I like using the "vagrant" user to provision my Vagrant VM using Ansible. But once I get the box set up, I'd like to be able to log in to it using either the vagrant account or my personal account "smith." However, when I log in as smith, I'd like to not be prompted for my password. Is there a way to set this up? I've created the smith account on the Vagrant box and I've copied my public and private SSH keys from my .ssh directory on the OS X management host to user smith's .ssh directory on the VM. Right now I can log in by doing "ssh smith#192.168.2.100" but I get prompted for my password. Is there any way to configure both machines so that I can log in using my SSH keys?
Thanks.
# Vagrantfile
DEV_GID = 1001
Vagrant.configure(2) do |config|
config.vm.box = "debian/jessie64"
config.vm.network "forwarded_port", guest: 80, host: 8080
config.vm.network "forwarded_port", guest: 443, host: 8443
config.vm.network "private_network", ip: "192.168.2.100"
config.vm.synced_folder "website/", "/srv/http/example.com",
owner: "root",
group: DEV_GID,
mount_options: ["dmode=775"]
config.vm.provision "shell", path: "provision.sh"
end
Instead of copying all the files in the .ssh directory, you should create the file
/home/smith/.ssh/authorized_keys
(or wherever your home folder in the vagrant box is) in your vagrand box and copy-paste your id_rsa.pub inside this file. By copying-paste I mean open id_rsa.pub with an editor, copy all of it, and paste it in .ssh/authorized_keys file. You should also change the directory permissions to 0600.
Your private id_rsa file is not needed in the vagrant box, it is only needed in the host you use to ssh into that vagrant box.
Related
I have vagrant running scotchbox. I recently tried to add id_rsa.pub to /vagrant/home/.ssh hoping to be able to ssh in without entering password. Once I did that it acted the same so I removed it. Now I was adding another site to the configuration and now I can't do vagrant provision as it gives me the following error.
SSH authentication failed! This is typically caused by the
public/private keypair for the SSH user not being properly set on the
guest VM. Please verify that the guest VM is setup with the proper
public key, and that the private key path for Vagrant is setup
properly as well.
Here is what I get from vagrant ssh-config
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile "/Users/username/.vagrant.d/boxes/scotch-VAGRANTSLASH-box/3.0/virtualbox/vagrant_private_key"
IdentitiesOnly yes
LogLevel FATAL
Here is my vagrant file.
Vagrant.configure("2") do |config|
config.vm.box = "scotch/box"
config.vm.network "private_network", ip: "192.168.10.10"
config.vm.hostname = "scotchbox"
config.vm.synced_folder ".", "/var/www", :mount_options => ["dmode=775", "fmode=664"]
config.vm.provider "virtualbox" do |v|
v.memory = 2048
v.cpus = 2
end
# Optional NFS. Make sure to remove other synced_folder line too
#config.vm.synced_folder ".", "/var/www", :nfs => { :mount_options => ["dmode=777","fmode=666"] }
config.vm.provision "shell", inline: <<-SHELL
## Only thing you probably really care about is right here
DOMAINS=("site1.dev" "site2.dev" "site3.dev" "site4.dev" "site5.dev" "ai.d$
## Loop through all sites
for ((i=0; i < ${#DOMAINS[#]}; i++)); do
## Current Domain
DOMAIN=${DOMAINS[$i]}
echo "Creating directory for $DOMAIN..."
mkdir -p /var/www/$DOMAIN/public
echo "Creating vhost config for $DOMAIN..."
sudo cp /etc/apache2/sites-available/scotchbox.local.conf /etc/apache2/si$
echo "Updating vhost config for $DOMAIN..."
sudo sed -i s,scotchbox.local,$DOMAIN,g /etc/apache2/sites-available/$DOM$
sudo sed -i s,/var/www/public,/var/www/$DOMAIN/public,g /etc/apache2/site$
echo "Enabling $DOMAIN. Will probably tell you to restart Apache..."
sudo a2ensite $DOMAIN.conf
done
SHELL
end
I also get authentication error when doing vagrant up until it times out but box still starts and works and I can ssh into it with password.
I have looked through numerous other questions and have tried some things but nothing seemed to fix it. Ideally I want to ssh in using keys but would settle just to get back so I can provision it and have to login with password.
Thanks
I figured this out by setting the following in my Vagrantfile to use ssh key that vagrant created when it initialized.
config.ssh.private_key_path = "/pathtovagrantfolder/.vagrant/machines/default/virtualbox/private_key"
I am trying to SSH into a specific vagrant box from the command line:
vagrant ssh winbox password
'winbox' is what the box appears to be called in 'vagrant box list'. However, upon the entry of that command I get:
The machine with the name 'winbox' was not found configured for
this Vagrant environment.
If I just do 'vagrant ssh' It all works fine so I'm pretty sure I'm getting the box name wrong. The same box name appears in the vagrant file for the box:
Vagrant.configure("2") do |config|
config.vm.box = "winbox"
config.ssh.username = "vagrant"
config.ssh.password = ******
config.vm.network :forwarded_port, guest: 4444, host: 4440
config.vm.network :forwarded_port, guest: 5555, host: 5555
end
Is there any way to check the name of the currently running vagrant box?
