Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


Permission on key_factory.rb #580

scottwhitworth opened this Issue · 19 comments

8 participants

scottwhitworth Greg Harvey Les Orchard Zsolt Takács Mitchell Hashimoto jravetch Joe Jasinski Cliffano Subagio

/Library/Ruby/Gems/1.8/gems/net-ssh-2.1.4/lib/net/ssh/key_factory.rb:38:in `read': Permission denied - /Library/Ruby/Gems/1.8/gems/vagrant-0.8.8/keys/vagrant (Errno::EACCES)

seems to be a reversion of


on 0.8.8. Reverting back to 0.8.7 via gem install vagrant --version=0.8.7 has everything running fine.

OS: OSX 10.7
VirtualBox: 4.1.6

Permissions seem to be okay (0644)

MBP:ssh scott$ ls -la
total 144
drwxr-xr-x  21 root  wheel    714 Dec  5 20:52 .
drwxr-xr-x   4 root  wheel    136 Dec  5 20:52 ..
drwxr-xr-x   8 root  wheel    272 Dec  5 20:52 authentication
-rw-r--r--   1 root  wheel  11074 Dec  5 20:52 buffer.rb
-rw-r--r--   1 root  wheel   6157 Dec  5 20:52 buffered_io.rb
-rw-r--r--   1 root  wheel   7370 Dec  5 20:52 config.rb
drwxr-xr-x   6 root  wheel    204 Dec  5 20:52 connection
-rw-r--r--   1 root  wheel   3177 Dec  5 20:52 errors.rb
-rw-r--r--   1 root  wheel   3751 Dec  5 20:52 key_factory.rb
-rw-r--r--   1 root  wheel   4472 Dec  5 20:52 known_hosts.rb
-rw-r--r--   1 root  wheel   2020 Dec  5 20:52 loggable.rb
-rw-r--r--   1 root  wheel   4522 Dec  5 20:52 packet.rb
-rw-r--r--   1 root  wheel   2970 Dec  5 20:52 prompt.rb
drwxr-xr-x   7 root  wheel    238 Dec  5 20:52 proxy
-rw-r--r--   1 root  wheel   1217 Dec  5 20:52 ruby_compat.rb
drwxr-xr-x   3 root  wheel    102 Dec  5 20:52 service
drwxr-xr-x  10 root  wheel    340 Dec  5 20:52 test
-rw-r--r--   1 root  wheel   3297 Dec  5 20:52 test.rb
drwxr-xr-x  15 root  wheel    510 Dec  5 20:52 transport
drwxr-xr-x   5 root  wheel    170 Dec  5 20:52 verifiers
-rw-r--r--   1 root  wheel   1901 Dec  5 20:52 version.rb
Greg Harvey

+1 - we're seeing this with 0.8.8 on Mac OSX and Linux (Fedora).

Les Orchard

Seeing this, too. Though, I had to gem uninstall vagrant first, since gem install vagrant --version=0.8.7 didn't actually fix the issue for me.

Zsolt Takács

The problem is with the vagrant private key, it's 600 instead of 644. I've seen this problem on mac os and linux.

To fix it on Mac OS:
sudo chmod 644 /Library/Ruby/Gems/1.8/gems/vagrant-0.8.8/keys/vagrant
On debian based linux distibutions:
sudo chmod 644 /usr/lib/gems/1.8/gems/vagrant-0.8.8/keys/vagrant

Mitchell Hashimoto

Hm, this is strange. The keys have to be 0600 for ssh to work directly, but I haven't changed the permissions so I'm not sure how anything would change. I have a feeling this has to do with installing via sudo but then vagrant ssh wouldn't work. Hm...

I'll continue looking.

Mitchell Hashimoto

Wow yeah I get really strange behavior when Vagrant is sudo installed. Marked as a bug and will be fixed.

