Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vagrant@127.0.0.1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). #13309

Open
wanSri opened this issue Dec 18, 2023 · 9 comments
Open

vagrant@127.0.0.1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). #13309

wanSri opened this issue Dec 18, 2023 · 9 comments
Labels
command/ssh host/windows needs info needs-repro

Comments

@wanSri
Copy link

wanSri commented Dec 18, 2023

Hi,Authors!

Take some pictures first!!!
image

My operating system is win11, and the ssh I use comes with vagrant. private_key also has permissions.

image

My steps:

image

I've tried all kinds of methods but nothing works. I'm going crazy.
help me ,thank you.
@wanSri
Copy link
Author

wanSri commented Dec 18, 2023

I read a lot of articles and tried a lot of methods. I reinstalled vagrant, but it still says I don’t have permission. Please help me.

@alexgit2k
Copy link
Contributor

Having the same issue, worked a few months ago ...

Solved it by adding this to the Vagrantfile:
config.ssh.insert_key = false

@wanSri
Copy link
Author

wanSri commented Dec 19, 2023

Having the same issue, worked a few months ago ...

Solved it by adding this to the Vagrantfile: config.ssh.insert_key = false

@alexgit2k Thank you, thank you very much. I didn’t find similar answers on the Internet. I would like to know how you came to know this solution.

@alexgit2k
Copy link
Contributor

Found it here: https://www.devopsroles.com/vagrant-ssh-permission-denied-fixed/#How_do_fix_vagrant_ssh_Permission_denied

But actually without config.ssh.insert_key it should generate a new key, copy it into the virtual machine and vagrant ssh should work. So I think config.ssh.insert_key is just a workaround for an issue.

@msvihra
Copy link

msvihra commented Dec 21, 2023
edited

It seems that Vagrant is copying SSH key with wrong permissions to .vagrant/machines/<machine_name>/virtualbox folder. I am facing this issue too on Vagrant 2.3.1 or Vagrant 2.4.0. Changing config.ssh.insert_key is not solution for me.

Output from Vagrant SSH (Windows built-in):

Vagrant SSH outputs: 
PS > vagrant ssh test_VM --debug
INFO ssh: Invoking SSH: C:\Windows\System32\OpenSSH\/ssh.EXE ["vagrant@127.0.0.1", "-p", "2181", "-o", "LogLevel=FATAL", "-o", "Compression=yes", "-o", "DSAAuthentication=yes", "-o", "IdentitiesOnly=yes", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null", "-i", "C:/path/to/files/.vagrant/machines/test_VM/virtualbox/private_key"]
DEBUG safe_exec: Converting command and arguments to common UTF-8 encoding for exec.
DEBUG safe_exec: Command: `"C:\\Windows\\System32\\OpenSSH\\/ssh.EXE"` Args: `["vagrant@127.0.0.1", "-p", "2181", "-o", "LogLevel=FATAL", "-o", "Compression=yes", "-o", "DSAAuthentication=yes", "-o", "IdentitiesOnly=yes", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null", "-i", "C:/path/to/files/.vagrant/machines/test_VM/virtualbox/private_key"]`
DEBUG safe_exec: Converted - Command: `"C:\\Windows\\System32\\OpenSSH\\/ssh.EXE"` Args: `["vagrant@127.0.0.1", "-p", "2181", "-o", "LogLevel=FATAL", "-o", "Compression=yes", "-o", "DSAAuthentication=yes", "-o", "IdentitiesOnly=yes", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null", "-i", "C:/path/to/files/.vagrant/machines/test_VM/virtualbox/private_key"]`
vagrant@127.0.0.1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

PS > > C:\\Windows\\System32\\OpenSSH\\/ssh.EXE vagrant@127.0.0.1 -p 2181 -o Compression=yes -o DSAAuthentication=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i C:/path/to/files/.vagrant/machines/test_VM/virtualbox/private_key
Warning: Permanently added '[127.0.0.1]:2181' (ED25519) to the list of known hosts.
Bad permissions. Try removing permissions for user: BUILTIN\\Users (S-1-5-32-545) on file C:/path/to/files/.vagrant/machines/test_VM/virtualbox/private_key.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'C:/path/to/files/.vagrant/machines/test_VM/virtualbox/private_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "C:/path/to/files/.vagrant/machines/test_VM/virtualbox/private_key": bad permissions
vagrant@127.0.0.1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

It is happening on Debian / CentOS 7 boxes.

Environment:
Vagrant: 2.3.1 (replicated also on 2.4.0)
VirtualBox: 6.1.38
HOST: Windows 11 (OS Build: 22621.2861)
PowerShell version: 7.4.0

NOTE:
I was able to fix this, by changing private key parameters for file C:/path/to/files/.vagrant/machines/test_VM/virtualbox/private_key. Click Properties -> Security -> Advanced -> Disable Inheritance. After that remove all other users except yours from Group or user names and have Read permissions set in Permissions for Users.
This need to be done manually for all new VMs.

@asteiner-psh
Copy link

asteiner-psh commented Jan 5, 2024
edited

I believe this issue is a duplicate of //issues/13284.

Downgrading to 2.3.7 worked for me.

@chrisroberts
Copy link
Member

Hi there,

I have tried to replicate this behavior but have not been successful. After Vagrant writes the new private key it will then run the set_ssh_key_permissions capability if the host provides it. The Windows host plugin does provide this capability and runs this script that calls this function on the path to remove inherited permissions from the key file.

I set up a project locally with inheritance enabled on the drive, ran a vagrant up and after it was complete was able to vagrant ssh into the guest without issue. If I updated the permissions on the private key file manually to enable inheritance, I would then see the behavior being described.

I'm not exactly sure where the configuration discrepancy is that's providing me the expected behavior. If one of you could provide the following, it would be very helpful to try and determine the underlying cause of this behavior:

  • run vagrant up --debug and provide a gist of the entire output
  • after the above command is completed, take a screenshot of the advanced security properties and include it.

Thanks!

@alexgit2k
Copy link
Contributor

No problems for me anymore with new Vagrant version 2.4.1 which includes fix #13329 for #13284.

@mosesmbadi
Copy link

If anyone else is still facing this issue, try disabling synced folders.
In my case I was syncing the /home/vagrant directory which was clearing .ssh I guess.
This is what I had,
config.vm.synced_folder ".", "/home/vagrant/"

I changed it to
config.vm.synced_folder ".", "/home/vagrant/shared"

and that fixed the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
command/ssh host/windows needs info needs-repro
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@chrisroberts @alexgit2k @msvihra @wanSri @mosesmbadi @asteiner-psh