Sharing ssh-agent forwarded credentials across users with Vagrant

Question

I'm creating a VM with Vagrant and using the 'config.ssh.forward_agent = true' setting to forward SSH credentials from my host OS, but I'm struggling to figure out how to share credentials across user accounts. The default 'vagrant' account has the SSH_AUTH_SOCK environment var pointing to a socket file under /tmp/ssh* that gets dynamically generated/named. If I ssh into that account and use setfacl to give my 'foobar' user rwx perms to the file, then I switch to my 'foobar' account and manually set my SSH_AUTH_SOCK variable to point to the same socket file, then everything works. But that seems like a really hacky approach and I can't think of a clean way to that automatically during provisioning. Ideas on how I can accomplish this correctly?

Answer 1

First you need to run ssh-agent on your host machine (say hostm). Maybe this does vagrant for you. You can do it manualy via eval ssh-agent within your profile for example or directly in your current shell.

config.ssh.forward_agent within your vagrantfile has to be true.

All users within your guest machine (say vagrant.box) need to have the public key from the user "foo" within their authorized_keys file (ensure directory and file permissions!).

All users on vagrant.box need to have set ForwardAgent yes within their ~/.ssh/config.

At last you have to add your private key to ssh agent on hostm via ssh-add what_ever_your_private_key_is on hostm.

Then you should be able to log into vagrant.box from your hostm via ssh vagrant@vargrant.box and from there ssh bar@vargrant.box