By default Lando will forward all the correctly formatted, owned, and permissioned
ssh keys, including PASSPHRASE PROTECTED keys it finds in your
lando.config.userConfRoot/keys directories into each service. This means that you should be able to use your ssh keys like you were running commands natively on your machine.
Additionally Lando will set the default SSH user inside your services to whatever your host username is. You can also make use of the following ENVVARS which are injected into ever service.
LANDO_HOST_UID=501 LANDO_HOST_GID=20 LANDO_HOST_USER=me
Please note that
lando.config.userConfRoot/keys is a location managed by Lando so it is recommended that you do not alter anything in this folder.
NOTE: Unless you've configured a custom
lando.config.userConfRoot should resolve to
$HOME/.lando, this means by default your keys should be available on your host at
If you are unsure about what keys get loaded you can use the following commands for key discovery.
# Check out service logs for key loading debug output # Obviously replace appserver with the service you are interested in lando logs -s appserver # Check the .ssh config for a given service # Obviously replace appserver with the service you are interested in lando ssh appserver -c "cat /etc/ssh/ssh_config"