SSH-Agent Forwarding in tart exec for Bitbucket Auth (Jenkins CI)

[DominikMoreira]

Previously, I used SSH connections from Jenkins to my Tart VM and could seamlessly forward the SSH agent (ssh -A) to authenticate against GitHub and Bitbucket (e.g., for git clone/pull). After switching to tart exec, this is no longer possible since tart exec communicates directly via the guest agent.

Question: Is there a (recommended) way to authenticate from inside the VM (via tart exec) to services like GitHub?

Reproduction Steps

1. Start a Tart VM with guest agent
2. Commandline:

   tart exec myvm zsh -c 'git clone git@github.com:owner/repo.git'
   

3. Expected: Clone succeeds using host SSH agent keys.
4. Observed: Permission denied (publickey) – no access to host SSH agent.

Working Example (old SSH approach):

ssh -A user@$(tart ip myvm) 'git clone git@github.com:owner/repo.git'

Agent forwarded, keys available inside VM.

I tried to add a SSH-Agent ((eval "$(ssh-agent -s)"; ssh-add ~/.ssh/id_rsa) inside the VM, but it seems not to be recognised from outside the VM. SSH forwarding was perfect in that regards – the current tart exec is great but I guess it lacks this bridge currently.

Feedback/suggestions welcome!

[DominikMoreira]

For documentation:

I copy the content of the SSH private key file directly into the VM's .ssh/ directory. The file is placed at the standard location ~/.ssh/. When authenticating to services, SSH automatically finds this file in the expected path and uses it successfully. No ssh-agent setup or forwarding is required.