Vagrant: Does Vagrant still support Pageant?

Created on 8 Sep 2018 · 5Comments · Source: hashicorp/vagrant

Vagrant version

Vagrant 2.1.4

Host operating system

Windows 10 Home x64

Guest operating system

Ubuntu 12.04 LTS

Vagrantfile

Vagrant.configure("2") do |config|
  config.vm.box = "hashicorp/precise64"
  config.ssh.forward_agent = true
end

Expected behavior

The keys loaded to Pageant should be used in the guest OS.

Actual behavior

vagrant@precise64:~$ ssh -T [email protected]
The authenticity of host 'github.com (192.30.253.113)' can't be established.
RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,192.30.253.113' (RSA) to the list of known hosts.
Permission denied (publickey).

Steps to reproduce

Run Windows
Ensure Pageant is running with your key loaded
Setup a simple VM with Vagrant, specify config.ssh.forward_agent = true
Run this machine and try to use your key there

References

There are many issues that mention that Pageant works for agent forwarding. For example:

#8615
#8415
#8367
etc

It does not work for me however. Am I missing something? Or did it break?

communicatossh documentation hoswindows

Source

thorn0

Most helpful comment

@chrisroberts As much as I appreciate someone of the maintainer team actually showing up in an issue, I hope you are not suggesting this to be the "issue solving thing".

Installing additional tools to solve this problem is merely a workaround, but not a solution.

It would be great if you could try to resolve this issue in the underlying library, that is net-ssh, which should fall back to openssh agent if there is no pageant.
Or on the other hand vagrant ssh using net-ssh, too, which would resolve this issue once and for all, because then pageant would always be used.

Either one way or the other, we need a solution. It is good to have some kind of workaround for the time being, but I would love to see this turned into an issue that gets fixed soon. It has been like this since forever and makes working with vagrant very unreliable in that specific area.

func0der on 28 Sep 2018

👍2

All 5 comments

We are opening dozens of tickets to get this removed and just use the openssh ssh agent and there you come breaking it all ^^

Explanation:
Vagrant ssh and the provisionig process of Vagrant use different ssh libraries, why so ever.
vagrant ssh seems to use the ssh binary if it finds one. I do not know what happens if it does not.
So if you are running for example git bash, it would use the openssh ssh binary.

vagrant provision and the sorts use net-ssh which does not properly support openssh agents and uses only pageant.

So this is a big problem for now. If you can, use the openssh agent and a properly formatted key for now to connect to your machine via vagrant ssh and have agent forwarding enabled. You still have to use pageant for vagrant up/provision etc. for now.

Since you are on Windows 10, try the WSL and install an Ubuntu. You can use it to control your vagrant and should be 100% on the openssh implementation, since all of the above works uniform under a Linux host.

func0der on 20 Sep 2018

Thanks a lot for clarifying this confusion @func0der. Indeed, during the provisioning phase, Pageant works. Just checked it. From all those issues, I couldn't understand that it works _only_ during that phase. Would've been great if these known problems were somehow reflected in the docs.

FWIW, I'd prefer to simply use Pageant for everything since I'm already using it.

thorn0 on 20 Sep 2018

@thorn0 Hi. After investigating this for a bit I was able to reproduce the same behavior you were experiencing. I started with a very simple Vagrantfile that would list the keys available with a provisioner:

10195-1

Then I started pageant and added a custom key:

10195-2

Once I had that set, I first ran vagrant provision, when displayed the expected key in pageant. After I ran vagrant ssh -c "ssh-add -l" which resulted in an error within the guest attempting to connect to the agent (verifying that the forward had not succeeded):

10195-3

The reason for this is that the net-ssh library creates a pseudo socket to connect to pageant. Since the vagrant ssh command is executing the openssh binary, it needs a socket to connect to for the forwarding. To provide this I installed ssh-pageant (https://github.com/cuviper/ssh-pageant) via msys2. I then started it, and set the environment variable for the location of the socket:

10195-4

And that makes everything work as expected.

I'll be adding a short section to the documentation describing what I have here with using ssh-pageant.

chrisroberts on 22 Sep 2018

❤1

@chrisroberts As much as I appreciate someone of the maintainer team actually showing up in an issue, I hope you are not suggesting this to be the "issue solving thing".

Installing additional tools to solve this problem is merely a workaround, but not a solution.

func0der on 28 Sep 2018

👍2

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.