Changing vagrant ssh user creates permission erros - ssh

I'm trying to alter an Vagrant box I created for my office. Currently, like most boxes, running vagrant ssh logins me in as the vagrant user, but team members get frustrated having to use su - xxadmin to switch to our primary admin user.
In my Vagrantfile, I added: config.ssh.username = "xxadmin", but then I started receiving the common Vagrant error when running vagrant up:
[default] Configuring and enabling network interfaces...
The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!
sed -e '/^#VAGRANT-BEGIN/,/^#VAGRANT-END/ d' /etc/network/interfaces > /tmp/vagrant-network-interfaces
Stdout from the command:
Stderr from the command:
sudo: no tty present and no askpass program specified
and when running vagrant halt:
[default] Attempting graceful shutdown of VM...
The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!
shutdown -h now
Stdout from the command:
Stderr from the command:
sudo: no tty present and no askpass program specified
What's going on here? Why would simply changing the ssh user create these errors? How do i find a solution forward?
Specs:
OS X Mavericks (host)
Vagrant 1.3.5
Virtualbox 4.3.2
Debian 7 Wheezy (vm client)

In your box, you need to modify your sudoers file by running visudo and adding the following:
Defaults !requiretty

I kept running into this error until I made sure that my user's NOPASSWD sudoers entry was not being squashed.

Related

wrong entry in limits.conf , unable to ssh to host

We have VirtualBox (using vagrant) env , by mistake made an entry in /etc/security/limits.conf [with out having a root shell open:( ] and now I am unable to ssh (the connections drops immediately).
Previously we had one such scenario (limits done by someone else) , was able to fix using vboxmanage guestcontrol copyto CLI and was able to overwrite limits.conf and then ssh was allowed, this time around the vboxmanage CLI also hangs
Tried to open the VM in GUI and went to console and tried few options , but could not get to single user mode.
Since you already tried vbox cli command and the commands hang, it means even virtualbox cannot access the system or get a shell to open.
In this case you will have to bring up a ubuntu VM and use the qemu-nbd module to fix this. The steps are given below.
Bring up a very simple ubuntu vm using hashicorp’s bionic64 on the same host machine by executing the following steps.
mkdir bionic
cd bionic
vagrant box add hashicorp/bionic64
vagrant init
Open the Vagrantfile and change the config.vm.box = "base" to config.vm.box = "hashicorp/bionic64"
Also mount the folder in the host where the .vdi file for the VM is located by adding the following to the Vagrant file by adding the following line(replace the file path with the correct one corresponding to your system. Here /nbd2 will be created on the ubuntu machine and will contain the files including the .vdi file.
config.vm.synced_folder "/home/topcat/VirtualBox\ VMs/your_vm", "/nbd2"
Now do vagrant up
Once the machine boots up
vagrant ssh #to ssh as vagrant
sudo su #to become root
apt-get update #This will refresh the apt cache
apt-get install qemu
modprobe nbd (to check if the module is loaded successfully. Will exit without any output if it is installed)
qemu-nbd -c /dev/nbd1 "/nbd2/box-disk001.vdi" - (Here change the path to whatever you gave in the config.vm.synced_folder property)
mkdir -p /mnt/vdi-boot
mount /dev/nbd1p1 /mnt/vdi-boot
cd /mnt/vdi-boot/etc/security (This folder will have all the files as it were in your VM)
touch limits.conf (if the file is already there, delete it)
chmod 644 limits.conf
chown root:root limits.conf
open the /mnt/vdi-boot/etc/security/nsswitch.conf file and check if the following three lines are present
passwd: files
shadow: files
group: files
umount /mnt/vdi-boot (unmounts the mounted path)
qemu-nbd -d /dev/nbd1 (disconnects from qemu-nbd)
Exit the VM and start the VM
Open another shell and try to ssh. It should go through fine this time.

