Skip to content

Instantly share code, notes, and snippets.

@KyleJamesWalker

KyleJamesWalker/VagrantSSHAngentForwardingWithAnsible.md

Last active December 10, 2019 01:37
Show Gist options
  • Star 8 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save KyleJamesWalker/9538912 to your computer and use it in GitHub Desktop.
Save KyleJamesWalker/9538912 to your computer and use it in GitHub Desktop.
Download ZIP
Vagrant SSH Agent Forwarding Working 1.4.3
Raw
VagrantSSHAngentForwardingWithAnsible.md

This was working on Vagrant 1.4.3 (Mac).

#HOST#

File: ~/.ssh/config

Host vagrant.*
ForwardAgent yes

File: Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|

  config.vm.hostname = "example"
  config.vm.box = "precise64"
  config.vm.box_url = "http://files.vagrantup.com/precise64.box"

  # If nfs isn't working: http://docs.vagrantup.com/v2/synced-folders/nfs.html
  config.vm.synced_folder ".", "/home/vagrant/example", type: "nfs"

  config.vm.network :private_network, ip: "192.168.123.10"

  config.vm.provision :shell, :path => "deployment/ssh_auth.sh"
  config.ssh.forward_agent = true

  config.vm.provider "virtualbox" do |vb|
    vb.name = "example"
    vb.memory = 1024
    vb.customize ["modifyvm", :id, "--cpus", "2"]
    vb.customize ["modifyvm", :id, "--ioapic", "on"]
  end

  config.vm.provision :ansible do |ansible|
    ansible.playbook = "deployment/provisioning/playbook.yml"
    ansible.inventory_path = "deployment/provisioning/hosts-vagrant"
    ansible.verbose = false
  end
end

File: ansible.cfg

[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes

File: deployment/ssh_auth.sh

#!/bin/bash
echo "Setting up agent forwarding..."
mkdir -p /root/.ssh
chmod 0700 /root/.ssh
printf "Host \n    StrictHostKeyChecking no\n" > /root/.ssh/config
chmod 0600 /root/.ssh/config
ppid=$PPID
found_auth_sock=""
while [[ $SSH_AUTH_SOCK == "" && $ppid != "1" ]]; do
    f=`ls /tmp/ssh*/agent.$ppid 2>/dev/null`
    if [[ -z "$f" ]]; then
        ppid=`cat /proc/$ppid/status | grep PPid | awk '{print $2}'`
    else
        export SSH_AUTH_SOCK="$f"
        echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK"
    fi
done
if [[ -z "$SSH_AUTH_SOCK" ]]; then
    echo "Could not find running ssh agent.\n" 1>&2
    exit 1
fi
echo "Updating root_ssh_agents"
agent_file="/etc/sudoers.d/root_ssh_agent"
agent_contents="Defaults    env_keep += \"SSH_AUTH_SOCK\""
touch $agent_file && chmod 0440 $agent_file && echo $agent_contents > $agent_file
echo "Testing git connection"
ssh -T git@github.com

echo "Updating ssh config for vagrant user"
sudo su vagrant -c "mkdir -p /home/vagrant/.ssh"
sudo su vagrant -c "printf \"Host github.com\n    StrictHostKeyChecking no\n\" > /home/vagrant/.ssh/config"
sudo su vagrant -c "sudo chmod 0700 /home/vagrant/.ssh"
sudo su vagrant -c "sudo chmod 0600 /home/vagrant/.ssh/config"

exit 0

#Guest#

ssh -T git@github.com

Hi KyleJamesWalker! You've successfully authenticated, but GitHub does not provide shell access.

This no longer seems to be working on 1.5.

@KyleJamesWalker
Copy link
Author

With 1.4.3 I did not have to run ssh-add but not on 1.5 I do so I added the following line to my provisioning script to make sure the keys are passed in.

    - name: Make sure ssk keys are passed to guest.
      local_action: command ssh-add

@KyleJamesWalker
Copy link
Author

I also had to change my hosts-vagrant file from:

[vagrant]
192.168.123.10

[local]
127.0.0.1

to:

[vagrant]
default         ansible_ssh_host=192.168.123.10

[local]
127.0.0.1       ansible_connection=local

but my local ansible section is still being passed over.

local_action works though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment