When i run vagrant up in my app the process gets stuck at
SSH auth method: private key
Vagrantfile
Vagrant.configure(2) do |config|
config.vm.define :touch_rugby do |app_config|
app_config.vm.box = "bento/ubuntu-16.04"
app_config.vm.host_name = "touchrugby"
app_config.vm.network "private_network", ip: "33.32.1.2"
app_config.ssh.insert_key = true
end
end
When running vagrant ssh-config in another window
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile /Users/rich/.vagrant.d/insecure_private_key
IdentitiesOnly yes
LogLevel FATAL
Where would the insecure_private_key come from? and should it not be a private_key
What can i look at to try and debug this? I ran vagrant up in debug mode and found this
INFO ssh: Attempting to connect to SSH...
INFO ssh: - Host: 127.0.0.1
INFO ssh: - Port: 2222
INFO ssh: - Username: vagrant
INFO ssh: - Password? false
INFO ssh: - Key Path: ["/Users/rich/.vagrant.d/insecure_private_key"]
DEBUG ssh: - connect_opts: {:auth_methods=> ["none "hostbased""publickey"],
:config=>false,
:forward_agent=>false,
:send_env=>false,
:keys_only=>true,
:paranoid=>false,
:password=>nil,
:port=>2222,
:timeout=>15 }
INFO subprocess: Starting process: ["/usr/local/bin/VBoxManage", "showvminfo", "1f000e35-eee4-482d-8f76-91082f19c2ab", "--machinereadable"]
Does anyone have any further ideas on what i can do?
Thanks
The private key that you see at /Users/rich/.vagrant.d/insecure_private_key is generated by vagrant, if the ssh.insert_key property is set to true.
Looking at the documentation, you should be able to specify the location to an existing private key using.
config.ssh.private_key_path
The path to the private key to use to SSH into the guest machine. By default this is the insecure private key that ships with Vagrant, since that is what public boxes use. If you make your own custom box with a custom SSH key, this should point to that private key.
Normally, Vagrant will automatically use a public, "well-known" ssh key and will automatically set the virtual box up to use that key. To get that behavior just don't set the app_config.ssh.insert_key = true option in your Vagrantfile.
We set these two options in our Vagrantfile because we don't use the default vagrant account but to better emulate our AWS environment we create an ec2-user account and specify our own private ssh key.
config.ssh.username = "ec2-user"
config.ssh.private_key_path = "/Users/lance/git/devops/.vagrant_helpers/vagrant_private_key"
Related
I would like to set up VirtualBox via Vagrant in a way that resembles my cloud provider setup as close as possible. This means:
VM is reachable via some public IP (e.g. 192.168.0.2)
A given public SSH key is set up in /root/.ssh/authorized_keys
Bonus: The default user is root (but that's probably another question)
My Vagrantfile is:
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/focal64"
config.vm.define "master" do | w |
w.vm.hostname = "master"
w.vm.network "public_network", ip: "192.168.0.2"
w.vm.network "private_network", ip: "10.0.0.2"
w.vm.provider "virtualbox" do |vb|
vb.memory = "4096"
vb.cpus = 2
vb.name = "master"
end
end
config.vm.provision "file", source: "~/.ssh/bob.pub", destination: "~/.ssh/authorized_keys"
end
When Vagrant sets the box up it does some port forwarding for SSH for some reason:
==> master: Forwarding ports...
master: 22 (guest) => 2222 (host) (adapter 1)
==> master: Running 'pre-boot' VM customizations...
==> master: Booting VM...
==> master: Waiting for machine to boot. This may take a few minutes...
master: SSH address: 127.0.0.1:2222
master: SSH username: vagrant
master: SSH auth method: private key
So if you want to SSH into the box then you need:
ssh -p 2222 vagrant#127.0.0.1
But I would like to be able to have the setup without the port forwarding on the regular port and public IP, i.e. ssh vagrant#192.168.0.2
Is this somehow possible? The network settings in VirtualBox seem to be alright, but ssh vagrant#192.168.0.2 times out. Not sure how this port forwarding makes even sense.
Thanks for any suggestion!
Try using this.
Clearly define port and host for each VM via config.ssh
config.ssh.host = "ip"
config.ssh.port = "port"
I'm using homebrew to install Ansible on macOS Catalina (I previously installed via pip too per the documentation). The problem is that when I attempt to use a test playbook, I receive the following error:
target1 | FAILED! => {
"msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"
}
The issue is that sshpass isn't readily available on macOS via homebrew, etc. I've found a couple of options of installation for this but attempted to make the following changes prior to installing this:
export ANSIBLE_HOST_KEY_CHECKING=False
host_key_checking=false within the ansible.cfg in the same directory
None of the above changes worked, should I just install sshpass, or is there another workaround? Or should I just use virtualbox and call it a day?
