I build a base box that I can use and am hosting it on a local share. I am able to add it locally with 'box add ', and I can then 'vagrant init '. Thats all good.
However, I can't seem to get the authentication working. The base box has the vagrant keys on it (from https://github.com/mitchellh/vagrant/tree/master/keys) and has a user/pass of vagrant/vagrant. I can get authentication working if I add the following to the Vagrantfile
vm.ssh.username = "vagrant"
vm.ssh.password = "vagrant"
However, I dont want to have to add that to my Vagrantfile each time. I tried adding that to the Vagrantfile in the .box file, but that didnt do it either.
What am I missing about setting up a base box?
Edit: my ssh-config
brian#brian-mbp:~/Dev/vagrant/banking$ vagrant ssh-config
Host default
HostName 127.0.0.1
User vagrant
Port 2201
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile /home/brian/Dropbox/dev/vagrant/banking/.vagrant/machines/default/virtualbox/private_key
IdentitiesOnly yes
LogLevel FATAL
Related
I have a Debian Vagrant box running a Nginx server which hosts two websites/services that should share data via JSON endpoints.
Websites are accessible with https://app.test and https://cdn.app.test from the browser of the Host MacOS system.
To do this I have setup config.vm.network "private_network", ip: "33.33.33.10" in the Vagrantfile.
I have added to the /etc/hosts file on MacOS:
33.33.33.10 app.test
33.33.33.10 cdn.app.test
I can access both domains from the Mac, that works.
However I cannot use curl https://cdn.app.test/ within the Vagrant box shell because the Domains won't be resolved.
Neither curl_init or file_get_contents work.
I guess the problem is that the Vagrant cannot see the MacOS hosts entries.
What is the right way to configure this dev system? What is the easy fix?
The easy fix is to add
127.0.0.1 app.test
127.0.0.1 cdn.app.test
to /etc/hosts in the Debian Vagrant box.
For Vagrant. copy the default config from /etc/apache2/sites-available/000-default.conf to /etc/apache2/sites-available/"".conf
vagrant ssh // login
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"<your-test-domain>".conf
Folder name in sites-available should be the exact same as the one that you will be changing in your hosts file later.
Then edit your ServerName and DocumentRoot, enable it -> sudo a2ensite "".conf
restart Apache, edit your hosts file in your host OS.
Inside your hosts file, point to your private IP as specified in Vagrantfile
I have a strange problem with vagrant ssh. Similar questions, like Vagrant asks for password after SSH key update, or (vagrant & ssh) require password, or Vagrant ssh authentication failure do not help me.
So, the plot.
I have a virtual machine running Ubuntu 14.04.3. All setup was made according to this article: https://blog.engineyard.com/2014/building-a-vagrant-box.
Note: I can ssh to this virtual machine using Putty with vagrant's insecure_private_key (converted to *.ppk), which is located "C:/Users/Gino/.vagrant.d/insecure_private_key. Password is not promtped.
Then I packaged this virtual machine, init vagrant with this package and ran vagrant up. I got "Warning: Authentication failure. Retrying..." error. But nevertheless I could vagrant ssh to this machine, but it asked me a password. And if I tried to ssh to it using Putty with the necessary key (as in the first paragraph), it asked me for a password too.
I vagrant halted this machine, found it in VirtualBox VM's list and ran it manually. After that I tried to ssh to this machine using Putty with the same key and succeed - I could logon without any password.
Result of vagrant ssh-config, if needed:
h:\VagrantBoxes\main-server32>vagrant ssh-config
Host default
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile "C:/Users/Gino/.vagrant.d/insecure_private_key"
IdentitiesOnly yes
LogLevel FATAL
My Vagrantfile (it was generated automatically, almost nothing there, only a suggested line from comments was added):
Vagrant.configure(2) do |config|
config.vm.box = "vagrant-main-server32"
config.ssh.insert_key = false
end
So what's the mystery here? Why ssh using key works without vagrant up and fails and prompts for password with it?
