ubuntu1404-desktop does not work with SSH agent forwarding on OS X

[goloroden]

I'm using the ubuntu1404-desktop base image to create a VM with VMware Fusion on OS X. Basically, everything works, except SSH agent forwarding.

I've set it up correctly on the host, and I have added my key using:

$ ssh-add ~/.ssh/id_rsa

Additionally, my key shows up when I run:

$ ssh-add -l

With another box (based on chef/ubuntu-14.04) it works, so apparently there is an issue with the base box. The actual effect is that if I run

$ ssh -T git@github.com

it tells me that the permission was denied due to the public key.

My Vagrantfile is pretty straight-forward and looks like this:

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box = "box-cutter/ubuntu1404-desktop"
  config.vm.hostname = "foobar"

  config.ssh.forward_agent = true

  config.vm.provider :vmware_workstation do |vmware|
    vmware.gui = true
    vmware.vmx["memsize"] = "2048"
    vmware.vmx["numvcpus"] = "2"
  end

  config.vm.provider :virtualbox do |vb|
    vb.gui = true
    vb.customize ["modifyvm", :id, "--memory", "2048", "--cpus", "2"]
    vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
    vb.customize ["modifyvm", :id, "--vram", "32"]
    vb.name = "foobar"
  end
end

That's it. Any idea what might cause the problem?

[StefanScherer]

It seems this is only an issue within the desktop. If I vagrant ssh into the machine, then the agent works:

$ vagrant ssh 
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-24-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

40 packages can be updated.
21 updates are security updates.

Last login: Sun Jun  8 13:04:16 2014 from 172.16.130.1
vagrant@foobar:~$ ssh -T git@github.com
The authenticity of host 'github.com (192.30.252.128)' can't be established.
RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,192.30.252.128' (RSA) to the list of known hosts.
Hi StefanScherer! You've successfully authenticated, but GitHub does not provide shell access.

But in a Terminal in the Ubuntu desktop, I get an error:

vagrant@foobar:~$ ssh -T git@github.com
Warning: Permanently added the RSA host key for IP address '192.30.252.129' to the list of known hosts.
Permission denied (publickey).

The desktop itself starts an ssh-agent, perhaps this should do the agent forwarding as well.

The SSH environments in the desktop terminal where the problem occurs look like this:

vagrant@foobar:~$ printenv | grep -i ssh
SSH_AGENT_PID=1695
SSH_AGENT_LAUNCHER=upstart
SSH_AUTH_SOCK=/run/user/1000/keyring-wJR4DQ/ssh

and in the working SSH session from the host to the guest look like:

vagrant@foobar:~$ printenv | grep -i ssh
SSH_CLIENT=192.168.254.1 61354 22
SSH_TTY=/dev/pts/4
SSH_AUTH_SOCK=/tmp/ssh-JaGBbj9y4Z/agent.4016
SSH_CONNECTION=192.168.254.1 61354 192.168.254.134 22

And on the host the ssh process is started from the vagrant ssh command with that options

ssh vagrant@192.168.254.134 -p 22 -o Compression=yes -o DSAAuthentication=yes -o LogLevel=FATAL -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -i /Users/stefan/.vagrant.d/insecure_private_key -o ForwardAgent=yes

So I think this Vagrant option only works with vagrant ssh and not inside the desktop of any VM.

[StefanScherer]

If I understand the following diagram right perhaps you have to vagrant ssh into your desktop VM and then expose the SSH_AUTH_SOCK environment to your desktop login. So until the vagrant ssh session is open, the desktop terminals could use the socket:

vagrant@foobar:~$ SSH_AUTH_SOCK=/tmp/ssh-JaGBbj9y4Z/agent.4016
vagrant@foobar:~$ ssh -T git@github.com
Hi StefanScherer! You've successfully authenticated, but GitHub does not provide shell access.

But it seems difficult to setup this automatically after a vagrant up every day. Any better solutions? But it seems this is not really a base box problem.