CODEWITHSUNDEEP
sshvagrant
Behram Mistree
Behram Mistree

Reputation: 4308

Vagrant forwarding ssh from remote server

I set up vagrant to run a vm on a host os. What I would like to do is be able to ssh from other machines directly into the vagrant vm (ie, I shouldn't ssh into the host and then vagrant ssh, etc. into the vagrant vm).

Currently, I can ssh not using vagrant ssh from the host os using ssh [email protected] -p 2222. However, if I run the same command (replacing 127.0.0.1 with the host's ip address), I get "ssh connect to host XXXXX port 2222: Connection refused."

I tried adding my own port forwarding rule to vagrant:

config.vm.network :forwarded_port, guest: 22, host: 2222

But that doesn't allow ssh connection from either the host machine or any other machine in the network. Additionally, I spent a while with config.ssh in the vagrant docs. I think that most of those parameters though specify what port the vagrant vm is running ssh on.

I really don't think this should be that difficult. Does anyone know what I might be doing wrong, or what I should do differently to ssh into a vagrant vm from a remote server?

Upvotes: 24

Views: 20183

Answers (4)

TlmaK0
TlmaK0

Reputation: 3906

If you don't want to change network to public you can override default port forwarding for ssh by this:

config.vm.network :forwarded_port, guest: 22, host: 2222, host_ip: "0.0.0.0", id: "ssh", auto_correct: true

This will forward guest 22 port to 2222 on your host machine and will be available from any ip, so you can access it outside your local machine.

Upvotes: 39

Lutz Prechelt
Lutz Prechelt

Reputation: 39446

Use vagrant share --ssh

Vagrant now has a service for registering a Vagrant VM for remote SSH access automatically.

See here: https://www.vagrantup.com/docs/share/ssh.html

You call vagrant share --ssh.
This generates an SSH key (encrypted and password-protected), uploads it to a Hashicorp server, and returns a silly global box name (e.g. "rambunctious-deer-3496").
Then everybody who

  • has a Hashicorp Atlas account
  • knows the box name,
  • knows the password for the key, and
  • has Vagrant installed(!)

can perform remote SSH to the box via vagrant connect --ssh BOXNAME.
Vagrant takes care of all the admin stuff behind the scenes (here are some details).

Works as advertised.
I guess this will even work if the Vagrant host (not merely the VM) is behind a NAT.

Limitations:

  • vagrant share sessions expire (currently after 8 hours)
  • expect some latency, because all traffic is (presumably) routed through the Altas server
  • I have seen my remote connections close (for no obvious reason) after I had not used them for maybe 15 minutes.

Upvotes: 2

Terry Wang
Terry Wang

Reputation: 13920

Since v1.2.3 Vagrant port forwarding by default binds with 127.0.0.1 so only local connections are allowed.

You got "Connection refused" because the port forwarding was NOT binding to your network interfaces (e.g. eth0, wlan0). The port 2222 on your host is NOT even open to hosts in the same network (loopback interfaces not accessible to other hosts).

If you want to SSH directly to the Vagrant VM from a remote host (in the same LAN), the best and easiest way is to use Public Network (VirtualBox's Bridged networking mode).

Add the following to your Vagrantfile and do a vagrant reload.

It should bridge through one of the public network interfaces, you should be able to get the IP address after VM is up, vagrant ssh into it and run ifconfig -a or ip addr to get the IP address to ssh to from remote hosts.

Sample Vagrantfile

<!-- language: lang-rb -->

config.vm.network :public_network # 2nd interface bridged mode

or more advanced, you can set default network interface for public network

<!-- language: lang-rb -->

config.vm.network "public_network", :bridge => 'en1: Wi-Fi (AirPort)'

See more => Public Network

Upvotes: 18

inorichi
inorichi

Reputation: 406

You can also add another rule to Vagrantfile like the following:

config.vm.network :forwarded_port, guest: 1234, host: 22

Connect to Vagrant with the default port (2222) and edit /etc/ssh/sshd_config, then add below Port 22 the port previously configured as 'guest', resulting:

...
Port 22 #Uncomment this line if it's commented
Port 1234
....

Finally, restart the ssh daemon or do vagrant reload (if you edited Vagrantfile while the VM was running you have to reload it) and now you can connect to Vagrant using 'host' port (22 in my case) from outside the host computer.

You can't remove the default port, because Vagrant would hang when starting up.

Upvotes: 6

Related Questions