Note. Another funny thing: it still can not authenticate during
vagrant up. But if at the time when errors "authentication failure"
appear I log in to vm through virtualbox, it also succeed to log in in
the window with vagrant up. And then vagrant ssh works.
I had the same issue with vagrant 1.8.1, on several boxes I use (ie: geerlingguy/centos6)
I didn't have any problem with Vagrant 1.7 on those boxes.
After some research on why i could not ssh in that box, it appears that /home/vagrant on the box had 755 permissions and ssh prevent authentication to user with those permissions
extract of /var/log/secure:
Jan 28 15:11:36 server sshd[11721]: Authentication refused: bad ownership or modes for directory /home/vagrant
To fix that vm, I only have to change the permissions /home/vagrant (did a chmod 700 on it) and now i can ssh directly into my boxes
I don't knwo how to fix it directly I think you should modify your box directly
Hope this helps!
edit: I thought it was a shared folder from the host but it's /vagrant that is shared not /home/vagrant
I had this old setting at the top of ~/.ssh/config.
PubkeyAcceptedKeyTypes ssh-dss,ssh-rsa
After removing it, vagrant ssh stopped asking for password.
If you saved your Vagrantfile on an external HardDrive and use exfat because you are working cross platform like me, you will also encounter this error. Since exfat does not save permissions, ssh will always think that the private keys permission is 777 => to open.
I put together this script as a workaround which runs on powershell and bash (so compatible with Linux, Mac and Windows):
# ssh-agent # uncomment if your ssh-agent isn't running as a service
cat V:\vm\arch_template\.vagrant\machines\default\virtualbox\private_key | ssh-add -
ssh -p 2222 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no vagrant#localhost
It requieres a working ssh-agent configuration. Also pay attantion to the correct port! Vagrant changes it to a different port if 2222 isn't availabe during vagrant up.
I had the same issue, getting vagrant#127.0.0.1's password: when starting up vagrant, after inputting the supposed password [vagrant], I could connect to the VM. However, after reading through other solutions, I tried ssh-agent on the same directory where the vagrantfile that was initiated is, and vagrant-ssh, and I am able to connect to the running instance.
I want to clone a bunch of private git repositories while provisioning a vagrant box. According to this article this should be possible using config.ssh.forward_agent = true. However, when trying to connect to github via something like ssh -T git#github.com -o StrictHostKeyChecking=no it fails with the following error:
Warning: Permanently added 'github.com,192.30.252.130' (RSA) to the list of known hosts.
Permission denied (publickey).
I cut my configuration down to the simplest possible configuration. You can find it here: https://gist.github.com/TomTasche/31f7c45fcffc2997d43a
When I do "vagrant ssh" and try the same again, a similar error occurs:
Cloning into 'private-repositories'...
Warning: Permanently added the RSA host key for IP address '192.30.252.130' to the list of known hosts.
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
Edit: the configuration linked above does work on a host running Ubuntu, but does neither work on a Mac host, nor on a Windows host. My goal is to have a configuration that works on all these three hosts.
Please check whether your host system has ssh-agent forwarding enabled. You can do so for example by adding this block to your ~/.ssh/config file:
Host *
ForwardAgent yes
If this is enabled vagrant ssh (and also vagrant provision) should be able to forward your key to the guest machine.
You also might want to check using ssh-add -l whether your ssh-agent does know about your SSH-key. If it is in the list and you have agent-forwarding activated you should have a success. Otherwise you can add the key to your ssh-agent by running ssh-add <path to your key file>.
It sounds like you may be hitting this particular bug:
https://github.com/mitchellh/vagrant/issues/1735
(Despite it being "closed" it's actually not fixed)
On Windows, SSH Forwarding in Vagrant does not work properly by default (because of a bug in net-ssh).