It is important that I log into the box all in one line because I am basically using Java to execute command line code from within a JUNIT test and it's not possible to first go vagrant ssh and then enter a password with it.
you only need the box name information when you initiate the new VM.
so either when you run vagrant init winbox or when you change the config.vm.box parameter in your Vagrantfile.
After you have initialized the VM (vagrant up) you can forget about the box, you don't need it anymore (it still needs to be present in your Vagrantfile but you don't reference it anymore)
If you run a single VM in your Vagrantfile, you can just run vagrant ssh to get into the VM.
what you may be confused about the vagrant ssh <VMName> is when you run vagrant multi-machine so in this case a single Vagrantfile will spin multiple VMs and you will need to indicate the name of the VM (not the box) to ssh into the correct VM
I installed vagrant box in mac system. In that vagrant box I configured apache and it is running. I am trying to access it from my machine, but I am not able to access.
*Vagrant.configure(2) do |config|
config.vm.box = "oar-team/debian8"
config.vm.network "forwarded_port", guest: 80, host: 8000
config.vm.synced_folder "./", "/vagrant", id: "vagrant-root",
owner: "vagrant",
group: "www-data",
mount_options: ["dmode=777,fmode=777"]
config.ssh.forward_agent = true
config.vm.define "127.0.0.1"
end*
Above one is my vagrant file. I am vagrant up and it is running the vagrant box.
I found the answer finally. After running the vagrant up
My site has some set of scripts to run. To run those scripts I need to run
vagrant provision. then only it is running the site.
I'm trying to connect to vagrant via homestead ssh:
vagrant#127.0.0.1's password:
But my public key password doesn't work.
My Homestead.yaml looks like this:
authorize: ~/.ssh/id_rsa.pub
keys:
- ~/.ssh/id_rsa
I'm using "Laravel Homestead version 2.0.14" with "Vagrant 1.7.2".
After trying a lot of passwords and becoming totally confused why my public key password is not working I found out that I have to use vagrant as password.
Maybe this info helps someone else too - that's because I've written it down here.
Edit:
According to the Vagrant documentation, there is usually a default password for the user vagrant which is vagrant.
Read more on here: official website
In recent versions however, they have moved to generating keypairs for each machine. If you would like to find out where that key is, you can run vagrant ssh -- -v. This will show the verbose output of the ssh login process. You should see a line like
debug1: Trying private key: /home/aaron/Documents/VMs/.vagrant/machines/default/virtualbox/private_key
I've a same problem. After move machine from restore of Time Machine, on another host. There problem it's that ssh key for vagrant it's not your key, it's a key on Homestead directory.
Solution for me:
Use vagrant / vagrant for access ti VM of Homestead
vagrant ssh-config for see config of ssh
run on terminal
vagrant ssh-config
Host default
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile "/Users/MYUSER/.vagrant.d/insecure_private_key"
IdentitiesOnly yes
LogLevel FATAL
ForwardAgent yes
Create a new pair of SSH keys
ssh-keygen -f /Users/MYUSER/.vagrant.d/insecure_private_key
Copy content of public key
cat /Users/MYUSER/.vagrant.d/insecure_private_key.pub
On other shell in Homestead VM Machine copy into authorized_keys
vagrant#homestad:~$ echo 'CONTENT_PASTE_OF_PRIVATE_KEY' >> ~/.ssh/authorized_keys
Now can access with vagrant ssh
By default Vagrant uses a generated private key to login, you can try this:
ssh -l ubuntu -p 2222 -i .vagrant/machines/default/virtualbox/private_key 127.0.0.1
This is the default working setup https://www.youtube.com/watch?v=XiD7JTCBdpI
Use Connection Method: standard TCP/IP over ssh
Then ssh hostname: 127.0.0.1:2222
SSH Username: vagrant password vagrant
MySQL Hostname: localhost
Username: homestead password:secret
On a Windows machine I was able to log to to ssh from git bash with
ssh vagrant#VAGRANT_SERVER_IP without providing a password
Using Bitvise SSH client on window
Server host: VAGRANT_SERVER_IP
Server port: 22
Username: vagrant
Password: vagrant
In my case I learned through the output from:
vagrant ssh -- -v
The problem was my private key generated by vagrant was ignored because the permissions were too open (on Windows 10).
The log lines were:
Permissions for 'C:/My Folder/.vagrant/machines/default/virtualbox/private_key'
are too open. It is required that your private key files are NOT
accessible by others. This private key will be ignored.
So in Windows Explorer, navigate to the private key for the VM on the path in your log, right-click and select properties. Then go to the Security tab and click the Advanced button. Next, Add your specific user with Full Control, and then select whichever group also has permissions and click the Disable inheritance button at the bottom of the dialog and chose to remove all inheritance. You should be left with just your own user account having permissions on the private_key file. Click Apply and close the properties dialog, then try vagrant ssh again. It should now let you in without asking for a password.
