1

Update: It looks like the network design was completely wrong and the auth flow should be the other way round instead. So this question is moot now.

Current setup: Linux VM (assume common and most updated ones like CentOS 7.1 and Ubuntu 15.04) on Windows 7 host, using Virtualbox.

TL;DR question: Is it possible to have openssh running inside VM to not use local ssh-agent for key auth, but use Peagent on Windows host instead? More complex setup is acceptable.

long question: Originally there are multiple copies of keys on host and VM — Putty format ones on host, and openssh key format on VMs via shared folder, and many of them are not password protected for convenience. But recently I feel the need to consolidate them and add more protection. The keys are for remote administration and checking out source code via version control systems, mainly Git. Here are the requirements:

  1. Windows host can ssh to remote server and can use git through ssh.
  2. Linux VM can ssh to remote server and can use git through ssh.
  3. Keys are stored on host only, not VMs. (Which mean this won't be a ssh agent forwarding setup)

Point 1 (allowing Windows host to use pageant for auth) is relatively trivial; git setup is essentially down to setting correct $GIT_SSH environment variable. Not just Putty, even MinGW openssh can connect to pageant, by storing all keys inside password manager (using KeePass 2.x) and exporting a socket suitable for use as $SSH_AUTH_SOCK using the KeeAgent plugin. See this ServerFault post for another approach.

But so far there's no luck accessing pageant via Linux VM. I have tried the following approach but failed:

  • SSH server is installed on Windows host as an intermediate hop (I'm trying Mobassh but choice shouldn't matter — read on).
  • Then try to execute remote plink.exe from within VM. This is similar to the naïve approach ssh host1 ssh host2 which is OK enough for my purpose.
  • However, plink.exe failed to access any key when run within Windows SSH server. Running plink.exe directly on cmd works. Most of the available SSH server running on Windows are based on Cygwin. Looks quite similar to this putty/cygwin combo bug report.

Note: A possibly similar question here, but I'm not using Vagrant.

Abel Cheung
  • 251
  • 1
  • 9

1 Answers1

1

It seems the original design was complete wrong. It would be much cleaner to turn on sshd server on each virtual machine with

AllowAgentForwarding yes

And then ssh into each VM. This way all VMs would automatically use auth agent from host without need to have any ssh key installed.

Abel Cheung
  • 251
  • 1
  • 9