I have a strange problem with vagrant ssh. Similar questions, like Vagrant asks for password after SSH key update, or (vagrant & ssh) require password, or Vagrant ssh authentication failure do not help me.
So, the plot.
I have a virtual machine running Ubuntu 14.04.3. All setup was made according to this article: https://blog.engineyard.com/2014/building-a-vagrant-box.
Note: I can ssh to this virtual machine using Putty with vagrant's insecure_private_key (converted to *.ppk), which is located "C:/Users/Gino/.vagrant.d/insecure_private_key. Password is not promtped.
Then I packaged this virtual machine, init vagrant with this package and ran vagrant up. I got "Warning: Authentication failure. Retrying..." error. But nevertheless I could vagrant ssh to this machine, but it asked me a password. And if I tried to ssh to it using Putty with the necessary key (as in the first paragraph), it asked me for a password too.
I vagrant halted this machine, found it in VirtualBox VM's list and ran it manually. After that I tried to ssh to this machine using Putty with the same key and succeed - I could logon without any password.
Result of vagrant ssh-config, if needed:
h:\VagrantBoxes\main-server32>vagrant ssh-config
Host default
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile "C:/Users/Gino/.vagrant.d/insecure_private_key"
IdentitiesOnly yes
LogLevel FATAL
My Vagrantfile (it was generated automatically, almost nothing there, only a suggested line from comments was added):
Vagrant.configure(2) do |config|
config.vm.box = "vagrant-main-server32"
config.ssh.insert_key = false
end
So what's the mystery here? Why ssh using key works without vagrant up and fails and prompts for password with it?
Note. Another funny thing: it still can not authenticate during
vagrant up. But if at the time when errors "authentication failure"
appear I log in to vm through virtualbox, it also succeed to log in in
the window with vagrant up. And then vagrant ssh works.
I had the same issue with vagrant 1.8.1, on several boxes I use (ie: geerlingguy/centos6)
I didn't have any problem with Vagrant 1.7 on those boxes.
After some research on why i could not ssh in that box, it appears that /home/vagrant on the box had 755 permissions and ssh prevent authentication to user with those permissions
extract of /var/log/secure:
Jan 28 15:11:36 server sshd[11721]: Authentication refused: bad ownership or modes for directory /home/vagrant
To fix that vm, I only have to change the permissions /home/vagrant (did a chmod 700 on it) and now i can ssh directly into my boxes
I don't knwo how to fix it directly I think you should modify your box directly
Hope this helps!
edit: I thought it was a shared folder from the host but it's /vagrant that is shared not /home/vagrant
I had this old setting at the top of ~/.ssh/config.
PubkeyAcceptedKeyTypes ssh-dss,ssh-rsa
After removing it, vagrant ssh stopped asking for password.
If you saved your Vagrantfile on an external HardDrive and use exfat because you are working cross platform like me, you will also encounter this error. Since exfat does not save permissions, ssh will always think that the private keys permission is 777 => to open.
I put together this script as a workaround which runs on powershell and bash (so compatible with Linux, Mac and Windows):
# ssh-agent # uncomment if your ssh-agent isn't running as a service
cat V:\vm\arch_template\.vagrant\machines\default\virtualbox\private_key | ssh-add -
ssh -p 2222 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no vagrant#localhost
It requieres a working ssh-agent configuration. Also pay attantion to the correct port! Vagrant changes it to a different port if 2222 isn't availabe during vagrant up.
I had the same issue, getting vagrant#127.0.0.1's password: when starting up vagrant, after inputting the supposed password [vagrant], I could connect to the VM. However, after reading through other solutions, I tried ssh-agent on the same directory where the vagrantfile that was initiated is, and vagrant-ssh, and I am able to connect to the running instance.
Related
I noticed that I can provision a box, and ssh to it even after commenting out both options in Homestead.yaml, as in:
# authorize: ~/.ssh/id_rsa.pub
# keys:
# - ~/.ssh/id_rsa
Are they necessary at all? I suppose that they let me specify public/private keys for vagrant ssh, but as I understand such pair is generated by vagrant anyway (see here). What is the actual need for those settings then?
The reason I'd like to know that is that I keep running into an issue where I cannot ssh into a box as vagrant up keeps hanging up on homestead-7: SSH auth method: private key (as in this question). With authorize and keys options commented out I haven't had problem with vagrant up so far.
