New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

inserting newly generated public key changes file permissions of ~/.ssh/authorized_keys within guest #7627

Closed
ericfrederich opened this Issue Jul 22, 2016 · 6 comments

Comments

Projects
None yet
5 participants
@ericfrederich

ericfrederich commented Jul 22, 2016

Vagrant version

1.8.5

Host operating system

RHEL7

Guest operating system

CentOS7

Vagrantfile

# nothing special here
Vagrant.configure(2) do |config|

  config.vm.box = "test/centos-7"

  config.vm.provider "virtualbox" do |vb|
    # Display the VirtualBox GUI when booting the machine
    vb.gui = true

    # Customize the amount of memory on the VM:
    vb.memory = "4096"
    vb.cpus = 2
    vb.customize ["modifyvm", :id, "--vram", "24"]
  end

  config.vm.provision :shell, path: "bootstrap.sh", name: "bootstrap"

end

Debug output (Sorry can't paste a gist; our firewall blocks gist for some reason.)

==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: Warning: Remote connection disconnect. Retrying...
    default: 
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default: 
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...

Then 27 of these

    default: Warning: Authentication failure. Retrying...

Then

Timed out while waiting for the machine to boot. This means that
Vagrant was unable to communicate with the guest machine within
the configured ("config.vm.boot_timeout" value) time period.

Expected behavior

It should have logged in again and ran some provisioners

Actual behavior

This is what happened and is the bug.
The insecure key was sitting in there at ~/.ssh/authorized_keys with mode 600
After inserting the newly generated key ~/.ssh/authorized_keys was at 664
If I'm quick to log in (via password) while it is still retrying, I can do chmod ~/.ssh/authorized_keys 644 and everything continues on and works. I'm assuming going to 600 would work as well.

I don't think this key replacement should change the file permissions.

Steps to reproduce

  1. Try to build and use https://github.com/sbeliakou/packer-centos-template from RHEL or CentOS host.

... or you could just take my word for it and make the code not modify file permissions ;-)

@jstortz

This comment has been minimized.

jstortz commented Jul 22, 2016

I just upgraded to vagrant 1.8.5 and I'm getting the exact same thing.

Vagrant version

1.8.5

Host operating system

OSX 10.11.5

Guest operating system

Oracle Enterprise Linux 6.6

Virtualization Platform

VMWare Fusion 8.1.1

Plugins

$ vagrant plugin list
vagrant-hostmanager (1.8.5)
vagrant-reload (0.0.1)
vagrant-share (1.1.5, system)
vagrant-vmware-fusion (4.0.10)
@Farkya

This comment has been minimized.

Farkya commented Jul 22, 2016

Facing same issue:
Vagrant version
1.8.5
Host operating system
OSX 10.11.5
Guest operating system
CentOS7
Virtualization Platform
Virtual Box 5.0.26

Log:
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Remote connection disconnect. Retrying...
default: Warning: Remote connection disconnect. Retrying...
default: Warning: Remote connection disconnect. Retrying...
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
default: Warning: Authentication failure. Retrying...
default: Warning: Authentication failure. Retrying...
default: Warning: Authentication failure. Retrying...
default: Warning: Authentication failure. Retrying...

@jstortz

This comment has been minimized.

jstortz commented Jul 22, 2016

I downgraded to 1.8.4 and was able to start my machine immediately.

@cigoe

This comment has been minimized.

cigoe commented Jul 22, 2016

Me and another develop ran into the same issues yesterday as well. Downgrading to 1.8.4 solved the issue for us as well.

@sethvargo

This comment has been minimized.

Contributor

sethvargo commented Jul 23, 2016

This is a known issue and has been fixed on master. Sorry about that. We'll get a release out soon!

@sethvargo sethvargo closed this Jul 23, 2016

@ericfrederich

This comment has been minimized.

ericfrederich commented Jul 24, 2016

@sethvargo, when you do make sure to update the download page which still links to 1.8.1

Thanks for looking into it. Glad to know it's fixed!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.