I'd like to enable password ssh authentication (and keep key-based authentication enabled) for may Vagrant VM. How to set that?
Vagrantfile:
Vagrant.configure("2") do |config|
config.vm.box = "fedora/26-cloud-base"
config.vm.box_version = "20170705"
config.ssh.username = 'vagrant'
config.ssh.password = 'a'
config.ssh.keys_only = false
end
$ sudo vagrant ssh-config
Host default
HostName 192.168.121.166
User vagrant
Port 22
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile /home/jakub/src/kubernetes-vms/kubernetes/.vagrant/machines/default/libvirt/private_key
LogLevel FATAL
Password a is not accepted with this settings.
I guess the might be PasswordAuthentication no in output of vagrant ssh-config. How can that option be switched on?
On centos 7, using only below is not enough. By this way, I guess that it just make su vagrant become by password. I cannot find anything why below does not work in the official site.
Vagrant.configure("2") do |config|
config.vm.box = "centos/7"
config.ssh.username = 'vagrant'
config.ssh.password = 'vagrant'
config.ssh.insert_key = false
end
You should modify sshd_config manually.
config.vm.provision "shell", inline: <<-SHELL
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
systemctl restart sshd.service
SHELL
For me the following works. You need to ssh to the vm as usual and then edit /etc/ssh/sshd_config. There you need to set PasswordAuthentication to yes instead of no. This will allow password authentication.
Vagrantfile:
Vagrant.configure("2") do |config|
config.vm.box = "fedora/26-cloud-base"
config.vm.box_version = "20170705"
config.vm.provision 'shell', inline: 'echo "vagrant:a" | chpasswd'
end
Line config.vm.provision 'shell', inline: 'echo "vagrant:a" | chpasswd' invokes shell provisioning that changes password of vagrant user (provided the box comes with predefined user called vagrant).
Then one can connect not only by vagrant ssh but also
ssh vagrant#<vm-ip>
If you want to force password authentication for the VM, you would need to set the following from your Vagrantfile
config.ssh.username = 'vagrant'
config.ssh.password = 'vagrant'
config.ssh.insert_key = false
You need to make sure the vagrant user in the VM has the corresponding password. I am not sure for the box you use so you'll need to verify yourself. It works for following box: ubuntu/trusty64
To ssh with password, this will automatically update the sshd config on debian/stretch64:
config.vm.provision "shell", inline: <<-SHELL
sed -i 's/ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' /etc/ssh/sshd_config
service ssh restart
SHELL
With the following you enable password ssh authentication for a linux VM and (if you wish) you can also set the password for the users vagrant and root
Vagrant.configure("2") do |config|
config.vm.box = "debian/bullseye64"
config.vm.provision "shell", inline: <<-'SHELL'
sed -i 's/^#* *\(PermitRootLogin\)\(.*\)$/\1 yes/' /etc/ssh/sshd_config
sed -i 's/^#* *\(PasswordAuthentication\)\(.*\)$/\1 yes/' /etc/ssh/sshd_config
systemctl restart sshd.service
echo -e "vagrant\nvagrant" | (passwd vagrant)
echo -e "root\nroot" | (passwd root)
SHELL
end
Related
I have vagrant running scotchbox. I recently tried to add id_rsa.pub to /vagrant/home/.ssh hoping to be able to ssh in without entering password. Once I did that it acted the same so I removed it. Now I was adding another site to the configuration and now I can't do vagrant provision as it gives me the following error.
SSH authentication failed! This is typically caused by the
public/private keypair for the SSH user not being properly set on the
guest VM. Please verify that the guest VM is setup with the proper
public key, and that the private key path for Vagrant is setup
properly as well.
Here is what I get from vagrant ssh-config
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile "/Users/username/.vagrant.d/boxes/scotch-VAGRANTSLASH-box/3.0/virtualbox/vagrant_private_key"
IdentitiesOnly yes
LogLevel FATAL
Here is my vagrant file.