Mitchell Hashimoto

Fixed: 05ae297

Mitchell Hashimoto mitchellh closed this

I'm still seeing this error with OS X 10.7 and vagrant 0.8.10

Joe Jasinski

I'm seeing the same issue with osx 10.7 and vagrant 0.8.10.

default] Matching MAC address for NAT networking...
[default] Clearing any previously set forwarded ports...
[default] Forwarding ports...
[default] -- ssh: 22 => 2222 (adapter 1)
[default] Creating shared folders metadata...
[default] Running any VM customizations...
[default] Booting VM...
[default] Waiting for VM to boot. This can take a few minutes.
[default] Forcing shutdown of VM...
[default] Destroying VM and associated drives...
/opt/local/lib/ruby/gems/1.8/gems/net-ssh-2.1.4/lib/net/ssh/key_factory.rb:38:in `read': Permission denied -     /opt/local/lib/ruby/gems/1.8/gems/vagrant-0.8.10/keys/vagrant (Errno::EACCES)
    from /opt/local/lib/ruby/gems/1.8/gems/net-ssh-2.1.4/lib/net/ssh/key_factory.rb:38:in `load_private_key'
    from /opt/local/lib/ruby/gems/1.8/gems/net-ssh-2.1.4/lib/net/ssh/authentication/key_manager.rb:137:in `sign'
    from /opt/local/lib/ruby/gems/1.8/gems/net-ssh-2.1.4/lib/net/ssh/authentication/methods/publickey.rb:62:in `authenticate_with'
    from /opt/local/lib/ruby/gems/1.8/gems/net-ssh-2.1.4/lib/net/ssh/authentication/methods/publickey.rb:20:in `authenticate'
    from /opt/local/lib/ruby/gems/1.8/gems/thor-0.14.6/lib/thor/invocation.rb:118:in `invoke_task'
    from /opt/local/lib/ruby/gems/1.8/gems/thor-0.14.6/lib/thor.rb:263:in `dispatch'
    from /opt/local/lib/ruby/gems/1.8/gems/thor-0.14.6/lib/thor/base.rb:389:in `start'
    from /opt/local/lib/ruby/gems/1.8/gems/vagrant-0.8.10/bin/vagrant:26
    from /opt/local/bin/vagrant:19:in `load'
    from /opt/local/bin/vagrant:19

The following command seemed to fix.

sudo chmod 644 /opt/local/lib/ruby/gems/1.8/gems/vagrant-0.8.10/keys/vagrant

Mitchell Hashimoto

This issue is fixed in git, and will be part of the next release. For now please just do the chmod necessary:

sudo chmod 644 /opt/local/lib/ruby/gems/1.8/gems/vagrant-0.8.10/keys/vagrant

(Where the path to your key might be different)

Joe Jasinski

Thank you mitchellh


Thanks mitchelih!

Cliffano Subagio

@mitchellh What's the proper keys/vagrant setup when user1 installed vagrant via 'sudo gem install vagrant' , but vagrant is meant to be used by both user1 and user2? (user2 won't have the copied key).

Also, I'm using vagrant-1.0.6, but I can't find the insecure_private_key anywhere in user1 home dir (also, there's no ~/.ssh). Where should it be copied to?

Mitchell Hashimoto

It is supposed to be copied to "~/.vagrant.d"

Cliffano Subagio

Odd, the key doesn't exist anywhere in ~/.vagrant.d , using vagrant-1.0.6 on RHEL6.

ls -al ~/.vagrant.d/
total 20
drwxr-xr-x 5 foo bar 4096 Feb 27 16:48 .
drwx------ 6 foo bar 4096 Feb 27 16:48 ..
drwxr-xr-x 2 foo bar 4096 Feb 27 16:48 boxes
drwxr-xr-x 2 foo bar 4096 Feb 27 16:48 gems
drwxr-xr-x 2 foo bar 4096 Feb 27 16:48 tmp

Mitchell Hashimoto

It should get created on a vagrant up? If that is not the case, can you get me the VAGRANT_LOG=debug output (gist it)

Cliffano Subagio

Gist created
It looks like the key can't be copied because of permission.

I installed vagrant using 'sudo gem install vagrant', so the key has 600 permission.
And then when I run vagrant without sudo, the key can't be accessed when it needs to be copied across to ~/.vagrant.d

Cliffano Subagio

This means 05ae297 assumes that the key will be accessible to be copied to ~/vagrant.d/, but that's not the case when vagrant is installed with 'gem install vagrant', but then it's run as non-root 'vagrant up'

The same error also shows up on 'vagrant --help', 'vagrant destroy', etc

Mitchell Hashimoto

Fixed! :)

Cliffano Subagio

Awesome :) Thanks @mitchellh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.