SSH keys are used for passwordless authentication. In order to use this, you will need to run ssh-keygen then press enter for all defaults. Once this has been generated, then Homestead will use that to ssh into the VM and run the necessary commands.
If you are running Windows 10, then you will need to install an SSH client. This could be done in various ways such as GIT Bash, Putty, OpenSSH and WSL. If you comment the lines out, then it's likely it will be logging into the machine using the default username/password combo given to the machine.
I have been playing around with a Hadoop installation on CentOS for a while but today when I shifted to RHEL I got pesky password prompts when trying to start the pseudo-distributed cluster. After hours of poking around I finally managed to get rid of them by removing the security policy I had selected during installation of RHEL.
Looks like some aspect of the security policy was not letting me set up password less SSH to allow the different servers to communicate.
Going forward I would like to be able to run a cluster on machines with security policy enabled. What are the changes that I need to make, or where should I start looking into, to get the right set of network configurations?
I got pesky password prompts when trying to start the pseudo-distributed cluster
That's a sign you did not correctly establish a passwordless SSH keypair. Perhaps you did type a password when you generated the key? Or you didn't add it correctly into the authorized keys file for an SSH session.
This should not prompt for a password
$ ssh localhost
And if it does, generate keys again without a password
$ ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ chmod 0600 ~/.ssh/authorized_keys
Also, RHEL systems need SELinux disabled. I believe Cloudera and Hortonworks install guides also have you turning the firewall off
If you want a secure cluster, you would install and configure MIT Kerberos or Active Directory
Testing default example
$ vagrant init hashicorp/precise32
$ vagrant up
My box:
Windows 8.1
VirtualBox 5.0.2
Vagrant 1.7.4
Intel i7-4700MQ CPU witch seems to have IntelĀ® Virtualization Technology (VT-x) http://ark.intel.com/products/75117/Intel-Core-i7-4700MQ-Processor-6M-Cache-up-to-3_40-GHz
I know this is common error but after trying everything I still cannot make it work
While VM shows:
And I can log in successfully:
Firewall / Antivirus turned off.
Hyper-V is not installed
I have tried connecting via putty to 127.0.0.1 2222
EDIT:
Vagrantfile (I have removed commented out lines)
Vagrant.configure(2) do |config|
config.vm.box = "hashicorp/precise32"
end
This is what vagrant ssh does... nothing. And vagrant reload stuck on same issue.
This happens with Vagrant from time to time with the first spin up. After it does that it will timeout and drop you back at the prompt, go vagrant ssh, it will let you in. If it does not go vagrant reload and it will restart the vm. This occurs because the vagrant images have dns turned off so it takes a while to resolve the connection. Again, this sometimes occurs on the first up after you download it and spin it up.
I suspect this could be a misconfigured VBox guest.
I suppose you could try making sure that NAT and port forwarding are enabled in the settings of your VM, and if they aren't, you could enable it manually: in the VirtualBox Graphical Manager, select the machine, click on settings, click on network at the right of the popup, check all the adapters and make sure that the adapter that is "attached to NAT" is enabled. Also, check the port forwarding settings. You can also access the network settings when you are running the VM, from the buttons at the bottom/left (the third button in your second pic, from left to right).
Something that I found out was the case for me after multiple destroys/reebots: check if you have an SSH agent running with a key loaded (like Pageant for PuTTY).
In my case having another SSH key loaded with Pageant (instead of the one configured for Vagrant) was conflicting with the authentication process, which resulted in endless "Connection refused. Retrying" and ultimately in me being unable to use Vagrant.
The solution is to either
Load the appropriate key in Pageant
Close pageant (what I usually do, as it's faster in my case)
Hope this helps someone out there!
here are a few things I would try (and I do understand you might have tried a lot of this and it might not solve your issues but just in case) :
follow the steps from https://www.hanselman.com/blog/SwitchEasilyBetweenVirtualBoxAndHyperVWithABCDEditBootEntryInWindows81.aspx to completely disable Hyper-V (not sure its enough from windows features - and even though you're using a 32-bit box)
not sure if you enabled the gui mode when you logged into the vm from virtual box or you just opened it after, but enable the option and check if nothing is blocking during the startup
config.vm.provider :virtualbox do |vb|
vb.gui = true
end
use another ssh port (even though it does not mention there is a collision) you can try another port
config.vm.network :forwarded_port, guest: 22, host: 2522, auto_correct: false, id: "ssh"
see after vagrant up if you can connect with putty.
optionally, you can run vagrant up --debug to get more information about the error, you will see where it loops/error and give the output of that for others on SO to comment
EDIT
Giving another look, I thought the issue was about connection timeout but it is connection refused the message says
SSH username: vagrant
SSH auth method: password
but you're not passing any password in the Vagrantfile you show. Just add
Vagrant.configure(2) do |config|
config.vm.box = "hashicorp/precise32"
config.ssh.username = "vagrant"
config.ssh.password = "vagrant"
end
I would recommend to use ssh-key as it is a bit more simple to use.
