Ask Your Question
0

Problem with adding a SSH key

asked 2014-10-31 12:03:17 -0500

wubbrubb gravatar image

updated 2014-10-31 14:19:08 -0500

Hi,

I need to add a private SSH key to my ssh-agent but I reached a point where I've tried almost anything and I keep failing.

I found out that I need to start the ssh-agent first and then I can add my private key. The problem is that I need to add it to a specific user. This is what I have

exec {
'add-ssh-key':
  cwd => '/home/ssh_user/.ssh',
  command => "bash -c 'eval $(ssh-agent -s) ssh-add rsa_key'",
  path => '/usr/bin:/usr/sbin:/bin:/sbin',
  user => 'ssh_user',
  provider => 'shell'
}-

According to the Vagrant provision the key is added

==> xxx: notice: /Stage[main]/Git/Exec[add-ssh-key]/returns: Agent pid 4701
==> xxx: notice: /Stage[main]/Git/Exec[add-ssh-key]/returns: Identity added: rsa_key (rsa_key)
==> xxx: notice: /Stage[main]/Git/Exec[add-ssh-key]/returns: executed successfully

But when I run ssh-add -l on the VM as the ssh_user account (or any other account) it returns "The agent has no identities", when I add it manually through the shell it works just fine.

I'm not sure where the problem could be because my Linux knowledge is rather limited. Can someone help out?

Thanks!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2014-10-31 15:13:45 -0500

cbarbour gravatar image

The best approach to solving this problem is to use ssh-agent-forwarding. With this approach, you don't need to add your SSH keys to your vagrant box; you simply proxy them through your SSH connection. This approach is way more secure and a lot easier than trying to push SSH keys to vagrant boxes.

With that said, when you login to the remote machine, you probably aren't connecting to the same instance of the ssh-agent that the key was added to. When the SSH-Agent runs, it opens up a random socket, and identifies that socket using an environment variable. If that socket isn't configured exactly the same in your current login shell, you won't be connecting to the same agent.

Be aware that there are a lot of security risks inherent in distributing SSH keys this way. There are also some risks in setting up ssh-key forwarding.

edit flag offensive delete link more

Comments

The problem is that the VM I am working on is supposed to be a working OS on it own (running puppet agent), outside of Vagrant and Virtualbox. That's why I need to find a solution, which automates the complete process.

wubbrubb gravatar imagewubbrubb ( 2014-11-07 03:12:54 -0500 )edit

In this case, would it be better to simply copy the key to disk and configure it as your default identify file for the target hosts? That approach side-steps the entire agent process.

cbarbour gravatar imagecbarbour ( 2014-11-10 18:18:32 -0500 )edit

Alternatively, could you have puppet generate a static socket for ssh-agent using the -b argument and set the SSH_AUTH_SOCK environment variable to point at that socket manually when invoking the ssh command?

cbarbour gravatar imagecbarbour ( 2014-11-10 18:20:31 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-10-31 12:03:17 -0500

Seen: 555 times

Last updated: Oct 31 '14