[Feature]: ssh-agent forwarding

[LukeCarrier]

What feature would you like?

I'd like the ability to pass through my SSH agent, which Docker for Mac makes available at $SSH_AUTH_SOCK (/run/host-services/ssh-auth.sock).

In my case, I am not concerned about the risk of exposing my keys to applications running in these containers as my SSH agent requires intervention before keys in it can be used by new clients.

Why would this be useful?

My build image uses a Nix devShell to ensure tool versions match those on the host, and to make it easier for agents to get access to different versions. As part of this I load a (private) shared flake which I'd rather be fetched over SSH than HTTP.

In practice, the flags I need to pass to the docker invocation to enable this are:

• --mount type=bind,src="/run/host-services/ssh-auth.sock",dst="/run/host-services/ssh-auth.sock"
• --env SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock

Without the mount the socket is inaccessible.

Assuming SSH_AUTH_SOCK is always correct across all host platforms, would you be against having a forward-ssh-agent option that wires this up?