0

I am trying to use my own pair of RSA SSH-2 keys with Vagrant 1.9.5 on VirtualBox 5.1.22 with Windows 7 SP1 host and a CentOS 7.3 guest.

When I execute vagrant up I get :

Waiting for machine to boot. This may take a few minutes...
SSH address: 127.0.0.1:2222
SSH username: vagrant
SSH auth method: private key
Warning: Connection aborted. Retrying...
Warning: Connection reset. Retrying...
Warning: Connection aborted. Retrying...
Warning: Connection reset. Retrying...
Warning: Connection aborted. Retrying...
Warning: Connection reset. Retrying...
Warning: Connection aborted. Retrying...
...

I have found that the cause is failing to connect to the guest because the required key is not being added to ~/.ssh/authorized_keys but it contains Vagrant's default insecure_private_key.

This is my Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|

  config.vm.boot_timeout = 120
  config.ssh.insert_key = false
  config.ssh.private_key_path = ["vagrant-setup/keys/my_openssh.key"]
  # This is not copying authorized_keys to the guest
  config.vm.provision "file", source: "vagrant-setup/.ssh/authorized_keys", destination: "~/.ssh/autorized_keys"
  # Setting forward_agent to true and adding the key to Pageant doesn't make any difference
  config.ssh.forward_agent = false

  config.vm.define "MyMachineName" do |vs|

    vs.vm.box = "vagrant-centos-73-x86_64-puppet"
    vs.vm.box_url = "https://github.com/CommanderK5/packer-centos-template/releases/download/0.7.3/vagrant-centos-7.3.box"

    # The shell script that will execute once just after the VM is created
    vs.vm.provision "shell", path: "vagrant-setup/setup.sh"

    # Create a private network, which allows host-only access to the machine using a specific IP.
    config.vm.network "private_network", ip: "192.168.101.110"

    vs.vm.provider "virtualbox" do |vb|
      # Enable the GUI of VirtualBox and see whether the VM is waiting for input on startup
      vb.gui = false
    end
  end

end

I have tried copying autorized_keys using vm.provision "shell" and cp from the guest. I have tried to change the permissions of autorized_keys on the guest before copying but nothing seems to work because it does not connect. And I have tried to perform the copy inside MyMachineName like vs.vm.provision "file", ...

If I login in once using vagrant ssh with user+password and I write authorized_keys by hand then afterwards I am able to log in with the SSH key and no password.

vagrant ssh-config reports

Host MyMachineName
  HostName 127.0.0.1
  User vagrant
  Port 2222
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  PasswordAuthentication no
  IdentityFile C:/MyMachineName/vagrant-setup/keys/my_openssh.key
  IdentitiesOnly yes
  LogLevel FATAL

Putting the private key into C:\Users\My User Name\.ssh\id_rsa seems to make some difference, like if Vagrant was still looking for something there despite I explicitly set my own private key, but does not make it work. And it also seems to have a problem with C:\Users\My User Name\ having spaces but since it should not be used then that should not matter.

So the question is How do I make Vagrant work with my own pair of SSH keys without having to tweak the guest VM by hand?

There are plenty of replies at this other question, but most of them come down to put the key in authorized_keys by hand, which is exactly what I am trying to avoid.

Serg M Ten
  • 5,568
  • 4
  • 25
  • 48
  • In case it matters, this is my test authorized_keys `ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvUzbdG0Ex2fr31DPVt6FKAEP+iqpuuJFyxI0962VmaP+UTP23X9YWOsovDbb6izUru0FmjRbfiLhv8GZZ+fUXC0B/xorR/Bm7Ku2ruZ1x1Fuc59NRmqf9AAwm1zV1C3kCPM5LVMOUVChvX3dqgEf7vSbtcmQRECGS2dDbF6cdVMdMg2m1Zn3E34B6y3cB7Csko3fUW9dbyhZPpcx//vGYrNVTzIOOT8EAzvnJeYpNeIhRk1Qk4i9cxPVjqVvnyaIfUJyGRdr/+rYQkp2i+hOAR7xqzTKnzuDWiIV2RTHD6ImZNfkWDC0wgMSFLdRe4ch/p+eJxhyJZZkteMPJ9QlWQ== CentOrion RSA 2048 SSH-2 login key` – Serg M Ten Jun 03 '17 at 20:33
  • Can you connect using simple `ssh`? Isn't there a firewall running on that server? – Jakuje Jun 04 '17 at 09:55
  • No firewall. I am building on my own standalone laptop and even Windows firewall is totally disabled. If I force ssh connect to the guest with user+password using `vagrant ssh -- -vvv` and I add the text on my previous comment to ~/.ssh/authorized_keys then I can use my private key afterwards. The problem is that when bringing the VM up, Vagrant seems to ignore my private key and always puts its own insecure_private_key at guest's ~/.ssh/authorized_keys so when during `vagrant up` it tries to login to provision it fails and enters the retry loop. – Serg M Ten Jun 04 '17 at 10:52
  • 1
    not super nice, but https://github.com/mitchellh/vagrant/issues/8058#issuecomment-266193873 should help to work this with a provisioning script – Frederic Henri Jun 04 '17 at 20:19

1 Answers1

0

Based on Frédéric Henri comment, this is what worked for me in order to login only with my own key and not insecure key nor user+password :

# -*- mode: ruby -*-
# vi: set ft=ruby :

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.ssh.insert_key = false
  rsakey = File.read("vagrant-setup/keys/authorized_keys")
  config.vm.provision "shell", inline: <<-EOC
    echo '#{rsakey}' >> /home/vagrant/.ssh/authorized_keys
    sed --in-place=.bak -r 's/^#?(PermitRootLogin|PermitEmptyPasswords|PasswordAuthentication|X11Forwarding) yes/\1 no/' /etc/ssh/sshd_config
    sed --in-place=.bak '/== vagrant insecure public key$/d' /home/vagrant/.ssh/authorized_keys
  EOC

  config.vm.define "MyMachine" do |vs|
    vs.vm.box = "vagrant-centos-73-x86_64-puppet"
    vs.vm.box_url = "https://github.com/CommanderK5/packer-centos-template/releases/download/0.7.3/vagrant-centos-7.3.box"

    # SSH settings
    vs.ssh.private_key_path = ['~/.vagrant.d/insecure_private_key', "vagrant-setup/keys/my_openssh.key"]

    # The shell script that will execute once just after the VM is created
    vs.vm.provision "shell", path: "vagrant-setup/my_own_custom_setup_stuff.sh"

    # Create a private network, which allows host-only access to the machine using a specific IP.
    config.vm.network "private_network", ip: "192.168.101.110"
  end

end
Serg M Ten
  • 5,568
  • 4
  • 25
  • 48