VSCode Remote-SSH Cannot Connect

I'm trying to use the Remote-SSH extension to edit files on a Linux server from my Windows 10 development machine. Normally, I log into the server using VNC and edit files locally OR I use WinSCP to pull the files to my development machine and copy them back over when done. The Remote-SSH extension seems to be the answer to this inefficiency.
I can SSH just fine using Putty or using Git Bash, but Remote-SSH fails to connect. There's some hints in the error message, but I'm not sure how to interpret them.
Here is my SSH config file (redacted) and the error I receive (redacted):
Config:
Host xxx.yy.gov
HostName xxx.yy.gov
User myusername
Error Message:
[08:44:36.981] remote-ssh#0.47.2
[08:44:36.981] win32 x64
[08:44:36.983] SSH Resolver called for "ssh-remote+xxx.yy.gov", attempt 1
[08:44:36.983] SSH Resolver called for host: xxx.yy.gov
[08:44:36.983] Setting up SSH remote "xxx.yy.gov"
[08:44:37.030] Using commit id "[some-string-of-numbers]" and quality "stable" for server
[08:44:37.033] Testing ssh with ssh -V
[08:44:37.101] ssh exited with code: 0
[08:44:37.101] Got stderr from ssh: OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4
[08:44:37.105] Running script with connection command: ssh -T -D 52772 xxx.yy.gov bash
[08:44:37.107] Install and start server if needed
[08:44:37.111] Terminal shell path: C:\WINDOWS\System32\cmd.exe
[08:44:37.264] >
[08:44:37.264] Got some output, clearing connection timeout
[08:44:37.611] > myusername#xxx.yy.gov's password:
[08:44:37.612] Showing password prompt
[08:44:44.709] Got password response
[08:44:44.709] "install" wrote data to terminal: "**************"
[08:44:44.730] >
>
[08:44:45.102] > bash: bash: command not found
>
[08:44:45.476] "install" terminal command done
[08:44:45.476] Install terminal quit with output: bash: bash: command not found
[08:44:45.476] Received install output: bash: bash: command not found
[08:44:45.477] Stopped parsing output early. Remaining text: bash: bash: command not found
[08:44:45.477] Failed to parse remote port from server output
[08:44:45.477] Resolver error:
[08:44:45.480] TELEMETRY: {"eventName":"resolver","properties":{"outcome":"failure","reason":"UnparsableOutput",
"askedPw":"1","askedPassphrase":"0","asked2fa":"0","askedHostKey":"0","gotUnrecognizedPrompt":"0",
"remoteInConfigFile":"1"},"measures":{"resolveAttempts":1,"retries":1}}
[08:44:45.482] ------
VSCode Remote-SSH error
There are there are three ways you can try. I know the problem is annoying.
Check your vscode is local window or remote window. Then, check
remote-ssh setting. (Make sure Local Server Download is auto && Use
local Server is marked.).
Remote SSH:Path . you can switch to local ssh or git/ssh
Try to update or revert remote-ssh.(Version 0.50 can connect to server host stably, I found. This one is very useful.
Maybe you just select 'Linux' instead of 'Windows' though you are using Windows when you got the option to select Linux, Windows or Mac.
Since you are connecting to a server and not your own computer, the type of server you are connecting to is most likely Linux.

Running a command on a vagrant box via ssh keeps asking for a password

I am trying to run a command on/in a vagrant box using ssh.
According to the documentation, vagrant ssh -c <command> should connect to the machine via ssh and run the command.
I tried this using a simple Ubuntu Server 16.04 box, but every time I get prompted for a password. Simply running vagrant ssh allows me to connect without providing a password.
I used the following Vagrantfile:
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "osslack/ubuntu-server-16.04-no-unattended-upgrades"
config.vm.box_version = "1.0"
end
I tried to test it with the following command: vagrant ssh -c "ls".
How can I run a command via ssh without being prompted for a password?
So, after playing around with it some more, I found a workaround/solution.
When using vagrant ssh, anything after -- will be directly passed to ssh.
So running vagrant ssh -- ls will tell ssh to run the command ls.
This does not prompt for a password.

