Using SSH agent forwarding with Vagrant

Sometimes you’ll want to use your local SSH keys on your Vagrant boxes, so that you don’t have to manage password-less keys for each box. This can be done with SSH agent forwarding, which is explained in great detail on

Setting this up is fairly straightforward. On the host machine, you need to add the following to ~/.ssh/config (which you should create if it doesn’t exist):

    ForwardAgent yes

You need to replace with either the domain or the IP address of your Vagrant box. You can wildcard this with host *, but this is a really bad idea because it lets every server you SSH to access your keys.

Once you’ve done that, just run ssh-add to ensure you ensure your identities are added to the SSH agent.

Now, add the following to the config block in your Vagrantfile:

config.ssh.forward_agent = true

That’s all it takes. You can make sure it worked by comparing the output of ssh-add -L on both the host machine and the guest box.

Did you find this post useful?

  • Max Nunes

    Thanks!! Very helpful :) To make the ssh works with sudo I also had to edit the roo_ssh_agent

  • Tim Mower

    You actually only the change in the Vagrantfile, not your ssh config file

    You can see this by running vagrant ssh-config – it should have a forwardagent yes line in it

  • Helder Correia

    Wow… this is so nice… works like a charm :) Thanks!