-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
new ssh config directive "include" breaks "vagrant ssh" #10601
Comments
Hi there, Would you please provide a gist of the debug output from running: Thanks! |
Here is a gist of the debug output (sorry for the delay) |
I"m having the same issue. I've attached the debug output. For this test, my ~/.ssh/config file only has the include: My conf.d has a file that only has this:
I tried to eliminate as much fluff as possible to narrow down the issue. Thanks in advance! |
Also hitting the same issue using the AppImage Vagrant 2.2.4, in my case a
|
I had exactly the same thing in mine. I set this up to work around it:
That will get you with a working vagrant and a working proxy jump. Lame, but functioning. Hope it helps. |
Same issue here. Version 2.2.4 |
To add to @fourjay's workaround, that needs to be only run when using
|
This workaround does not work for me when using
Hmm =/ |
@dragetd are you using windows? If so, instead of |
No, on gentoo/Linux. Also tried to create an empty file and point the config there with no success. I joined my SSH Config with Basically I was even unable to figure out how vagrant does SSH xD |
^ This was breaking every box I tried
˅ Replacement/workaround
|
I am hitting the same issue with Thanks to @dovry and @blairlyrical for the workaround, I will give this one a try. I suspect this might be because Vagrant comes with an older version of ssh. I can see the following in the debug log:
The Edit: this is indeed the case, Vagrant seems to ship with OpenSSH v6.6.1 : After mounting the AppImage, I cannot run the ssh binary directly because of library issues but we can extract the strings from the binary. The first match is the one from the
The As an aside, it might be good to upgrade the binary, this is more than 3 years old for a security-oriented product like SSH... Edit2: I confirm @blairlyrical workaround using Edit3: it also seems the doc at https://www.vagrantup.com/docs/cli/ssh.html#ssh-client-usage does not match what is happening: instead of using the host machine ssh client (as the doc says), Vagrant uses its internal one |
Okay, this explains why I failed to find anything about a ruby-based implementation of SSH in vagrant. :-P And yes, upgrading to a more recent SSH version would solve a bunch of issues! 7.3 is also the version that brought the include statement. Ubuntu current LTS 18.04 comes with 7.6 and the latest version is 8.1(!). The bundled 6.6.1 also comes with a nice CVE: https://www.openssh.com/txt/release-7.1p2 In the context of vagrant not a major threat, but still a thing to be aware of. I highly recommend upgrading to at least 7.6 since this is maintained by Canonical till 2023. Or directly 8.1. |
Hi @dragetd, thanks for the additional information! |
I can see the ssh process version v6.6.1 when using vagrant ssh. But I am just completely unable to figure out how this works in the source. https://github.com/hashicorp/vagrant/blob/master/plugins/communicators/ssh/plugin.rb#L10 implies that ruby net-ssh is used.
net-ssh has a similar open issue at net-ssh/net-ssh#650 eventho the source implies that it does actually parse the command (see other issue). But the running SSH binary when calling vagrant ssh is an elf binary, not a ruby module. How does a ruby ssh implementation spawn an outdated ssh binary? The net-ssh version used by vagrant is 5.2, which is not the latest one, tho the newer versions do not contain any fixes in this direction. I got it to work with defining
in my config, no clue why it did not work some weeks ago. Still, the whole thing is a bit frustrating. =/ |
Now that I came back to it while not using my config-mashing-hack anymore, I am unable to run sigh |
Seeing this as well regardless of provider used. Any chance of getting an updated OpenSSH in the Vagrant AppImage? If it's going to read a user's SSH configs, it seems important that it be fairly recent, not a version that's so far behind that it breaks on common config directives. |
Hit the bug again today (Fedora 32, Vagrant 2.29) as I added an The workaround from @fourjay does not seem to work anymore as Vagrant appears to check for the existence of the SSH config file:
Using an almost empty file does the trick though:
@chrisroberts : is there any interested in getting this fixed in mainline Vagrant? I am surprised no more people from the core team are hitting this (or maybe they are using another workaround) ? |
Same issue here after updating to Fedora 32 past week
this solution worked for me |
@unfulvio : thanks for the feedback. Which version of Vagrant are you using? I have found that mine does now allow the |
@vrubiolo v2.2.9 - I am using it with this project: https://github.com/Varying-Vagrant-Vagrants/VVV |
@unfulvio : thanks for the feedback. This is interesting. I am also using 2.2.9 and cannot pass through the |
@vrubiolo frankly no, I don't know why - I have used |
Try # vagrant build in ssh version:
$ vagrant ssh -- -V
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13, OpenSSL 1.0.1f 6 Jan 2014
# my workaround:
$ vagrant ssh -- -F /dev/null see also my issue #11709 |
@reini-1 : thanks for the additional info, esp the clever use of |
I had the same problem with vagrant 2.2.9. |
Same here with latest version (2.2.9 @ today). #11788 is in relation ? :D |
It's in relation. Thanks for the mention and thanks zioalex for providing an easier workaround than I came up with. Still, it does not remove the need for updating the ssh version Vagrant uses. |
Just wanted to report that having |
Greetings, Any expectations regarding this issue? seems to be some generic issue parsing the users .ssh/config, should it be even parsing it? |
Hi everyone, This issue affects the appimage version of Vagrant and will be resolved in the next release. This PR hashicorp/vagrant-installers#181 strips out a bunch of extras that were included to make it behave much like the system packages which provide dependency applications and libraries. The result is the appimage version will not attempt to use an internal version of ssh (which in this case is an older version that does not support newer configuration options). We're wrapping up the last items for the next release so I'll leave this issue open until the release is published and available. Cheers! |
This issue is still present on RHEL 8.8, OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021, vagrant version 2.4,0. |
@GyurkanM Which version of vagrant and disto-package or AppImage? For me, not using the AppImage version did solve an unrelated issue as well, and currently (vagrant 2.3.6) it works for my SSH config. I think it was resolved with the next release as @chrisroberts said. Maybe if you got a new problem, open a new issue and we can close this one? |
Version 2.4.0 as said above and installed with dnf |
Vagrant version
Vagrant 2.2.3
Host operating system
Opensuse Leap 15
Vagrantfile
~/.ssh/config
Expected behavior
vagrant ssh should connect to vagrant box
Actual behavior
/home/XXX/.ssh/config: terminating, 5 bad configuration options
ssh vagrant
can workaround by adding
config.ssh.config = "/dev/null"
Steps to reproduce
The text was updated successfully, but these errors were encountered: