Closed johnkraczek closed 1 year ago
Thanks for the detailed issue.
I can't think how this would be a trellis-cli issue though since it's just running limactl shell
.
The only thing we could (maybe should?) do is set forwardAgent: true
by default. But you said that didn't work for you?
Thanks for the comment on this.
I updated that one line in the lima config file.
pkg/lima/files/config.yml
And added the
ssh:
forwardAgent: true
Then I recompiled trellis-cli and that fixed my issue. I can now forward the ssh-agent and authenticate to ssh services with my host key.
Would you consider either adding that as a default for the trellis-cli?
I made a pull request for this: https://github.com/roots/trellis-cli/pull/403
How difficult would it be to add a configuration option, or command line flag to enable or disable forwarding the agent? I know for myself I will use it 100% of the time, but I'd like to know how often other people require authenticating to ssh services inside their environments.
Version
Trellis v1.21.0 Bedrock v1.22.2
What did you expect to happen?
After running:
trellis new example.com
cd example.com/trellis
trellis vm start
Trellis provisions the lima VM
I run
trellis vm shell
which puts me into the VM.echo "$SSH_AUTH_SOCK"
should return the host agent so that I can authenticate to ssh services.What actually happens?
After doing the above, to work around this I can modify the ssh config and things work like they should.
limactl show-ssh -f config example.com > ~/.ssh/config
that will put this into my config file:
I can edit the file and: remove
ControlMaster
,ControlPath
, andControlPersist
addForwardAgent yes
Also I make sure that my key is available to the agent:
ssh-add --apple-use-keychain ~/.ssh/[MY KEY]
now if I
ssh lima-example.com
It enters the shell and if I runecho "$SSH_AUTH_SOCK"
I am returned with/tmp/ssh-XXXXRB6A0u/agent.24603
Additionally if I attempt to ssh to bitbucket or github:
As I would expect.
I'm not sure if this is exactly an issue with trellis or an issue with lima-vm. I found this issue over there: SSH ForwardAgent does not work correctly But it's not clear about how he fixes the issue. He indicated that he removed the ssh.sock file and that things started to work. I did the same for ~/.lima/example.com/ssh.sock but no dice. but with that info I figured I would try using the edited config file as I can't seem to figure out where the lima config file is being generated/populated from.
Looking through the default Lima config: default.yaml doesn't have a yaml key for using or not using the control master.
I'm not sure If I have not configured things correctly or what, but I have additional composer repositories that I reference private packages and to access those it requires the ssh key from my host.
Steps to reproduce
trellis new example.com
cd example.com/trellis
trellis vm start
trellis vm shell
echo "$SSH_AUTH_SOCK"
should return the host agent so that I can authenticate to ssh services.
System info
Apple Macbook Pro: M1-Pro MacOS Ventura 13.4.1
Log output
Please confirm this isn't a support request.
Yes