SSH agent forwarding from Windows to Linux VMs

Question

. 。 Answers to this question are eligible for a +100 reputation bounty. Alex Korobchevsky wants to to this question. 。

I am trying to reuse the Github SSH key from Windows 10 laptop to vagrant VMs (that is where I run Ansible and connect to numerous EC2). I don't want to setup additional keys for every VM in GitHub since its a throwaway environment.

So...

On Github:

Pasted private key from my Windows laptop

On Windows 10:

• Connection to Github is established

• SSH agent is up

• Agent forwarding is enabled:

On Ubuntu 22.04 - managed by VirtualBox/Vagrant

1. Key added to authorized_keys

2. No connection to Github:

    vagrant@ubuntu-jammy:~/.ssh$ ssh -T git@github.com -v OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: Connecting to github.com [140.82.114.4] port 22. debug1: Connection established. debug1: identity file /home/vagrant/.ssh/id_rsa type -1 debug1: identity file /home/vagrant/.ssh/id_rsa-cert type -1 debug1: identity file /home/vagrant/.ssh/id_ecdsa type -1 debug1: identity file /home/vagrant/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/vagrant/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/vagrant/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/vagrant/.ssh/id_ed25519 type -1 debug1: identity file /home/vagrant/.ssh/id_ed25519-cert type -1 debug1: identity file /home/vagrant/.ssh/id_ed25519_sk type -1 debug1: identity file /home/vagrant/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/vagrant/.ssh/id_xmss type -1 debug1: identity file /home/vagrant/.ssh/id_xmss-cert type -1 debug1: identity file /home/vagrant/.ssh/id_dsa type -1 debug1: identity file /home/vagrant/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3 debug1: Remote protocol version 2.0, remote software version babeld-b9c2a189 debug1: compat_banner: no match: babeld-b9c2a189 debug1: Authenticating to github.com:22 as 'git' debug1: load_hostkeys: fopen /home/vagrant/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: SSH2_MSG_KEX_ECDH_REPLY received debug1: Server host key: ssh-ed25519 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU debug1: load_hostkeys: fopen /home/vagrant/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: Host 'github.com' is known and matches the ED25519 host key. debug1: Found key in /home/vagrant/.ssh/known_hosts:1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 134217728 blocks channel 1: chan_shutdown_read: shutdown() failed for fd 7 [i0 o0]: Not a socket debug1: get_agent_identities: ssh_fetch_identitylist: communication with agent failed debug1: Will attempt key: /home/vagrant/.ssh/id_rsa debug1: Will attempt key: /home/vagrant/.ssh/id_ecdsa debug1: Will attempt key: /home/vagrant/.ssh/id_ecdsa_sk debug1: Will attempt key: /home/vagrant/.ssh/id_ed25519 debug1: Will attempt key: /home/vagrant/.ssh/id_ed25519_sk debug1: Will attempt key: /home/vagrant/.ssh/id_xmss debug1: Will attempt key: /home/vagrant/.ssh/id_dsa debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/vagrant/.ssh/id_rsa debug1: Trying private key: /home/vagrant/.ssh/id_ecdsa debug1: Trying private key: /home/vagrant/.ssh/id_ecdsa_sk debug1: Trying private key: /home/vagrant/.ssh/id_ed25519 debug1: Trying private key: /home/vagrant/.ssh/id_ed25519_sk debug1: Trying private key: /home/vagrant/.ssh/id_xmss debug1: Trying private key: /home/vagrant/.ssh/id_dsa debug1: No more authentication methods to try. git@github.com: Permission denied (publickey).

What am I missing?

Answer 1

Since the connection does work, what you have pasted on your GitHub SSH setting page is your public key, not your private one.

And the SSH agent is only needed if you have created the private key as encrypted .

On Ubuntu 22.04 - managed by VirtualBox/Vagrant Key added to authorized_keys

That is only needed if you want to connect to the "VirtualBox/Vagrant".
Not when you want to connect from it.
From it, you only need in your Ubuntu ~/.ssh the same public and private files than on your PC.

I would try the same setup with a passphrase-less private key, in order to check if the SSH agent is the issue (or if it does not work because of other factors, like network, firewall, ...).