Vagrant.configure("2") do |config|
config.vm.box = "scotch/box"
config.vm.network "private_network", ip: "192.168.10.10"
config.vm.hostname = "scotchbox"
config.vm.synced_folder ".", "/var/www", :mount_options => ["dmode=775", "fmode=664"]
config.vm.provider "virtualbox" do |v|
v.memory = 2048
v.cpus = 2
end
# Optional NFS. Make sure to remove other synced_folder line too
#config.vm.synced_folder ".", "/var/www", :nfs => { :mount_options => ["dmode=777","fmode=666"] }
config.vm.provision "shell", inline: <<-SHELL
## Only thing you probably really care about is right here
DOMAINS=("site1.dev" "site2.dev" "site3.dev" "site4.dev" "site5.dev" "ai.d$
## Loop through all sites
for ((i=0; i < ${#DOMAINS[#]}; i++)); do
## Current Domain
DOMAIN=${DOMAINS[$i]}
echo "Creating directory for $DOMAIN..."
mkdir -p /var/www/$DOMAIN/public
echo "Creating vhost config for $DOMAIN..."
sudo cp /etc/apache2/sites-available/scotchbox.local.conf /etc/apache2/si$
echo "Updating vhost config for $DOMAIN..."
sudo sed -i s,scotchbox.local,$DOMAIN,g /etc/apache2/sites-available/$DOM$
sudo sed -i s,/var/www/public,/var/www/$DOMAIN/public,g /etc/apache2/site$
echo "Enabling $DOMAIN. Will probably tell you to restart Apache..."
sudo a2ensite $DOMAIN.conf
done
SHELL
end
I also get authentication error when doing vagrant up until it times out but box still starts and works and I can ssh into it with password.
I have looked through numerous other questions and have tried some things but nothing seemed to fix it. Ideally I want to ssh in using keys but would settle just to get back so I can provision it and have to login with password.
Thanks
I figured this out by setting the following in my Vagrantfile to use ssh key that vagrant created when it initialized.
config.ssh.private_key_path = "/pathtovagrantfolder/.vagrant/machines/default/virtualbox/private_key"
I have a new user in my vagrant box(trusty64) and I am trying to ssh into it. Instead of logging into vagrant user after vagrant up, I want to login to my username.
What I have done so far
Created a user in my guest machine.
Created ssh key in my host using ssh-keygen
Copied the ssh key to the guest using ssh-copy-id -p 2222 -i shash#127.0.0.1
and the part of the Vagrantfile looks like this
config.vm.box = "ubuntu/trusty64"
config.ssh.username = "shash"
config.ssh.forward_agent = true
config.ssh.private_key_path = "~/.ssh/authorized_keys"
I can use ssh -p '2222' 'shash#127.0.0.1' to login directly but when I give vagrant up I keep getting the following error
default: Warning: Connection timeout. Retrying...
default: Warning: Authentication failure. Retrying...
default: Warning: Authentication failure. Retrying...
Any help in sorting out this is really appreciated.Thanks!
A complete set-up guide would be really helpful
The vagrant file will access that users home directory when you specify '~'.
config.ssh.private_key_path = "/home/shash/.ssh/authorized_keys"
Give that a go!
Add it to the Vagrantfile:
Vagrant.configure("2") do |config|
config.ssh.private_key_path = "~/.ssh/id_rsa"
config.ssh.forward_agent = true
end
config.ssh.private_key_path is your local private key
Your private key must be available to the local ssh-agent. You can check with ssh-add -L, if it's not listed add it with ssh-add ~/.ssh/id_rsa
Don't forget to add you public key to ~/.ssh/authorized_keys on the Vagrant VM. You can do it copy-and-pasting or using a tool like ssh-copy-id
https://stackoverflow.com/a/23554973/3563993
I am running vagarant using chef. When I am running vagrant up. Its creating an instance after that its prompting for password. Actually it should login with ssh key
I have granted
chmod 0700 ~/.ssh/.ssh
chmod 0600 ~/.ssh/.ssh/authorized_keys
root#system-desktop:/home/system/Documents/dsrv169# vagrant --version
Vagrant 1.6.5
config.vm.provider :digital_ocean do |provider, override|
override.ssh.private_key_path = '~/.ssh/id_rsa'
override.vm.box = 'digital_ocean'
root#system-desktop:/home/system/Documents/dsrv168# vagrant ssh-config
Host default
HostName 45.55.239.147
User root
Port 22
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile /root/.ssh/id_rsa
IdentitiesOnly yes
LogLevel FATAL
May I know what I required to do
it's just owner and group permission issue. After issuing chown it worked normally.
I have a cluster of 3 VMs. Here is the Vagrantfile:
# -*- mode: ruby -*-
# vi: set ft=ruby :
hosts = {
"host0" => "192.168.33.10",
"host1" => "192.168.33.11",
"host2" => "192.168.33.12"
}
Vagrant.configure("2") do |config|
config.vm.box = "precise64"
config.vm.box_url = "http://files.vagrantup.com/precise64.box"
config.ssh.private_key_path = File.expand_path('~/.vagrant.d/insecure_private_key')
hosts.each do |name, ip|
config.vm.define name do |machine|
machine.vm.hostname = "%s.example.org" % name
machine.vm.network :private_network, ip: ip
machine.vm.provider "virtualbox" do |v|
v.name = name
# #v.customize ["modifyvm", :id, "--memory", 200]
end
end
end
end
This used to work until I upgraded recently:
ssh -i ~/.vagrant.d/insecure_private_key vagrant#192.168.33.10
Instead, vagrant asks for a password.
