如何使用 ssh 代理转发“流浪 ssh”？

小开

Add it to the Vagrantfile

Vagrant::Config.run do |config|
# stuff
config.ssh.forward_agent = true
end

See the docs

小开

When we recently tried out the vagrant-aws plugin with Vagrant 1.1.5, we ran into an issue with SSH agent forwarding. It turned out that Vagrant was forcing IdentitiesOnly=yes without an option to change it to no. This forced Vagrant to only look at the private key we listed in the Vagrantfile for the AWS provider.

I wrote up our experiences in a blog post. It may turn into a pull request at some point.

小开

I'm using vagrant 2 on OS X Mountain Lion.

Vagrant.configure("2") do |config|
config.ssh.private_key_path = "~/.ssh/id_rsa"
config.ssh.forward_agent = true
end

config.ssh.private_key_path is your local private key
Your private key must be available to the local ssh-agent. You can check with ssh-add -L, if it's not listed add it with ssh-add ~/.ssh/id_rsa
Don't forget to add you public key to ~/.ssh/authorized_keys on the Vagrant VM. You can do it copy-and-pasting or using a tool like ssh-copy-id

小开

In addition to adding "config.ssh.forward_agent = true" to the vagrant file make sure the host computer is set up for agent forwarding. Github provides a good guide for this. (Check out the troubleshooting section).

小开

I had this working with the above replies on 1.4.3, but stopped working on 1.5. I now have to run ssh-add to work fully with 1.5.

For now I add the following line to my ansible provisioning script. - name: Make sure ssk keys are passed to guest. local_action: command ssh-add

I've also created a gist of my setup: https://gist.github.com/KyleJamesWalker/9538912

小开

If you are on Windows, SSH Forwarding in Vagrant does not work properly by default (because of a bug in net-ssh). See this particular Vagrant bug report: https://github.com/mitchellh/vagrant/issues/1735

However, there is a workaround! Simply auto-copy your local SSH key to the Vagrant VM via a simple provisioning script in your VagrantFile. Here's an example: https://github.com/mitchellh/vagrant/issues/1735#issuecomment-25640783

小开

The real problem is Vagrant using 127.0.0.1:2222 as default port-forward. You can add one (not 2222, 2222 is already occupied by default)

config.vm.network "forwarded_port", guest: 22, host:2333, host_ip: "0.0.0.0"

"0.0.0.0" is way take request from external connection. then ssh -p 2333 vagrant@192.168.2.101 (change to your own host ip address, dud) will working just fine. Do thank me, Just call me Leifeng!

小开

Make sure that the VM does not launch its own SSH agent. I had this line in my ~/.profile

eval `ssh-agent`

After removing it, SSH agent forwarding worked.

小开

On Windows, the problem is that Vagrant doesn't know how to communicate with git-bash's ssh-agent. It does, however, know how to use PuTTY's Pageant. So, as long as Pageant is running and has loaded your SSH key, and as long as you've set config.ssh.forward_agent, this should work.

See this comment for details.

If you use Pageant, then the workaround of updating the Vagrantfile to copy SSH keys on Windows is no longer necessary.