Using SSH agent forwarding with Vagrant

Sometimes you’ll want to use your local SSH keys on your Vagrant boxes, so that you don’t have to manage password-less keys for each box. This can be done with SSH agent forwarding, which is explained in great detail on Unixwiz.net.

Setting this up is fairly straightforward. On the host machine, you need to add the following to ~/.ssh/config (which you should create if it doesn’t exist):

host your.domain.com
    ForwardAgent yes

You need to replace your.domain.com with either the domain or the IP address of your Vagrant box. You can wildcard this with host *, but this is a really bad idea because it lets every server you SSH to access your keys.

Once you’ve done that, just run ssh-add to ensure you ensure your identities are added to the SSH agent.

Now, add the following to the config block in your Vagrantfile:

config.ssh.forward_agent = true

That’s all it takes. You can make sure it worked by comparing the output of ssh-add -L on both the host machine and the guest box.

Did you find this post useful?

3 thoughts on “Using SSH agent forwarding with Vagrant

  1. Thanks!! Very helpful :) To make the ssh works with sudo I also had to edit the roo_ssh_agent http://razius.com/articles/vagrant-and-ssh-agent-forwarding/

  2. You actually only the change in the Vagrantfile, not your ssh config file

    You can see this by running vagrant ssh-config – it should have a forwardagent yes line in it

  3. Wow… this is so nice… works like a charm :) Thanks!

Leave a Reply