen instead?
I expected to build the devcontainer successfully with the postCreateCommand action and open my repo to start working on it.

How can we reproduce the bug? (as minimally and precisely as possible)

• Create a SSH ED25519 keypair with a passphrase.
• Add it (both private and public files) with the passphrase into a KeePassXC database entry and setup the SSH Agent integration with KeePassXC.
• Make sure when you unlock the KeePass database it adds your identity into the agent (ssh-add -l).
• Add the SSH public key in your Git server.
• Clone a private repo into a specific path of your machine with a manual git clone.
• Create a devcontainer stack for that repo (main dir .devcontainer and the `devcontainer.json manifest).
  • Create this shell script inside the .devcontainer directory of your repo:

  • #!/usr/bin/env bash
    echo "----------------------"
    echo "--- Init Workspace ---"
    echo "----------------------"
    rm -rf my-repo-1
    git clone -b master git@bitbucket.org:myworkspace/my-repo-1.git
    rm -rf my-repo-2
    git clone -b master git@bitbucket.org:myworkspace/my-repo-2.git

  • Set in the devcontainer.json the postCreateCommand to run that shell script.
• Open DevPod and create a new workspace with Docker provider.

My devcontainer.json:

{
    "name": "Terraform Workspace",
    "image": "mcr.microsoft.com/devcontainers/base:bookworm",
    "mounts": [
        // AWS Credentials
        "source=${localEnv:HOME}${localEnv:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind"
    ],
    "features": {
        "ghcr.io/devcontainers/features/common-utils:2": {
            "configureZshAsDefaultShell": true,
            "upgradePackages": true
        },
        "ghcr.io/devcontainers-contrib/features/apt-packages:1": {
            "packages": "fzf"
        },
        "ghcr.io/devcontainers-contrib/features/zsh-plugins:0":{
            "plugins" : "aws aliases common-aliases fzf git kubectl minikube helm terraform F-Sy-H fzf-zsh-plugin zsh-autosuggestions",
            "omzPlugins" : "https://github.com/z-shell/F-Sy-H https://github.com/unixorn/fzf-zsh-plugin.git https://github.com/zsh-users/zsh-autosuggestions"
        },
        "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {
            "version": "latest",
            "helm": "3.11.2"
        },
        "ghcr.io/devcontainers/features/aws-cli:1": {
            "version": "latest"
        },
        "ghcr.io/devcontainers/features/terraform:1": {
            "version": "1.4.7",
            "tflint": "0.48.0",
            "installTerraformDocs": "true"
        },
        "ghcr.io/devcontainers-contrib/features/gh-release:1": {
            "repo": "argoproj/argo-rollouts",
            "binaryNames": "kubectl-argo-rollouts-linux-amd64",
            "libName": "kubectl-argo-rollouts",
            "version": "latest"
        },
        "ghcr.io/devcontainers/features/go:1": {
            "version": "latest",
            "golangciLintVersion": "latest"
        },
        "ghcr.io/azutake/devcontainer-features/go-packages-install:0": {
            "PACKAGES": "github.com/dineshba/tf-summarize@latest"
        }
    },
    "customizations": {
        "vscode": {
            "settings": {
                "terraform.languageServer": {
                    "enabled": true
                }
            },
            "scm.alwaysShowRepositories": true,
            "editor.tabSize": 4,
            "terminal.integrated.profiles.linux": {
              "bash": {
                "path": "bash",
                "icon": "terminal-bash"
              },
              "zsh": {
                "path": "zsh"
              },
              "fish": {
                "path": "fish"
              },
              "tmux": {
                "path": "tmux",
                "icon": "terminal-tmux"
              },
              "pwsh": {
                "path": "pwsh",
                "icon": "terminal-powershell"
              }
            },
            "extensions": [
                "hashicorp.terraform",
                "ms-azuretools.vscode-docker",
                "ms-kubernetes-tools.vscode-kubernetes-tools",
                "mhutchie.git-graph",
                "donjayamanne.githistory",
                "eamodio.gitlens",
                "shardulm94.trailing-spaces",
                "atlassian.atlascode",
                "ms-vsliveshare.vsliveshare",
                "redhat.vscode-yaml",
                "yzhang.markdown-all-in-one",
                "ms-vsliveshare.vsliveshare",
                "mutantdino.resourcemonitor"
            ]
        }
    },
    "postCreateCommand": "/bin/bash .devcontainer/init-workspace.sh"
}

Local Environment:

• DevPod Version: v0.5.16
• Operating System: Linux (Ubuntu 24.04 LTS Noble Numbat)
• ARCH of the OS: AMD64

DevPod Provider:

• Local/remote provider: docker

[pascalbreuninger]

Hi @n0ct1s-k8sh, thanks for opening the issue. We've added a small fix over here #1165 but your problem seems to be that your workspace is not aware of githubs host key. Adding this to your post create script should work:

mkdir ~/.ssh && touch ~/.ssh/known_hosts && ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts

[n0ct1s-k8sh]

Hi. Yes, I realized after submitting the issue, so I closed it. Thank you so much for the info!! I'll keep an eye on it