Vagrant can't connect to the VM

EDIT6: submitted an official path bug: https://github.com/mitchellh/vagrant/issues/7512
EDIT5: When I do vagrant destroy and vagrant up, everything works easily. But when I turn off the VM and turn it back on (you have to restart your PC some day), it won't work again. Either the sequence for vagrant up when the VM is created is bugged or VirtualBox is bugged. Destroying and rebuilding the VM is not the option, cause the DB migration and everything takes ~30 mins at least. Either way, DON'T USE VAGRANT ON WINDOWS 10.
EDIT4: I downgraded to Virtual Box 5.0.0.10, that fix the wrong path problem, but the error Command not in installer persists.
EDIT3: When I went into vagrant up --debug, I found out that it cycles. It gets into line
INFO subprocess: Starting process: ["C:/Program Files/Oracle/VirtualBox/VBoxManage.exe", "showvminfo", "8aaee3a3-806f-4
8ad-9928-91e2b7baba5d", "--machinereadable"]
and then it does
INFO subprocess: Command not in installer, restoring original environment...
The path to VM uses forwards slashes instead of backslashes. Is this a bug? Is there a way to manually set path to VM? I have put C:\Program Files\Oracle\VirtualBox in my PATH.
EDIT2: DON'T USE VAGRANT ON WINDOWS 10, it's bugged in many ways, also VM is not optimalized for win10 yet, you'll get bunch of issues that you won't be able to solve. Also tried the Otto from Hashicorp, not working either. Rip.
EDIT: okay, so when I do vagrant destroy and vagrant up, after 10 minutes of installation it works like a charm. But after I restart my PC or logout in any way, Vagrant is unable to connect to the VM, neither with a private key, nor with login/password. Is that a bug?
When I do vagrant up, VM starts properly, but Vagrant is unable to connect. All it says is Warning: Remote connection disconnect. Retrying...
When I try to connect via vagrant ssh, I get only ssh_exchange_identification: read: Connection reset by peer. When I check GUI of the VM, it is waiting for login, and when I login with defult login/password, it is working as intended, so the problem must be Vagrant not being able to connect to the VM.
I tried:
checking if my pc supports virtualization and checking if it is on
trying to connect with password instead of a key
configuring networking adapetrs
turning off firewall
clean reinstall
I am using Vagrant 1.8.1 and VirtualBox 5.0.20 on Windows 10.
This is my vagrant file:
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "ubuntu/trusty64"
config.vm.provider :virtualbox do |vb|
vb.memory = 2048
vb.gui = true
vb.cpus = 2
end
config.vm.network :private_network, type: "dhcp"
config.vbguest.auto_update = false
config.ssh.insert_key = false
config.vm.provision :shell, path: "bootstrap.sh"
end
[Edit 17/06/2016]
The problem should be resolved with Virtualbox 5.0.22.
https://www.virtualbox.org/wiki/Changelog
https://www.virtualbox.org/ticket/15412
[Original answer below]
In contrast to my earlier answer I now don't think that I encounter the same problem as you have described here. However I still think that you encounter a different variation the problem.
As of feedback received from Virtualbox development https://www.virtualbox.org/ticket/15412 I learned that Virtualbox 5.0.20 includes changes to the NAT Forwarding Rules to address other bugs. When a VM is saved and started again, Virtualbox now removes the network cable for 5 seconds. This is supposed to trigger the DHCP client to request a new lease. This information in turn is then used by Virtualbox to infer the IP address and NAT should work.
In my particular case I encounter this problem with Ubuntu 16.04 as guest VM whereas with Ubuntu 14.04 it works. This indicates to me that the DHClient on Ubuntu 14.04 does request a new lease after the cable was disconnected by Virtualbox whereas this is not the case with Ubuntu 16.04.
In order to verify that you encounter the same problem, I wonder if you could run the below test and let me know.
Login to the Trusty VM console (i.e. the one that you get displayed when you run the VM in the foreground)
Install 'arping' (sudo apt-get -y install arping)
Create the below script 'sendARP.sh'
#!/bin/bash
IFACE=$(ifconfig | grep 'Link encap:Ethernet' | awk '{print $1}')
IP=$(ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1')
arping -c 1 -i $IFACE $IP
Make it an executable 'chmod +x sendARP.sh'
Save the Trusty VM (vagrant suspend)
Start your Trusty VM from saved state (vagrant up)
Login to the Trusty VM console (i.e. the one that you get displayed when you run the VM in the foreground)
Run the script 'sudo ./sendARP.sh'
Test whether you can connect via SSH from the remote location/ Virtualbox host
Bugs:
https://github.com/mitchellh/vagrant/issues/7306
https://www.virtualbox.org/ticket/15412

Centos 6.5, WHM : Rsync with Root disabled using ssh user from the Wheel Group

I'm trying to rsync files with my server, which has root login via ssh disabled. I'm trying to use one of the users I've created and added to to the wheel group. Usually - when I log in via ssh I run
su - root
then type the password and can run everything as root user, but not quite sure how to do it with rsync as I need to upload the files outside of the user directory.
When I run:
rsync -avz files/* sshwheeluser#ip_address:/home/newproject/public_html/
I get:
rsync: ERROR: cannot stat destination "/home/newproject/public_html/": Permission denied (13)
I have added the following to the /etc/sudoers file:
rsyncuser ALL= NOPASSWD:/usr/bin/rsync
plus I've un-commented:
%wheel ALL=(ALL) NOPASSWD: ALL
I've also tried to run the command with –rsync-path="sudo rsync" as suggested in some posts, but still no luck:
rsync -avz –rsync-path="sudo rsync" files/* sshwheeluser#ip_address:/home/newproject/public_html/
Next I tried to use it with additional -e "ssh":
rsync -avz -e "ssh" –rsync-path="sudo rsync" files/* sshwheeluser#ip_address:/home/newproject/public_html/
which changed the error message (looks like we're getting somewhere):
stdin: is not a tty
sudo: sorry, you must have a tty to run sudo
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at /SourceCache/rsync/rsync-40/rsync/io.c(452) [sender=2.6.9]
This post suggests that require_tty and tty_tickets should be disabled in sudoers, but I can't find these options in the /etc/sudoers file.
I've added (as recommended) Defaults !tty_tickets to the sudoers, but still the same message.
Any idea what else I need to do to make it work?
You should check Selinux logs, rsync is probably been blocked by Selinux.
You can also try to run:
semanage permissive -a rsync_t