Intent: To be able to deploy to lan-example.com
from any dev environment; whether it be directly from the virtual OS, or any single-OS system, or even over the internet using ONE SSH key stored in Keepass. I'm currently unable to do so from within Vagrant's OS unless I explicitly generate its own key and authorize it in each of my deployment servers. I believe the way to do what I want is through User Agent Forwarding, yes?
Host OS
- Windows 7 x64
- SSH key generated by puttygen:
C:\Users\Administrator\.ssh\id_rsa.ppk
- Keepass with Keeagent storing my SSH key. Keeagent is set to "Agent" mode
- pageant.exe is installed but is not running
- If I wish to connect to outside/internal LAN servers using my key, Putty defers to Keeagent – Putty does not store the private key locations in its configuration.
C:\Users\Administrator.ssh\config
Host 192.168.55.2
ForwardAgent yes
Vagrantfile
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.network :private_network, ip: '192.168.55.2'
config.ssh.forward_agent = true
# Why would I need to set this if Keeagent is handling things?
config.ssh.private_key_path = '~/.ssh/id_rsa_jake_mitchell.ppk'
end
Guest OS (Vagrant)
- Ubuntu x64
- 192.168.55.2, accessible through host only
- No SSH keys exist in
/home/vagrant/.ssh
(I removed them). The intent is to let User Agent Forwarding through the host OS (Keeagent) take care of using the key
LAN Web Host (intranet websites)
- Let's say its domain is
lan-example.com
- It allows SSH passwordless login only using id_rsa.ppk public key
- 192.168.0.2
- User Agent Forwarding is enabled in sshd
Problem:
What works (using Host OS): Putty, connecting to lan-example.com
without the need to explicitly reference the SSH key.
What doesn't work (using Guest OS): ssh -v web-server@lan-example.com
as it shows that there aren't any keys to use.
I've noticed something about the beta version of Keeagent that allows me to set the SSH_AUTH_SOCK. I've done so, and set up an NFS share that allows the guest OS to read the file; however this doesn't change anything. How does agent forwarding even work in this type of environment? What's different about Windows that causes this to fail?
Best Answer
Sharing socket file through network file system won't work, as Windows socket and Linux socket are entirely different beasts — Linux inside VM would not know how to use Windows sockets. To make sure VM can utilize authentication agent on host, one needs to enable agent forwarding on both ssh client and server, then
ssh
into VM via host (not directly login on VM console).Assuming:
Under
putty
profile setup, tick option "Allow agent forwarding" under Connection → SSH → Auth in order to turn on agent forwarding for client. Alternatively, if Cygwin ssh is used on host, then there are 2 choices:~/.profile
and the like).$SSH_AUTH_SOCK
variable in cygwin to corresponding location.To check if agent forwarding is working or not, ssh into VM and check the variable
$SSH_AUTH_SOCK
. If it's non-empty and pointing to a Linux socket file that exists, then everything is supposed to be fine. If the variable is empty then something is missing.