Introduction
Maybe your project isn’t worth the hassle of setting up a full CI/CD pipeline, you just want to write code directly on your server, deploy it, and push it to GitHub.
But you still don’t feel comfortable keeping your private key on the VPS (and you’re absolutely right not to).
The Solution: VSCode SSH Agent Forwarding
How It Works:
- You have SSH keys on your local machine
- You connect to Server A with
ForwardAgent yesenabled - When you’re on Server A and try to SSH to Server B (or run
git pushto GitHub), Server A requests authentication from your local SSH agent - Your local machine signs the authentication request
- Server A can now connect as if it had your keys, but it never actually receives your private keys
⚠️ Important Security Warning
All shell commands executed by the Linux user you’re connected to will be forwarded through YOUR local SSH agent.
This means if someone else is connected to your Linux user while VSCode is open with ForwardAgent yes, they could potentially access any system your SSH keys have access to, including your local machine and GitHub repositories.
Make sure no one else has access to that Linux user account.
Setup Instructions
1. Open VSCode and click on ‘Remote Explorer’ in the sidebar
2. Click on ‘Open SSH Config File’
3. Add ForwardAgent yes to the host you want to access your local SSH agent from:
Host your-server HostName your-server.com User your-username ForwardAgent yes
4. Save the file and connect to your server
Conclusion
That’s it, that’s all you need to know 🙂
This article was written by Ahmad Adel . Ahmad is a freelance writer and also a backend developer.
