New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

First time Login problem with new Vagrant box #5492

Closed
blacklabelops opened this Issue Mar 17, 2015 · 14 comments

Comments

Projects
None yet
6 participants
@blacklabelops

My vagrant boxes (new and reused boxes) always needs password for first login. Then it recognizes and removed the insecure key. Afterwards the new key works fine without any prompt for password.

What am I missing?

I have this issue with:

  • Vagrant 1.7.1, 1.7.2
  • Virtualbox 4.3.20 and 4.3.24
  • Centos 7

I am preparing the vagrant user insecure key like this:

mkdir /home/vagrant/.ssh && chmod 700 /home/vagrant/.ssh
curl https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub >> /home/vagrant/.ssh/authorized_keys
chmod 600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant:vagrant /home/vagrant
@sethvargo

This comment has been minimized.

Show comment
Hide comment
@sethvargo

sethvargo Mar 17, 2015

Contributor

Hi @blacklabelops

I am sorry you are having issues with Vagrant box packaging. Can you confirm the commands are setting the permissions on the files correctly? This usually happens if OpenSSH cannot read the file.

Contributor

sethvargo commented Mar 17, 2015

Hi @blacklabelops

I am sorry you are having issues with Vagrant box packaging. Can you confirm the commands are setting the permissions on the files correctly? This usually happens if OpenSSH cannot read the file.

@blacklabelops

This comment has been minimized.

Show comment
Hide comment
@blacklabelops

blacklabelops Mar 17, 2015

Hi @sethvargo

I rechecked:
My box:

drwx------. 2 vagrant vagrant   28 16. Mar 17:54 .ssh
-rw-------. 1 vagrant vagrant 389 16. Mar 17:54 authorized_keys

Working box (chef/cento-7.0):

drwx------. 2 vagrant root     28 17. Mär 21:26 .ssh
-rw-------. 1 vagrant vagrant 389 17. Mär 21:26 authorized_keys

What to do?

Hi @sethvargo

I rechecked:
My box:

drwx------. 2 vagrant vagrant   28 16. Mar 17:54 .ssh
-rw-------. 1 vagrant vagrant 389 16. Mar 17:54 authorized_keys

Working box (chef/cento-7.0):

drwx------. 2 vagrant root     28 17. Mär 21:26 .ssh
-rw-------. 1 vagrant vagrant 389 17. Mär 21:26 authorized_keys

What to do?

@blacklabelops

This comment has been minimized.

Show comment
Hide comment
@blacklabelops

blacklabelops Mar 17, 2015

Also changed .ssh to 755 and authorized_keys to 755. Doesnt work.

Also changed .ssh to 755 and authorized_keys to 755. Doesnt work.

@blacklabelops

This comment has been minimized.

Show comment
Hide comment
@blacklabelops

blacklabelops Mar 17, 2015

Example output:
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Connection timeout. Retrying...
default: Warning: Remote connection disconnect. Retrying...
Text will be echoed in the clear. Please install the HighLine or Termios libraries to suppress echoed text.
vagrant@127.0.0.1's password:vagrant
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if its present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
==> default: Mounting shared folders...

Example output:
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Connection timeout. Retrying...
default: Warning: Remote connection disconnect. Retrying...
Text will be echoed in the clear. Please install the HighLine or Termios libraries to suppress echoed text.
vagrant@127.0.0.1's password:vagrant
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if its present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
==> default: Mounting shared folders...

@sethvargo sethvargo added bug core and removed waiting-reply labels Mar 17, 2015

@neuroticnerd

This comment has been minimized.

Show comment
Hide comment
@neuroticnerd

neuroticnerd Mar 18, 2015

Hello, I just tried to distribute a new development image to my other team members today and ran into the same problem. While just entering 'vagrant' as the password is a simple solution, I would prefer not to have to do that. Info on versions I'm using:

  • Vagrant 1.7.2
  • VirtualBox 4.3.22
  • Ubuntu 14.04 (base image, which was then repackaged with development dependencies)

The above output posted by @blacklabelops is almost identical to the output I get. Has this behavior been confirmed as a bug, or are there packaging or Vagrant configuration options I've missed that will mitigate this issue?