For reference, this is the following playbook, it's a simple ping test that I'm attempting to use on a local Raspberry Pi that I've already been able to SSH into:
-
name: Test connectivity to target servers
hosts: all
tasks:
- name: Ping test
ping:
The inventory.txt file looks like this:
target1 ansible_host=192.168.x.x ansible_ssh_pass=<password>
Should I just install sshpass, or is there another workaround? Or should I just use virtualbox and call it a day?
It depends on the use case. What do you want to do? Use Ansible for development purposes, or use the machine with IP 192.168.x.x for production workloads?
It is preferred to use ssh keypairs instead of passwords. You can create these on the target host by executing command: "ssh-keygen". This way, you can 'work-around' the use of sshpass.
To help you out with using Virtualbox/Vagrant.
After installing Vagrant, create a file named "Vagrantfile" in a directory, place this in there:
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.provider "virtualbox" do |v|
v.memory = 2048
v.cpus = 2
end
config.ssh.insert_key = false
config.vm.define "vm-local-1" do | me |
me.vm.box = "rocky8-python3"
me.vm.hostname = "vm-local-1"
me.vm.network :forwarded_port, guest: 22, host: 65530, id: "ssh"
me.vm.network :forwarded_port, guest: 80, host: 8080
me.vm.network :forwarded_port, guest: 443, host: 4443
me.vm.network :forwarded_port, guest: 27017, host: 27017
me.vm.network "private_network", ip: "10.0.0.110"
me.vm.provision "ansible" do |ansible|
ansible.playbook = "playbook.yml"
ansible.inventory_path = "inventory"
ansible.limit = "vm-local-1"
end
end
end
Place this in /etc/vbox/networks.conf. This allows the usage of the 10.x.x.x network in Vagrant.
* 10.0.0.0/8 192.168.56.0/21
Create an inventory file, named 'inventory', and place this content in there. Replace my_username with your Username.
[local_test]
vm-local-1 ansible_ssh_user=vagrant ansible_host=127.0.0.1 ansible_ssh_port=65530 ansible_ssh_private_key_file=/Users/<my_username>/.vagrant.d/insecure_private_key
[local_test:vars]
ansible_python_interpreter=/usr/bin/python3
Then, create an Ansible playbook like this:
---
- hosts: local_test
gather_facts: false
become: true
tasks:
- shell: echo
Now, you can execute command: "vagrant up", and the VM will be automatically created, and the playbook will be executed automatically as well.
This ended up being more of a novice issue as I am still very new to the tool. Within my inventory file, I added ansible_user=pi which resolved the issue here.
To solve this, I logged into the raspberry pi via a manual ssh connection and ran the command systemctl status sshd. This showed me multiple login failures and that ansible was defaulting to my macOS user.
I am trying to use my own pair of RSA SSH-2 keys with Vagrant 1.9.5 on VirtualBox 5.1.22 with Windows 7 SP1 host and a CentOS 7.3 guest.
When I execute vagrant up I get :
Waiting for machine to boot. This may take a few minutes...
SSH address: 127.0.0.1:2222
SSH username: vagrant
SSH auth method: private key
Warning: Connection aborted. Retrying...
Warning: Connection reset. Retrying...
Warning: Connection aborted. Retrying...
Warning: Connection reset. Retrying...
Warning: Connection aborted. Retrying...
Warning: Connection reset. Retrying...
Warning: Connection aborted. Retrying...
...
I have found that the cause is failing to connect to the guest because the required key is not being added to ~/.ssh/authorized_keys but it contains Vagrant's default insecure_private_key.
This is my Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.boot_timeout = 120
config.ssh.insert_key = false
config.ssh.private_key_path = ["vagrant-setup/keys/my_openssh.key"]
# This is not copying authorized_keys to the guest
config.vm.provision "file", source: "vagrant-setup/.ssh/authorized_keys", destination: "~/.ssh/autorized_keys"
# Setting forward_agent to true and adding the key to Pageant doesn't make any difference
config.ssh.forward_agent = false
config.vm.define "MyMachineName" do |vs|
vs.vm.box = "vagrant-centos-73-x86_64-puppet"
vs.vm.box_url = "https://github.com/CommanderK5/packer-centos-template/releases/download/0.7.3/vagrant-centos-7.3.box"
# The shell script that will execute once just after the VM is created
vs.vm.provision "shell", path: "vagrant-setup/setup.sh"
# Create a private network, which allows host-only access to the machine using a specific IP.
config.vm.network "private_network", ip: "192.168.101.110"
vs.vm.provider "virtualbox" do |vb|
# Enable the GUI of VirtualBox and see whether the VM is waiting for input on startup
vb.gui = false
end
end
end
I have tried copying autorized_keys using vm.provision "shell" and cp from the guest. I have tried to change the permissions of autorized_keys on the guest before copying but nothing seems to work because it does not connect. And I have tried to perform the copy inside MyMachineName like vs.vm.provision "file", ...
