» SSH Settings

Config namespace: config.ssh

The settings within config.ssh relate to configuring how Vagrantwill access your machine over SSH. As with most Vagrant settings, thedefaults are typically fine, but you can fine tune whatever you would like.

» Available Settings

  • config.ssh.compression (boolean) - If false, this setting will not include thecompression setting when ssh'ing into a machine. If this is not set, it willdefault to true and Compression=yes will be enabled with ssh.

  • config.ssh.config (string) - Path to a custom ssh_config file to use for configuringthe SSH connections.

  • config.ssh.dsa_authentication (boolean) - If false, this setting will not includeDSAAuthentication when ssh'ing into a machine. If this is not set, it willdefault to true and DSAAuthentication=yes will be used with ssh.

  • config.ssh.export_command_template (string) - The template used to generateexported environment variables in the active session. This can be usefulwhen using a Bourne incompatible shell like C shell. The template supportstwo variables which are replaced with the desired environment variable key andenvironment variable value: %ENV_KEY% and %ENV_VALUE%. The default templateis:

  1. config.ssh.export_command_template = 'export %ENV_KEY%="%ENV_VALUE%"'

  • config.ssh.extra_args (array of strings) - This settings value is passed directlyinto the ssh executable. This allows you to pass any arbitrary commands to do things suchas reverse tunneling down into the ssh program. These options can either besingle flags set as strings such as "-6" for IPV6 or an array of argumentssuch as ["-L", "8008:localhost:80"] for enabling a tunnel from host port 8008to port 80 on guest.

  • config.ssh.forward_agent (boolean) - If true, agent forwarding over SSHconnections is enabled. Defaults to false.

  • config.ssh.forward_env (array of strings) - An array of host environment variables toforward to the guest. If you are familiar with OpenSSH, this corresponds to the SendEnvparameter.

  1. config.ssh.forward_env = ["CUSTOM_VAR"]

  • config.ssh.forward_x11 (boolean) - If true, X11 forwarding over SSH connectionsis enabled. Defaults to false.

  • config.ssh.guest_port (integer) - The port on the guest that SSH is running on. Thisis used by some providers to detect forwarded ports for SSH. For example, ifthis is set to 22 (the default), and Vagrant detects a forwarded port toport 22 on the guest from port 4567 on the host, Vagrant will attemptto use port 4567 to talk to the guest if there is no other option.

  • config.ssh.host (string) - The hostname or IP to SSH into. By default this isempty, because the provider usually figures this out for you.

  • config.ssh.insert_key (boolean) - If true, Vagrant will automatically inserta keypair to use for SSH, replacing Vagrant's default insecure key inside the machineif detected. By default, this is true.

This only has an effect if you do not alreadyuse private keys for authentication or if you are relying on the default insecure key.If you do not have to care about security in your project and want tokeep using the default insecure key, set this to false.

  • config.ssh.keep_alive (boolean) - If true, this setting SSH will send keep-alive packetsevery 5 seconds by default to keep connections alive.

  • config.ssh.keys_only (boolean) - Only use Vagrant-provided SSH private keys (do not useany keys stored in ssh-agent). The default value is true.

  • config.ssh.paranoid (boolean) - Perform strict host-key verification. The default value isfalse.

Deprecation: The config.ssh.paranoid option is deprecated and will be removedin a future release. Please use the config.ssh.verify_host_key option instead.

  • config.ssh.password (string) - This sets a password that Vagrant will use toauthenticate the SSH user. Note that Vagrant recommends you use key-basedauthentication rather than a password (see private_key_path) below. Ifyou use a password, Vagrant will automatically insert a keypair ifinsert_key is true.

  • config.ssh.port (integer) - The port to SSH into. By default this is port 22.

  • config.ssh.private_key_path (string, array of strings) - The path to the privatekey to use to SSH into the guest machine. By default this is the insecure private keythat ships with Vagrant, since that is what public boxes use. If you makeyour own custom box with a custom SSH key, this should point to thatprivate key. You can also specify multiple private keys by setting this to be an array.This is useful, for example, if you use the default private key to bootstrapthe machine, but replace it with perhaps a more secure key later.

  • config.ssh.proxy_command (string) - A command-line command to execute that receivesthe data to send to SSH on stdin. This can be used to proxy the SSH connection.%h in the command is replaced with the host and %p is replaced withthe port.

  • config.ssh.pty (boolean) - If true, pty will be used for provisioning. Defaults to false.

This setting is an advanced feature that should not be enabled unlessabsolutely necessary. It breaks some other features of Vagrant, and isreally only exposed for cases where it is absolutely necessary. If you can finda way to not use a pty, that is recommended instead.

When pty is enabled, it is important to note that command output will not bestreamed to the UI. Instead, the output will be delivered in full to the UIonce the command has completed.

  • config.ssh.remote_user (string) - The "remote user" value used to replace the %rcharacter(s) used within a configured ProxyCommand. This value is only used by thenet-ssh library (ignored by the ssh executable) and should not be used in general.This defaults to the value of config.ssh.username.

  • config.ssh.shell (string) - The shell to use when executing SSH commands fromVagrant. By default this is bash -l. Note that this has no effect onthe shell you get when you run vagrant ssh. This configuration optiononly affects the shell to use when executing commands internally in Vagrant.

  • config.ssh.sudo_command (string) - The command to use when executing a commandwith sudo. This defaults to sudo -E -H %c. The %c will be replaced bythe command that is being executed.

  • config.ssh.username (string) - This sets the username that Vagrant will SSHas by default. Providers are free to override this if they detect a moreappropriate user. By default this is "vagrant", since that is what mostpublic boxes are made as.

  • config.ssh.verify_host_key (string, symbol) - Perform strict host-key verification. Thedefault value is :never.