Vvv: Broken Key Forwarding and GitHub host verification failure

This seems related to SSH Agent forwarding, or a lack of it, @LoreleiAurora perhaps you can advise?

@antoscarface I see your vagrant version is out of date, v1.9.6 is the latest at the time of writing, does updating fix the issue?

Note that you can pass the username and password via the URL with the standard URI format, e.g.

    repo: https://user:[email protected]/...etc

The same is true of bearer tokens, although this isn't so helpful if you're using the SSH version of the repo URL

I upgraded it @tomjn but unfortunately everything is the same.
I know that I can pass the user and password, but I need to pass the repo to other coworkers, as well as being unsafe.

I'm in the same situation.

I think the preferable method would be to explicitly pass ssh key pairs to vvv. But I'm not sure how realistic that is.

@antoscarface I'm assuming that you have your ssh key loaded to your host machine & cloning your repo on the host works normally. If so, what happens when you ssh into the guest machine and try to clone the repo manually?

Windows users: If you stumble across this issue like I did, searching for understanding as to why you can't authenticate during provisioning but you can authenticate just fine when you ssh directly into the machine, I found my explanation here: https://github.com/mitchellh/vagrant/issues/1735

Can you please try adding trusted hosts to the utilities section of your vvv-custom.yml file. i.e.

utilities:
  core:
    - memcached-admin
    - opcache-status
    - phpmyadmin
    - webgrind
    - trusted-hosts

then on the your host machine run ssh-add PATH_TO_YOUR_PRIVATE_KEY
and finally reprovision vagrant provision

Working off a solution @LoreleiAurora suggested in a different thread (which I will eventually edit this comment to reference), adding the following lines to provision/provision-site.sh solved the issue for me:

ssh-keyscan -H bitbucket.org >> ~/.ssh/known_hosts ssh -Ts [email protected]

Add it right before the line: git clone --recursive --branch ${BRANCH} ${REPO} ${VM_DIR}

This works so long as my ssh-key is already added to ssh-agent and (I think) also relies on bitbucket being added to the list of known hosts on the host machine (I might be wrong about that second one but as every provision takes about 30 mins due to a grunt issue, I'll check tomorrow).

I'm sure there's a more elegant way of handling keyscan without explicitly defining the domain. I'm happy to look in to it if you think it's worth the time.

@jerturowetz I have already added the hosts for for the following domains:

• github.com
• bitbucket.com
• gitlab.com

See my last comment for how to test this :)

Thanks @LoreleiAurora :) I had tried your previous suggestion to no avail though. Should I be using the dev branch instead of master?

As long as you are on any version of VVV2 (have a vvv-config.yml/vvv-custom.yml). use the SSH url and have added the key with ssh-add (vagrant seems to ignore ssh config) it should work.

This might be a dumb question, but did you add hosts for bitbucket.org or bitbucket.com ?

Whoops, stupid mistake on my part, I'll fix it when I get home :)
https://github.com/Varying-Vagrant-Vagrants/vvv-utilities/blob/master/trusted-hosts/hosts.txt#L4

I do this all the time, no worries :) I'm relieved it's not related to the disaster of ssh-agent forwarding on Windows systems (related to mitchellh/vagrant#1735 and not VVV for the record).

I went ahead a threw a pull request to save you the headache (I'm relatively new to doing such so please forgive me if I shouldn't have or if I missed a protocol)

My git repository is hosted on a custom server.

Latest VVV2 gives me Host key verification failed when repo key is provided with a specific address on that server (like [email protected]/repo-name).

Most of the recommendations given so far are not very clear for a novice user. I've managed to avoid the problem so far by:

1. adding noroot before git clone... line in provision/provision-site.sh
2. and adding the public SSH key of my computer (the one in ~/.ssh/id_rsa.pub) to /home/vagrant/.ssh/authorized_keys of the Vagrant VM.

Only both of those steps work. Obviously it's not nice to edit a version-controlled VVV file (provision/provision-site.sh), so maybe there's another, less messy way?

Hey, sorry I couldn't check it before, I'm checking only now. Anyway, any suggestion given here doesn't work for me. I need to share the vvv and the custom site repo to other coworkers easily, so I don't want to set clear credentials and I don't want to say to my coworkers to copy public key iniside the vagrant. It would be great if vagrant might get public key from the host machine and this is my original question :)
I tried to add the trusted-hosts in the vvv-utilities, I tried also to run the ssh-add with the private key, but nothing for both.
I don't know what do else.

I'll try to bring the instructions together and clean them up a bit.

I'm not sure if it is possible to define custom trusted-hosts or not, so I have assumed not for now. Does anybody know if that's correct, and if not, how to add them?

Notes

Windows host machines will not work. See mitchellh/vagrant#1735

Your repo must be hosted on one of:

• github.com
• bitbucket.com
• gitlab.com

1. Ensure vvv-config.yml includes a site with an ssh repo and the trusted-hosts core utility:

   # vvv-config.yml
   
   sites:
    your-site:
      repo: [email protected]:example/example.git
   
   utilities:
    core:
      - trusted-hosts
   

2. On the host machine, ensure your ssh-key is configured and added to a running ssh-agent. GitHub instructions

3. (Re)provision vagrant

@antoscarface

It would be great if vagrant might get public key from the host machine and this is my original question :)

This is called key forwarding, and it's supposed to be on by default. Can you clarify if you're using master or develop? And that you're up to date? With Vagrant 2.0? Remember, any change no matter how insignificant to vvv-custom.yml requires a re-provision.

@certainlyakey same goes for you, can you verify which version of VVV? Both develop and master reported 2.0 until recently, and they are very much not the same.

For reference:

• Use SSH not HTTPs for GitHub URLs
• Test with the very latest VVV on the develop branch, it has a lot of fixes that haven't made it to master yet
• Verify you're on the latest version, that includes the branch you're using
• Update Vagrant itself. Halt your VMs, uninstall Vagrant then install the latest version ( 2.0 at time of writing )
• Verify your SSH Agent is running and active. You can't forward SSH keys if there's nothing to forward on to the VM
• Include the relevant terminal output, even when trying new suggested solutions

As a final note, don't fork the default site repo, use or fork the custom site repo

Thanks @tomjn It works now by updating vagrant version to latest one (I had 1.9.6). It works even if I remove the trusted-hostsutility :)
So the solution might be for all: update vagrant version at least to 2.0

I believe trusted hosts got merged in, but I'm going to mark this as closed now it works for you. If anybody has an ideal scenario that still fails though, and they've done all the things mentioned above, feel free to reopen

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.