However, there is a workaround or simple hack. You can auto-copy your local SSH key to the Vagrant VM via a simple provisioning script in your VagrantFile. Here's an example:
https://github.com/mitchellh/vagrant/issues/1735#issuecomment-25640783
Tom,
What you're doing is fairly generic in nature and I don't think is Vagrant specific.
Try some of the following to track down the issue:
edit your /etc/ssh/sshd_config
Set LogLevel debug
Restart the sshd service sudo service sshd restart or /etc/init.d/sshd restart
tail -f /var/log/authlog -- note, the file may be something else like /var/log/authd.log or /var/log/secure or something.
Watch what happens when you connect. It should give you some indication of why it's failing.
Again sorry, I'm not that familiar with Vagrant but I'm wondering if the provisioning script is running as another user, in which case the agent forwarding may not work as expected?
I'd like to create two vagrant machines via two vagrant files, and be able to ssh into them via PuTTY.
I thought it might be as simple as port forwarding one of them via, say, port 2223 instead of 2222, and using two PuTTY connections.
Despite my vagrant ssh-config looking like this:
HostName 127.0.0.1
User vagrant
Port 2223
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile "XXXXXXXXXXXXXXXXXXXXXXXXXXX"
IdentitiesOnly yes
LogLevel FATAL
... I seem able to ssh into it via PuTTY on port 2222, which I'm hoping to reserve for access to the other instance which I've not yet set up. I'm new to vagrant and may be making a noob mistake. Help appreciated.
As per Vagrant Base Box specification, the default networking mode is NAT and port forwarding for SSH is enabled (guest 22 => host 2222).
What you've done, changing the sshd_config file within the guest won't work because that only changes the SSH port within the guest to 2223, NOT the host.
For the 2nd vagrant box, you need to do the following:
Get the name or UUID VBoxManage list vms
Use VBoxManage showvminfo VM_Name to get the list of port forwarding rules
Delete its default guestssh NAT port forwarding rule
Add a new port forwarding rule to do guest 22 => host 2223
For example:
By default the rule is named ssh
NIC 1 Rule(1): name = ssh, protocol = tcp, host ip = 127.0.0.1, host port = 2222, guest ip = , guest port = 22
Delete it
VBoxManage modifyvm "VM_Name" --natpf1 delete "ssh"
Add a new rule
VBoxManage modifyvm base_box --natpf1 "guestssh, tcp,,2223,,22"
NOT DONE yet!!!
Do NOT use vagrant up to start this VM, because it'll add the ssh rule back.
You can use VirtualBox GUI or VBoxManage controlvm to start it. And connect to it using ssh -p 2223 vagrant#localhost, password is vagrant. You can also use the insecure key pair to do public key authentication, doesn't make much sense though.
NOTE: changing, adding and deleting port forwarding rules can be done using the VirtualBox GUI anyway, if it is easier for you.
You can set any port you like by putting this in your vagrantfile:
config.vm.network "forwarded_port", guest: 22, host: 2223
replacing 2223 with your port of choice - different for each VM, obviously.
Note that this is in addition to the standard 2222 port forwarding, which will still be mapped for every VM. One of them "wins" and answers on 2222 as well as whatever custom port you set up.
The procedure in the accepted answer may well work, but it seems a little convoluted.
I installed git for windows, creating my ssh key and uploaded the public to my server.
I have this working on my Mac, trying to get it working on my windows machine now.
I did a :
chmod 700 ~/.ssh/
chmod 600 ~/.ssh/*
Here is an image of me doing a ssh -v gitserveralias
I have a config file that has the gitserveralias and port etc.
I tried clearing out the known hosts file also.
My config looks like:
Host serveralias
User xxx
Hostname 123.234.452.232
Port 22222
IdentityFile ~/.ssh/id_rsa
TCPKeepAlive true
IdentitiesOnly yes
PreferredAuthentications publickey
Again I have my setup working fine on my Mac.
Two things to check:
Do you have "PubkeyAuthentication yes" in sshd_config on your server? Try setting it.
Is there an offending key in .ssh/known_hosts? Try removing this file.