Hello, I just tried to distribute a new development image to my other team members today and ran into the same problem. While just entering 'vagrant' as the password is a simple solution, I would prefer not to have to do that. Info on versions I'm using:

  • Vagrant 1.7.2
  • VirtualBox 4.3.22
  • Ubuntu 14.04 (base image, which was then repackaged with development dependencies)

The above output posted by @blacklabelops is almost identical to the output I get. Has this behavior been confirmed as a bug, or are there packaging or Vagrant configuration options I've missed that will mitigate this issue?

@blacklabelops

This comment has been minimized.

Show comment
Hide comment
@blacklabelops

blacklabelops Mar 22, 2015

I have a big problem with vagrant package. Vagrant removes insecure key. I need the insecure key to redistribute my boxes on Atlas.

Every time i enter (Vagrant, MaxOS)

$ vagrant package --base xy

Vagrant removes the insecure key i placed inside my image. I guess thats my key problem here.

Is there an alternate way to package a vagrant box? Im currently stuck here.

I have a big problem with vagrant package. Vagrant removes insecure key. I need the insecure key to redistribute my boxes on Atlas.

Every time i enter (Vagrant, MaxOS)

$ vagrant package --base xy

Vagrant removes the insecure key i placed inside my image. I guess thats my key problem here.

Is there an alternate way to package a vagrant box? Im currently stuck here.

@blacklabelops

This comment has been minimized.

Show comment
Hide comment
@blacklabelops

blacklabelops Mar 22, 2015

I switched to Packer for creating redistributing boxes. Works fine.

I switched to Packer for creating redistributing boxes. Works fine.

@neuroticnerd

This comment has been minimized.

Show comment
Hide comment
@neuroticnerd

neuroticnerd Mar 27, 2015

Our office is switching to packer as well for a number of reasons, one of which is that as mentioned it does not appear to exhibit this behavior

Our office is switching to packer as well for a number of reasons, one of which is that as mentioned it does not appear to exhibit this behavior

@timhughes

This comment has been minimized.

Show comment
Hide comment
@timhughes

timhughes May 17, 2015

Seeing this as well with a base image built from http://store01.timhughes.org/~tim/ks/centos6_minimal_vagrant.cfg

==> default: Starting domain.
==> default: Waiting for domain to get an IP address...
==> default: Waiting for SSH to become available...
Text will be echoed in the clear. Please install the HighLine or Termios libraries to suppress echoed text.
vagrant@192.168.121.136's password:Text will be echoed in the clear. Please install the HighLine or Termios libraries to suppress echoed text.
vagrant@192.168.121.136's password:vagrant
    default: 
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default: 
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if its present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
Text will be echoed in the clear. Please install the HighLine or Termios libraries to suppress echoed text.
vagrant@192.168.121.136's password:vagrant
==> default: Starting domain.
==> default: Waiting for domain to get an IP address...
==> default: Waiting for SSH to become available...
==> default: Creating shared folders metadata...
==> default: Installing rsync to the VM...
==> default: Rsyncing folder: /home/thughes/tmp/foo/ => /vagrant
==> default:   - Exclude: [".vagrant/", ".git/"]
vagrant@192.168.121.136's password: 
==> default: Configuring and enabling network interfaces...
go:1.4.2|rb:system|py:system|[thughes@titanium: ~/tmp/foo]$ vagrant ssh
X11 forwarding request failed
[vagrant@localhost ~]$  hostname
localhost.localdomain
[vagrant@localhost ~]$ 

Seeing this as well with a base image built from http://store01.timhughes.org/~tim/ks/centos6_minimal_vagrant.cfg

==> default: Starting domain.
==> default: Waiting for domain to get an IP address...
==> default: Waiting for SSH to become available...
Text will be echoed in the clear. Please install the HighLine or Termios libraries to suppress echoed text.
vagrant@192.168.121.136's password:Text will be echoed in the clear. Please install the HighLine or Termios libraries to suppress echoed text.
vagrant@192.168.121.136's password:vagrant
    default: 
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default: 
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if its present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
Text will be echoed in the clear. Please install the HighLine or Termios libraries to suppress echoed text.
vagrant@192.168.121.136's password:vagrant
==> default: Starting domain.
==> default: Waiting for domain to get an IP address...
==> default: Waiting for SSH to become available...
==> default: Creating shared folders metadata...
==> default: Installing rsync to the VM...
==> default: Rsyncing folder: /home/thughes/tmp/foo/ => /vagrant
==> default:   - Exclude: [".vagrant/", ".git/"]
vagrant@192.168.121.136's password: 
==> default: Configuring and enabling network interfaces...
go:1.4.2|rb:system|py:system|[thughes@titanium: ~/tmp/foo]$ vagrant ssh
X11 forwarding request failed
[vagrant@localhost ~]$  hostname
localhost.localdomain
[vagrant@localhost ~]$ 
@cnk

This comment has been minimized.

