Please use coder ssh instead.
Or you can do coder config-ssh and then use the system's built-in ssh.

Please use coder ssh instead.

I just tried, but encountered the same issue:

$ coder ssh -p 2222 git@server
parsing flags ([ssh -p 2222 git@server]) for "coder ssh": unknown shorthand flag: 'p' in -p

Additionally, I believe coder ssh is intended for connecting to workspaces, not from them.

Or you can do coder config-ssh and then use the system's built-in ssh.

Is there any guidance on how to set it up properly? If I use ssh directly, it doesn't inject the SSH key that Coder generated, resulting in:

$ ssh -p 2222 git@server
git@server: Permission denied (publickey).

@NN708 Looks like you want to connect to a 3rd server by using your Coder workspace as a jump server? Am I right?

Can you connect to the server from inside the Coder workspace?

Sorry if I am getting it wrong. And I would appreciate it if you could explain the exact use case.

Looks like you want to connect to a 3rd server by using your Coder workspace as a jump server? Am I right?

Yes, I'm using the Coder workspace to develop Ansible playbooks, and I need it to act as a control node for managing other servers.

Can you connect to the server from inside the Coder workspace?

Yes, currently, coder gitssh git@server works perfectly, but we cannot use any options.

Since this is about Ansible Playbooks - please review the following hints.

Where is Port 2222 in the LISTEN state?

Note: Port 2222 in this context appears to be for connecting TO external Ansible-managed servers FROM the Coder workspace, not for connecting to the workspace itself.

There is an example in https://www.jeffgeerling.com/blog/2022/using-ansible-playbook-ssh-bastion-jump-host where the port 2222 is discussed for bastion use BUT ONLY IF the Port 2222 is the end-point on the bastion, do not use -p 2222 for 'normal' ssh hosts.

If you however need to connect to the Ansible hosts on port 2222 AFTER going through the Workspace's SSH, then .ssh/config files or appropriate -W %h:%p or other methods.

Please note that Coder staff do not have specific training on Ansible or an example configuration to use the Workspace as SSH Proxy!

Regarding your other questions which may not be responded to:

SSH not using the key/agent:

Add SSH configuration for your workspace

coder config-ssh --ssh-option "ForwardAgent=yes"

When using ssh commands directly, use -v or -vv to get verbose output, then you see which keys are in use.

If the above does not help, then you may need to consider these options

Use -- to separate the ssh options to be passed to the internal ssh, otherwise these are option to the 'coder ssh' process itself. See: https://coder.com/docs/reference/cli/ssh

The coder gitssh command does not provide this, however the Agent and Proxy setup may be what is needed.

Make sure you've setup the .ssh/config file with the Agent option, and then you should have something like these entries to align with your Ansible setup, the default config-ssh will have coder.* and *.coder setup, but you can add your own if you need more configuration or specific items added. Order your .ssh/config correctly to override (if needed, usually the Coder setup can be used).

# Coder specific-workspace configuration
Host coder-workspace
    HostName your-workspace.coder.domain
    User coder
    ForwardAgent yes
    IdentityFile ~/.ssh/id_rsa_coder

# Ansible bastion/jump host
Host ansible-bastion
    HostName bastion.example.com
    User ansible-user
    Port 22
    IdentityFile ~/.ssh/id_rsa_ansible
    ForwardAgent yes
    ControlMaster auto
    ControlPath ~/.ssh/control-%r@%h:%p
    ControlPersist 5m

# Production servers via bastion
Host prod-web-*
    ProxyJump ansible-bastion
    User ansible-user
    IdentityFile ~/.ssh/id_rsa_ansible
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null

# Check your SSH Agent

Verify SSH agent is available

echo $SSH_AUTH_SOCK

List available keys

ssh-add -l

Add additional keys if needed

ssh-add ~/.ssh/id_rsa_ansible

### Ansible inventory with Proxy setup

ansible_ssh_common_args: '-o ProxyJump=coder-workspace'

@bjornrobertsson Are you an AI? So much info, but nothing actually useful. 😅

Not an AI. Our AI is called Blink.

But like I pointed out, we're not specifically trained in making Ansible or Proxy Bastion work, however the Ansible documentation and SSH Documentation should get you on track. This is just our 'best effort' to get you on track to a solution.

OK, but the issue isn't with Ansible (it can be reproduced without Ansible at all), so no need to dive too deep into that.

It works! I got Ansible to work with this setup:

export ANSIBLE_SSH_EXECUTABLE=coder
export ANSIBLE_SSH_ARGS="gitssh -- -C -o ControlMaster=auto -o ControlPersist=60s"

@bjornrobertsson Thanks for your help! This solution works perfectly, so I'm closing this issue now.