LXC exec bash ssh-agent forwarding

Question

I have an Ubuntu server. I have configure ssh-agent forwarding to it. The server runs a few lxc containers.

When I "lxc exec container bash", the ssh-agent isn't forwarded to the lxc bash.

How can I forward ssh-agent to lxc containers bash ?

Answer 1

This isn't really possible with lxc exec. This command is completely different mechanism of accessing the container than SSH. lxc exec communicates with LXD daemon over REST API, the daemon spawns requested process inside the container and forwards process' stdout to lxc. So no SSH connection is happening behind the scenes.

Therefore, if you would like to use ssh-agent-based workflow, you simply need to set up SSH inside the container.

Depends what distros you are running in the containers, openssh might be already installed and even enabled; that's the case for Ubuntu. If, not install it and follow these steps:

1. Copy your key (tip: with ssh-agent forwarding, you can use ssh-add -L to quickly print your identities)
2. Access container old method: lxc exec <container> bash
3. Use vi/vim or nano to edit ~/.ssh/authorized_keys. Paste your key and save the file.
4. Logout.

From now on, you can use ssh -A <CONTAINER_IP> and expect it to work. CONTAINER_IP is something you can find by running lxc list, for example.

Optionally, you can add your container to /etc/hosts to avoid typing IP address each time. Another tip: check sshd_config on the container to make sure your SSH key is the only way to login.