Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FR: Provide option to "first time" setup boxes with SSH access using a custom provided SSH key #9195

Open
danowar2k opened this issue Nov 16, 2017 · 2 comments
Open

FR: Provide option to "first time" setup boxes with SSH access using a custom provided SSH key #9195

danowar2k opened this issue Nov 16, 2017 · 2 comments
Labels
enhancement

Comments

@danowar2k
Copy link
Contributor

danowar2k commented Nov 16, 2017
edited

Vagrant version

Vagrant 2.0.0

Host operating system

Windows 7

Guest operating system

Ubuntu, Solaris

Description

Public Vagrant boxes are setup in a way to use the insecure publicly known private key for first time access. When you "vagrant up" a box to create it, the insecure key is detected and replaced with a randomly generated private key. That key is placed inside the .vagrant folder and therefore used to "vagrant ssh" to a box.

playbook_test: Vagrant insecure key detected. Vagrant will automatically replace
playbook_test: this with a newly generated keypair for better security.
playbook_test:
playbook_test: Inserting generated public key within guest...
playbook_test: Removing insecure key from the guest if it's present...

At the moment you have the ability to specify a custom private key used for connecting to a box. But if you do so, you can't use a public box because that machine only allows first time access using the publicly known Vagrant key.

Please provide an option that lets the user tell Vagrant not to randomly generate the above key, but use a custom key that you otherwise would specify in config.ssh.private_key_path.
Option name example: config.ssh.replace_insecure_key_with

Then config.ssh.private_key_path could default to the value of config.ssh.replace_insecure_key_with.
@danowar2k danowar2k changed the title Provide option to "first time" setup boxes with SSH access using a custom provided SSH key FR: Provide option to "first time" setup boxes with SSH access using a custom provided SSH key Nov 17, 2017
@gsilos
Copy link

gsilos commented Apr 3, 2018

@danowar2k Nice. BTW what you do to handle that from your side until the patch is not available? Im trying to workaround this also. Thanks.

@danowar2k
Copy link
Contributor Author

I let Vagrant replace the "public" private key with a generated key for each VM. This key is then used when using "vagrant ssh" from the host.
Then I use provisioners to add my own vagrant key to every configured box as the default key to use (id_rsa) and add that key to the authorized_keys file on every host. This is for connecting between vagrant VMs.
Finally, I have a configured SSH agent on my Windows host machine that starts every time I use the git bash. I have agent forwarding enabled on my Vagrant VMs. This is used when I want to connect to a "real" VM from my Ansible control machine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@briancain @gsilos @danowar2k