I'm working on os x 10.9.4, and the vagrant --version shows 1.3.3.
After waking up os x from sleep mode(in a different network environment), vagrant up hangs at Waiting for machine to boot. This may take a few minutes... then: Timed out while waiting for the machine to boot.
I tried to
config.vm.provider :virtualbox do |vb|
vb.gui = true
end
and the vm boots normally and I can login using username/password vagrant
Also, at this point, in another terminal, if I tryvagrant ssh, it will show vagrant#127.0.0.1's password: (I've never seen it asking password before) and I can login. The network of the vm seems to be fine and I can ping google.com within the vm.
Also, if I manually launch the vm directly from virtual box, I can also login via vagrant ssh(showing vagrant#127.0.0.1's password: again). The network is fine as well.
I've followed https://github.com/mitchellh/vagrant/wiki/%60vagrant-up%60-hangs-at-%22Waiting-for-VM-to-boot.-This-can-take-a-few-minutes%22 no luck, though. And I've also checked the ssh key. On the host, the insecure_private_key is -rw-------; and on vm, the authorized_keys shows -rw-r--r--
So, to sum up:
vagrant ssh works (asking for password)
I can ping within the vm
BUT vagrant up hangs
I'm totally lost. Why the vm works but vagrant up hangs?
As trivial it sounds, but for me un- and reinstalling was the only option left.
Debugging didn't bring up any errors... it seemed vagrant up was just dying.
I want to clone a bunch of private git repositories while provisioning a vagrant box. According to this article this should be possible using config.ssh.forward_agent = true. However, when trying to connect to github via something like ssh -T git#github.com -o StrictHostKeyChecking=no it fails with the following error:
Warning: Permanently added 'github.com,192.30.252.130' (RSA) to the list of known hosts.
Permission denied (publickey).
I cut my configuration down to the simplest possible configuration. You can find it here: https://gist.github.com/TomTasche/31f7c45fcffc2997d43a
When I do "vagrant ssh" and try the same again, a similar error occurs:
Cloning into 'private-repositories'...
Warning: Permanently added the RSA host key for IP address '192.30.252.130' to the list of known hosts.
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
Edit: the configuration linked above does work on a host running Ubuntu, but does neither work on a Mac host, nor on a Windows host. My goal is to have a configuration that works on all these three hosts.
Please check whether your host system has ssh-agent forwarding enabled. You can do so for example by adding this block to your ~/.ssh/config file:
Host *
ForwardAgent yes
If this is enabled vagrant ssh (and also vagrant provision) should be able to forward your key to the guest machine.
You also might want to check using ssh-add -l whether your ssh-agent does know about your SSH-key. If it is in the list and you have agent-forwarding activated you should have a success. Otherwise you can add the key to your ssh-agent by running ssh-add <path to your key file>.
It sounds like you may be hitting this particular bug:
https://github.com/mitchellh/vagrant/issues/1735
(Despite it being "closed" it's actually not fixed)
On Windows, SSH Forwarding in Vagrant does not work properly by default (because of a bug in net-ssh).
However, there is a workaround or simple hack. You can auto-copy your local SSH key to the Vagrant VM via a simple provisioning script in your VagrantFile. Here's an example:
https://github.com/mitchellh/vagrant/issues/1735#issuecomment-25640783
Tom,
What you're doing is fairly generic in nature and I don't think is Vagrant specific.
Try some of the following to track down the issue:
edit your /etc/ssh/sshd_config
Set LogLevel debug
Restart the sshd service sudo service sshd restart or /etc/init.d/sshd restart
tail -f /var/log/authlog -- note, the file may be something else like /var/log/authd.log or /var/log/secure or something.
Watch what happens when you connect. It should give you some indication of why it's failing.
Again sorry, I'm not that familiar with Vagrant but I'm wondering if the provisioning script is running as another user, in which case the agent forwarding may not work as expected?