It seems that recent versions of vagrant (I'm on 1.7.2) create a secure private key for each machine. I discovered it by running
vagrant ssh-config
The output shows different keys for each host. I verified the keys are different by diffing them.
I tried to force the insecure key by setting in Vagrantfile the config.ssh.private_key_path, but it doesn't work.
The reason I want to use the insecure key for all machines is that I want to provision them from the outside using ansible. I don't want to use the Ansible provisioner, but treat the VMs as remote servers. So, the Vagrantfile is just used to specify the machines in the cluster and then provisioning will be done externally.
The documentation still says that by default machines will use the insecure private key.
How can I make my VMs use the insecure private key?
Vagrant changed the behaviour between 1.6 and 1.7 versions and now will insert auto generated insecure key instead of the default one.
You can cancel this behaviour by setting config.ssh.insert_key = false in your Vagrantfile.
Vagrant shouldn't replace insecure key if you specify private_key_path like you did, however the internal logic checks if the private_key_path points to the default insecure_private_key, and if it does, Vagrant will replace it.
More info can be found here.
When Vagrant creates a new ssh key it's saved with the default configuration below the Vagrantfile directory at .vagrant/machines/default/virtualbox/private_key.
Using the autogenerated key you can login with that from the same directory as the Vagrantfile like this:
ssh -i .vagrant/machines/default/virtualbox/private_key -p 2222 vagrant#localhost
To learn about all details about the actual ssh configuration of a vagrant box use the vagrant ssh-config command.
# vagrant ssh-config
Host default
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile /Users/babo/src/centos/.vagrant/machines/default/virtualbox/private_key
IdentitiesOnly yes
LogLevel FATAL
Adding config.ssh.insert_key = false to the Vagrantfile and removing the new vm private key .vagrant/machines/default/virtualbox/private_key vagrant automatically updates vagrant ssh-config with the correct private key ~/.vagrant.d/insecure_private_key. The last thing I had to do was ssh into the vm and update the authorized keys file on the vm. curl https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub > ~/.ssh/authorized_keys
tldr;
ssh vagrant#127.0.0.1 -p2222 -i/~/www/vw/vw-environment/.vagrant/machines/default/virtualbox/private_key
I couldn't get this to work, so in the end I added the following to the ssh.rb ruby script (/opt/vagrant/embedded/gems/gems/vagrant-1.7.1//lib/vagrant/util/ssh.rb)
print(*command_options)
just before this line that executes the ssh call
SafeExec.exec("ssh", *command_options)
So that prints out all the command options passed to the ssh call, from there you can work out something that works for you based on what vagrant calculates to be the correct ssh parameters.
If you are specifically using Ansible (not the Vagrant Ansible provisioner), you might want to consider using the vagrant dynamic inventory script from Ansible's repo:
https://github.com/ansible/ansible/blob/devel/contrib/inventory/vagrant.py
Alternatively, you'd can handcraft your own script and dynamically build your own vagrant inventory file:
SYSTEMS=$(vagrant status | grep running | cut -d ' ' -f1)
echo '[vagrant_systems]' > vagrant.ini
for SYSTEM in ${SYSTEMS}; do
SSHCONFIG=$(vagrant ssh-config ${SYSTEM})
IDENTITY_FILE=$(echo "${SSHCONFIG}" | grep -o "\/.*${SYSTEM}.*")
PORT=$(echo "${SSHCONFIG}" | grep -oE '[0-9]{4,5}')
echo "${SYSTEM} ansible_ssh_host=127.0.0.1 ansible_ssh_port=${PORT} ansible_ssh_private_key_file=${IDENTITY_FILE}" >> vagrant.ini
done
Then use ansible-playbook -i=vagrant.ini
If you try to use the ~/.ssh/config, you'll have to dynamically create or edit existing entries, as the ssh ports can change (due to the collision detection in Vagrant).
Problem: frequently the first command I type to my boxes is su -.
Question: how do I make vagrant ssh use the root user by default?