Show comment
Hide comment
@cnk

cnk Jul 8, 2015

Anyone have any insight into why repackages boxes request a password for the first login? Is this a Mac issue? Is switching to Packer the only option to get around this? I just want to add build essentials to the stock Opscode Ubuntu 14.04 image and would prefer to be able to just create the a new base box from the running VM if possible.

cnk commented Jul 8, 2015

Anyone have any insight into why repackages boxes request a password for the first login? Is this a Mac issue? Is switching to Packer the only option to get around this? I just want to add build essentials to the stock Opscode Ubuntu 14.04 image and would prefer to be able to just create the a new base box from the running VM if possible.

@blacklabelops

This comment has been minimized.

Show comment
Hide comment
@blacklabelops

blacklabelops Jul 8, 2015

In order to make a successful repackaged box, you have to reinstall the default vagrant insecure ssh key. Vagrant recognizes this key and replaces it with a secure ssh key.

Vagrant replaces this key anytime you contact the vm with vagrant, its built in and automatically. Once replaced with a secure one the box is not portables as future vagrants must know the secure key. If vagrant does not recognize the key, it will offer a login prompt.

Packer is the only solution to replace the key. I have an example of a box that I redistribute with bash scripts from a running vm, the procedure uses Packer and can be found here:
https://github.com/blacklabelops/dockerdev

The method is easy and work with any virtualbox box. Im using mac and Im building this project daily on linux.

In order to make a successful repackaged box, you have to reinstall the default vagrant insecure ssh key. Vagrant recognizes this key and replaces it with a secure ssh key.

Vagrant replaces this key anytime you contact the vm with vagrant, its built in and automatically. Once replaced with a secure one the box is not portables as future vagrants must know the secure key. If vagrant does not recognize the key, it will offer a login prompt.

Packer is the only solution to replace the key. I have an example of a box that I redistribute with bash scripts from a running vm, the procedure uses Packer and can be found here:
https://github.com/blacklabelops/dockerdev

The method is easy and work with any virtualbox box. Im using mac and Im building this project daily on linux.

@cnk

This comment has been minimized.

Show comment
Hide comment
@cnk

cnk Jul 8, 2015

@blacklabelops Thanks for the link to demo code. I'll have a look.

I was under the impression (based on vagrant docs and some blog posts) that one could simply replace the ~vagrant/.ssh/authorized_keys file the the insecure public key from the github repo before running the package command. In fact, earlier posts on this thread seem to indicate as much. However, that clearly does not work.

Even if Packer does work, I would still love to hear why the simple "reinstall insecure public key" method does not work. Is something changing that file during the packaging? if so, what and why?

cnk commented Jul 8, 2015

@blacklabelops Thanks for the link to demo code. I'll have a look.

I was under the impression (based on vagrant docs and some blog posts) that one could simply replace the ~vagrant/.ssh/authorized_keys file the the insecure public key from the github repo before running the package command. In fact, earlier posts on this thread seem to indicate as much. However, that clearly does not work.

Even if Packer does work, I would still love to hear why the simple "reinstall insecure public key" method does not work. Is something changing that file during the packaging? if so, what and why?

@blacklabelops

This comment has been minimized.

Show comment
Hide comment
@blacklabelops

blacklabelops Jul 9, 2015

My scripts simply reinstalls the insecure key, no more no less. You can also enter the vm yourself reinstall the insecure key, stop it and export the machine, this also works.
It just does not work when you do it with Vagrant. Vagrant removes the key again immediately.

My scripts simply reinstalls the insecure key, no more no less. You can also enter the vm yourself reinstall the insecure key, stop it and export the machine, this also works.
It just does not work when you do it with Vagrant. Vagrant removes the key again immediately.

@mitchellh

This comment has been minimized.

Show comment
Hide comment
@mitchellh

mitchellh Nov 19, 2015

Member

This is fixed! vagrant package --base no longer removes the insecure key. This should be good to go.

Member

mitchellh commented Nov 19, 2015

This is fixed! vagrant package --base no longer removes the insecure key. This should be good to go.

@mitchellh mitchellh closed this Nov 19, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment