How to use ssh agent forwarding with "vagrant ssh"?

Question

Rather than create a new SSH key pair on a vagrant box, I would like to re-use the key pair I have on my host machine, using agent forwarding. I've tried setting config.ssh.forward_agent to TRUE in the Vagrantfile, then rebooted the VM, and tried using:

vagrant ssh -- -A

...but I'm still getting prompted for a password when I try to do a git checkout. Any idea what I'm missing?

Answer 1

Add it to the Vagrantfile

Vagrant::Config.run do |config|
   # stuff
   config.ssh.forward_agent = true
end

See the docs

Answer 2

On Windows, the problem is that Vagrant doesn't know how to communicate with git-bash's ssh-agent. It does, however, know how to use PuTTY's Pageant. So, as long as Pageant is running and has loaded your SSH key, and as long as you've set config.ssh.forward_agent, this should work.

See this comment for details.

If you use Pageant, then the workaround of updating the Vagrantfile to copy SSH keys on Windows is no longer necessary.

Answer 3

In addition to adding "config.ssh.forward_agent = true" to the vagrant file make sure the host computer is set up for agent forwarding. Github provides a good guide for this. (Check out the troubleshooting section).

Answer 4

Make sure that the VM does not launch its own SSH agent. I had this line in my ~/.profile

eval `ssh-agent`

After removing it, SSH agent forwarding worked.

Answer 5

The real problem is Vagrant using 127.0.0.1:2222 as default port-forward. You can add one (not 2222, 2222 is already occupied by default)

config.vm.network "forwarded_port", guest: 22, host:2333, host_ip: "0.0.0.0"

"0.0.0.0" is way take request from external connection. then ssh -p 2333 vagrant@192.168.2.101 (change to your own host ip address, dud) will working just fine. Do thank me, Just call me Leifeng!

Answer 6

If you are on Windows, SSH Forwarding in Vagrant does not work properly by default (because of a bug in net-ssh). See this particular Vagrant bug report: https://github.com/mitchellh/vagrant/issues/1735

However, there is a workaround! Simply auto-copy your local SSH key to the Vagrant VM via a simple provisioning script in your VagrantFile. Here's an example: https://github.com/mitchellh/vagrant/issues/1735#issuecomment-25640783

Answer 7

I had this working with the above replies on 1.4.3, but stopped working on 1.5. I now have to run ssh-add to work fully with 1.5.

For now I add the following line to my ansible provisioning script. - name: Make sure ssk keys are passed to guest. local_action: command ssh-add

I've also created a gist of my setup: https://gist.github.com/KyleJamesWalker/9538912

Answer 8

I'm using vagrant 2 on OS X Mountain Lion.

Vagrant.configure("2") do |config|
  config.ssh.private_key_path = "~/.ssh/id_rsa"
  config.ssh.forward_agent = true
end

1. config.ssh.private_key_path is your local private key
2. Your private key must be available to the local ssh-agent. You can check with ssh-add -L, if it's not listed add it with ssh-add ~/.ssh/id_rsa
3. Don't forget to add you public key to ~/.ssh/authorized_keys on the Vagrant VM. You can do it copy-and-pasting or using a tool like ssh-copy-id

Answer 9

When we recently tried out the vagrant-aws plugin with Vagrant 1.1.5, we ran into an issue with SSH agent forwarding. It turned out that Vagrant was forcing IdentitiesOnly=yes without an option to change it to no. This forced Vagrant to only look at the private key we listed in the Vagrantfile for the AWS provider.

I wrote up our experiences in a blog post. It may turn into a pull request at some point.