If I login in once using vagrant ssh with user+password and I write authorized_keys by hand then afterwards I am able to log in with the SSH key and no password.
vagrant ssh-config reports
Host MyMachineName
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile C:/MyMachineName/vagrant-setup/keys/my_openssh.key
IdentitiesOnly yes
LogLevel FATAL
Putting the private key into C:\Users\My User Name\.ssh\id_rsa seems to make some difference, like if Vagrant was still looking for something there despite I explicitly set my own private key, but does not make it work. And it also seems to have a problem with C:\Users\My User Name\ having spaces but since it should not be used then that should not matter.
So the question is How do I make Vagrant work with my own pair of SSH keys without having to tweak the guest VM by hand?
There are plenty of replies at this other question, but most of them come down to put the key in authorized_keys by hand, which is exactly what I am trying to avoid.
Based on Frédéric Henri comment, this is what worked for me in order to login only with my own key and not insecure key nor user+password :
# -*- mode: ruby -*-
# vi: set ft=ruby :
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.ssh.insert_key = false
rsakey = File.read("vagrant-setup/keys/authorized_keys")
config.vm.provision "shell", inline: <<-EOC
echo '#{rsakey}' >> /home/vagrant/.ssh/authorized_keys
sed --in-place=.bak -r 's/^#?(PermitRootLogin|PermitEmptyPasswords|PasswordAuthentication|X11Forwarding) yes/\1 no/' /etc/ssh/sshd_config
sed --in-place=.bak '/== vagrant insecure public key$/d' /home/vagrant/.ssh/authorized_keys
EOC
config.vm.define "MyMachine" do |vs|
vs.vm.box = "vagrant-centos-73-x86_64-puppet"
vs.vm.box_url = "https://github.com/CommanderK5/packer-centos-template/releases/download/0.7.3/vagrant-centos-7.3.box"
# SSH settings
vs.ssh.private_key_path = ['~/.vagrant.d/insecure_private_key', "vagrant-setup/keys/my_openssh.key"]
# The shell script that will execute once just after the VM is created
vs.vm.provision "shell", path: "vagrant-setup/my_own_custom_setup_stuff.sh"
# Create a private network, which allows host-only access to the machine using a specific IP.
config.vm.network "private_network", ip: "192.168.101.110"
end
end
When running commands with ansible on a vagrant box, it is using the identity file located here:
IdentityFile="/Users/me/.vagrant.d/boxes/ubuntu-VAGRANTSLASH-trusty32/0/virtualbox/vagrant_private_key"
Instead of the file on the box: ~/.ssh/id_rsa
What can I do to fix this? This is my task by the way:
---
- name: Fetch the Htt Database
run_once: true
delegate_to: 543.933.824.210
remote_user: ubuntu
become_user: root
fetch: src=/home/ubuntu/file.sql.gz dest=/tmp/file.sql.bz fail_on_missing=yes
By-default vagrant use insecure_private_key to login vagrant user and that is not secure because every one know that key so if you want to use your ssh key then you can modify your Vagrantfile by adding lines
config.ssh.username = "username"
config.ssh.private_key_path = "fullpath-of-ssh-private-key"
config.ssh.insert_key = false
According to vagrant Documentation
config.ssh.insert_key - If true, Vagrant will automatically insert an
keypair to use for SSH, replacing the default Vagrant's insecure key
inside the machine if detected. By default, this is true.
This only has an effect if you don't already use private keys for
authentication or if you are relying on the default insecure key. If
you don't have to take care about security in your project and want to
keep using the default insecure key, set this to false.
also make sure you have public-key of your private-key in guest vm at /home/username/.ssh
For info you can use vagrant Documentation
I build a base box that I can use and am hosting it on a local share. I am able to add it locally with 'box add ', and I can then 'vagrant init '. Thats all good.
However, I can't seem to get the authentication working. The base box has the vagrant keys on it (from https://github.com/mitchellh/vagrant/tree/master/keys) and has a user/pass of vagrant/vagrant. I can get authentication working if I add the following to the Vagrantfile
vm.ssh.username = "vagrant"
vm.ssh.password = "vagrant"
However, I dont want to have to add that to my Vagrantfile each time. I tried adding that to the Vagrantfile in the .box file, but that didnt do it either.
What am I missing about setting up a base box?
Edit: my ssh-config
brian#brian-mbp:~/Dev/vagrant/banking$ vagrant ssh-config
Host default
HostName 127.0.0.1
User vagrant
Port 2201
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile /home/brian/Dropbox/dev/vagrant/banking/.vagrant/machines/default/virtualbox/private_key
IdentitiesOnly yes
LogLevel FATAL