Version: vagrant 1.6.5
This is useful:
sudo passwd root
for anyone who's been caught out by the need to set a root password in vagrant first
Solution:
Add the following to your Vagrantfile:
config.ssh.username = 'root'
config.ssh.password = 'vagrant'
config.ssh.insert_key = 'true'
When you vagrant ssh henceforth, you will login as root and should expect the following:
==> mybox: Waiting for machine to boot. This may take a few minutes...
mybox: SSH address: 127.0.0.1:2222
mybox: SSH username: root
mybox: SSH auth method: password
mybox: Warning: Connection timeout. Retrying...
mybox: Warning: Remote connection disconnect. Retrying...
==> mybox: Inserting Vagrant public key within guest...
==> mybox: Key inserted! Disconnecting and reconnecting using new SSH key...
==> mybox: Machine booted and ready!
Update 23-Jun-2015:
This works for version 1.7.2 as well. Keying security has improved since 1.7.0; this technique overrides back to the previous method which uses a known private key. This solution is not intended to be used for a box that is accessible publicly without proper security measures done prior to publishing.
Reference:
https://docs.vagrantup.com/v2/vagrantfile/ssh_settings.html
This works if you are on ubuntu/trusty64 box:
vagrant ssh
Once you are in the ubuntu box:
sudo su
Now you are root user. You can update root password as shown below:
sudo -i
passwd
Now edit the below line in the file /etc/ssh/sshd_config
PermitRootLogin yes
Also, it is convenient to create your own alternate username:
adduser johndoe
Wait until it asks for password.
If Vagrantfile as below:
config.ssh.username = 'root'
config.ssh.password = 'vagrant'
config.ssh.insert_key = 'true'
But vagrant still ask you root password,
most likely the base box you used do not configured to allow root login.
For example, the offical ubuntu14.04 box do not set PermitRootLogin yes in /etc/ssh/sshd_config.
So If you want a box can login as root default(only Vagrantfile, no more work), you have to :
Setup a vm by username vagrant(whatever name but root)
Login and edit sshd config file.
ubuntu: edit /etc/ssh/sshd_config, set PermitRootLogin yes
others: ....
(I only use ubuntu, feel free to add workaround of other platforms)
Build a new base box:
vagrant package --base your-vm-name
this create a file package.box
Add that base box to vagrant:
vagrant box add ubuntu-root file:///somepath/package.box
then, you need use this base box to build vm which allow auto login as root.
Destroy original vm by vagrant destroy
Edit original Vagrantfile, change box name to ubuntu-root and username to root, then vagrant up create a new one.
It cost me some time to figure out , it is too complicate in my opinion. Hope vagrant would improve this.
Dont't forget root is allowed root to login before!!!
Place the config code below in /etc/ssh/sshd_config file.
PermitRootLogin yes
Note: Only use this method for local development, it's not secure.
You can setup password and ssh config while provisioning the box. For example with debian/stretch64 box this is my provision script:
config.vm.provision "shell", inline: <<-SHELL
echo -e "vagrant\nvagrant" | passwd root
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
sed -in 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
service ssh restart
SHELL
This will set root password to vagrant and permit root login with password. If you are using private_network say with ip address 192.168.10.37 then you can ssh with ssh root#192.168.10.37
You may need to change that echo and sed commands depending on the default sshd_config file.
Adding this to the Vagrantfile worked for me. These lines are the equivalent of you entering sudo su - every time you login. Please notice that this requires reprovisioning the VM.
config.vm.provision "shell", inline: <<-SHELL
echo "sudo su -" >> .bashrc
SHELL
I know this is an old question, but looking at the original question, it looks like the user just wanted to run a command as root, that's what I need to do when I was searching for an answer and stumbled across the question.
So this one is worth knowing in my opinion:
vagrant ssh servername -c "echo vagrant | sudo -S shutdown 0"
vagrant is the password being echoed into the the sudo command, because as we all know, the vagrant account has sudo privileges and when you sudo, you need to specify the password of the user account, not root..and of course by default, the vagrant user's password is vagrant !
By default you need root privileges to shutdown so I guess doing a shutdown is a good test.
Obviously you don't need to specify a server name if there is only one for that vagrant environment. Also, we're talking about local vagrant virtual machine to the host, so there isn't really any security issue that I can see.
Hope this helps.
I had some troubles with provisioning when trying to login as root, even with PermitRootLogin yes. I made it so only the vagrant ssh command is affected:
# Login as root when doing vagrant ssh
if ARGV[0]=='ssh'
config.ssh.username = 'root'
end
I used vagrant putty with the vagrant multi putty plugin, it took me directly to root.
vagrant destroy
vagrant up
Please add this to vagrant file:
config.ssh.username = 'vagrant'
config.ssh.password = 'vagrant'
config.ssh.insert_key = 'true'