I have a cluster of 3 VMs. Here is the Vagrantfile:
# -*- mode: ruby -*-
# vi: set ft=ruby :
hosts = {
"host0" => "192.168.33.10",
"host1" => "192.168.33.11",
"host2" => "192.168.33.12"
}
Vagrant.configure("2") do |config|
config.vm.box = "precise64"
config.vm.box_url = "http://files.vagrantup.com/precise64.box"
config.ssh.private_key_path = File.expand_path('~/.vagrant.d/insecure_private_key')
hosts.each do |name, ip|
config.vm.define name do |machine|
machine.vm.hostname = "%s.example.org" % name
machine.vm.network :private_network, ip: ip
machine.vm.provider "virtualbox" do |v|
v.name = name
# #v.customize ["modifyvm", :id, "--memory", 200]
end
end
end
end
This used to work until I upgraded recently:
ssh -i ~/.vagrant.d/insecure_private_key vagrant#192.168.33.10
Instead, vagrant asks for a password.
It seems that recent versions of vagrant (I'm on 1.7.2) create a secure private key for each machine. I discovered it by running
vagrant ssh-config
The output shows different keys for each host. I verified the keys are different by diffing them.
I tried to force the insecure key by setting in Vagrantfile the config.ssh.private_key_path, but it doesn't work.
The reason I want to use the insecure key for all machines is that I want to provision them from the outside using ansible. I don't want to use the Ansible provisioner, but treat the VMs as remote servers. So, the Vagrantfile is just used to specify the machines in the cluster and then provisioning will be done externally.
The documentation still says that by default machines will use the insecure private key.
How can I make my VMs use the insecure private key?
Vagrant changed the behaviour between 1.6 and 1.7 versions and now will insert auto generated insecure key instead of the default one.
You can cancel this behaviour by setting config.ssh.insert_key = false in your Vagrantfile.
Vagrant shouldn't replace insecure key if you specify private_key_path like you did, however the internal logic checks if the private_key_path points to the default insecure_private_key, and if it does, Vagrant will replace it.
More info can be found here.
When Vagrant creates a new ssh key it's saved with the default configuration below the Vagrantfile directory at .vagrant/machines/default/virtualbox/private_key.
Using the autogenerated key you can login with that from the same directory as the Vagrantfile like this:
ssh -i .vagrant/machines/default/virtualbox/private_key -p 2222 vagrant#localhost
To learn about all details about the actual ssh configuration of a vagrant box use the vagrant ssh-config command.
# vagrant ssh-config
Host default
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile /Users/babo/src/centos/.vagrant/machines/default/virtualbox/private_key
IdentitiesOnly yes
LogLevel FATAL
Adding config.ssh.insert_key = false to the Vagrantfile and removing the new vm private key .vagrant/machines/default/virtualbox/private_key vagrant automatically updates vagrant ssh-config with the correct private key ~/.vagrant.d/insecure_private_key. The last thing I had to do was ssh into the vm and update the authorized keys file on the vm. curl https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub > ~/.ssh/authorized_keys
tldr;
ssh vagrant#127.0.0.1 -p2222 -i/~/www/vw/vw-environment/.vagrant/machines/default/virtualbox/private_key
I couldn't get this to work, so in the end I added the following to the ssh.rb ruby script (/opt/vagrant/embedded/gems/gems/vagrant-1.7.1//lib/vagrant/util/ssh.rb)
print(*command_options)
just before this line that executes the ssh call
SafeExec.exec("ssh", *command_options)
So that prints out all the command options passed to the ssh call, from there you can work out something that works for you based on what vagrant calculates to be the correct ssh parameters.
If you are specifically using Ansible (not the Vagrant Ansible provisioner), you might want to consider using the vagrant dynamic inventory script from Ansible's repo:
https://github.com/ansible/ansible/blob/devel/contrib/inventory/vagrant.py
Alternatively, you'd can handcraft your own script and dynamically build your own vagrant inventory file:
SYSTEMS=$(vagrant status | grep running | cut -d ' ' -f1)
echo '[vagrant_systems]' > vagrant.ini
for SYSTEM in ${SYSTEMS}; do
SSHCONFIG=$(vagrant ssh-config ${SYSTEM})
IDENTITY_FILE=$(echo "${SSHCONFIG}" | grep -o "\/.*${SYSTEM}.*")
PORT=$(echo "${SSHCONFIG}" | grep -oE '[0-9]{4,5}')
echo "${SYSTEM} ansible_ssh_host=127.0.0.1 ansible_ssh_port=${PORT} ansible_ssh_private_key_file=${IDENTITY_FILE}" >> vagrant.ini
done
Then use ansible-playbook -i=vagrant.ini
If you try to use the ~/.ssh/config, you'll have to dynamically create or edit existing entries, as the ssh ports can change (due to the collision detection in Vagrant).