SSH is a protocol allowing secure remote login to a computer on a network using public-key cryptography. If you are a developer on Unix-like operating systems, I'm sure you are very familiar with it. Normally, SSH client programs run for the duration of the remote login session and are configured to look for the user's private key in user's home directory
However, there will be more and more login information need to remember. We can't just use the default key passphrase to log in. Therefore, a configuration form will be including here.
On the Mac OSX system, when you want to have multiple configurations for different login, you need to create
~/.ssh/config, inside this config file we can list all login information. Let's see one sample.
Host 31mins.com Hostname .....compute.amazonaws.com User ec2-user Port 42000 IdentityFile ~/.ssh/aws_31mins_key.pem ForwardAgent yes
This configuration is described the Host for
31mins.com, with Hostname (Here the hostname can also be IP address).
IdentifyFile is for your SSH private key, and of course, the public key stored at the server side. This key file came from AWS, if you own some private Linux machine you can use
$ssh-keygen -t RSA to generate a key pair, it will be located at
id_rsa.pub. One more step,
$chmod 400 ~/.ssh/aws_31mins_key.pem. Make sure the private key in the correct mode. Then you can just use
$ssh 31mins.com to login to the remote server.
The sample above has another property named ForwareAgent. From the security point of view, typing the passphrase can be tedious, many users would prefer to enter it just once per local login session. The most secure place to store the unencrypted key is in the program memory. (Also we don't want to type the password every time, it's complicated). Therefore, users run a program called ssh-agent that runs the duration of a local login session, stores unencrypted keys in memory, and communicates with SSH clients using a Unix domain socket.
Let's see how it working. e.g. I have a repository which is using SSH key as login information. And run one Vagrant machine on my EC2 instance. And inside this vagrant machine, also need have the access to this repository. Of course, we can store SSH key to the vagrant machine. ssh-agent will be a good way to do it. On OS X, ssh-agent has been officially integrated since Leopard (Version 10.5). You can use
$ssh-add -K to store passphrases in your keychain. Also you can special the key file name, e.g.
$ssh-add -L can list public key parameters of all identities. Please check
ssh-agent --help for more details.
Then when using login to the server, you can also run
$ssh-add -L to see which key identifies were forward. After that, you can log in your vagrant machine via
vagrant ssh to the forward these ssh key. Then you can use git inside the vagrant machine.
How to set ssh-agent in Vagrant?
Your vagrant machine setting also needs to set Forward to yes. Otherwise, the forward ssh key will only in the EC2 server. You can check by
vagrant ssh-config to see the configuration for your vagrant machine.
Host default HostName 127.0.0.1 User vagrant Port 2200 UserKnownHostsFile /dev/null StrictHostKeyChecking no PasswordAuthentication no IdentityFile <some path>/.vagrant/machines/default/virtualbox/private_key IdentitiesOnly yes LogLevel FATAL ForwardAgent yes
If the ForwareAgent is not set, please open your VagrantFile to add one line
config.ssh.forward_agent = true and reload your vagrant machine.