Is there a way to make the root user use agent forwarding in vagrant

Question

When I use the following config in Vagrant:

Vagrant.configure("2") do |config|
  config.ssh.forward_agent = true
end

While running git, I can use ssh agent forwarding on the guest with user: vagrant, but it does not work with the user: root (I get permission denied).

I need it to work with the user: root as puppet provisioning runs as root.

Is there a way to force vagrant to also allow ssh agent forwarding with the user: root?

Answer 1

My understanding is that it isn't possible to make a privileged vm.provision section work with SSH agent forwarding. Fundamentally, a privileged section needs to do a sudo, which breaks the link to the SSH agent.

That said, I use agent forwarding for accessing Git repos when provisioning with Puppet. I split the git and puppet commands into separate sections, privileged or not as needed:

Vagrant.configure(2) do |config|
  config.vm.box = "centos/7"

  config.ssh.forward_agent = true

  config.vm.provision "shell", inline: <<-SHELL
      yum -y update
      yum install -y git

      rpm -Uvh https://yum.puppet.com/puppet6-release-el-7.noarch.rpm
      yum install -y puppet-agent
  SHELL

  config.vm.provision "shell", inline: <<-SHELL, privileged: false
      mkdir -p ~/.ssh
      chmod 700 ~/.ssh
      # You may get failure to autenticate error messages without this.
      ssh-keyscan -H github.com >> ~/.ssh/known_hosts

      git clone git@github.com:group/control.git /vagrant/control
      cd /vagrant/control
      git checkout branch
  SHELL

  config.vm.provision "shell", inline: <<-SHELL
      cd /vagrant/control
      /opt/puppetlabs/bin/puppet apply manifest/site.pp
  SHELL
end