Thanks! At least that tells me I am not missing something obvious. I of course can set up an ansible script to do exactly this. However, it is just a bit ironic to have to do this on a system which is all about automating bringing up an experimental box to play in :)
I would think there could easily be options: config.ssh.admin_public_key_path = ... config.user.admin_user =... config.user.admin_user_crypted_pass = ... config.user.disable_vagrant_user = ... So then a typical Vagrant file would be something like: config.ssh.admin_public_key_path = '~/.ssh/id_rsa.pub' config.user.admin_user = deploy config.user.admin_user_crypted_pass = '$6$AC3bdCF7!$KLZmE6Biiry1hSdrGkTBgmskX/UxG6OuD3.m035J0zlEwxICcDgaH2zffvfCBP2b38kIs5keVr4RV2/IsjDr4.' config.user.disable_vagrant_user = true Where crypted password is simply generated on a Linux box using: echo 'import crypt,getpass; print crypt.crypt(getpass.getpass(), "$SomeRandomSalt!")' | python - I would imagine this would be the default way most users would set things up if this was available. Moreover it would solve the security problem out of the box... Is there any reason why this can't be done and wouldn't make a good normal way that is proposed to users on how to set their boxes up? Thanks, Jason On Friday, April 25, 2014 3:15:02 PM UTC+2, Simon McCartney wrote: > > Vagrant deals with pre-built boxes/images, and under systems like > Virtualbox & VMWare, there is no mechanism for dropping a key into an image > (under AWS & digital ocean, they use the cloud-init/user-data hooks for > dropping data into booting instances), for this reason, Vagrant defaults to > using a known key & baking the public key into the standard boxes. > > If you’re using vagrant against cloud providers instead of local > virtualisation, I believe that Vagrant does support using your own keys & > seeding them into instances. > > HTH, > > Simon. > -- > Simon McCartney > [email protected] <javascript:> > +44 7710 836 915 > > > From: Jason Harris [email protected] <javascript:> > Reply: [email protected] <javascript:> > [email protected]<javascript:> > Date: 25 April 2014 at 03:02:30 > To: [email protected] <javascript:> > [email protected]<javascript:> > Subject: [vagrant-up] I am confused about public keys and vagrant... > > Hi, > > I am confused about ssh keys. (I just started using vagrant so this might > be a standard question...) Normally if I start a new VM instance on say > digital ocean I would proceed to use say > > ssh-copy-id.sh root@newMachineIP > > then I would enter the password that say digital ocean sent me and this > would transfer my *public* key id_rsa.pub into /root/.ssh/authorized_keys > > Then I could just > > ssh root@newMachineIP > > and it would work... With digital ocean I can even given them my *public* > key id_rsa.pub and then I will be able to log into the machine without this > step. > > Sooo... How come I can't set some > > config.ssh.public_key_path = '~/.ssh/id_rsa.pub' > > and when the machine is provisioned it would just add this into the > /vagrant/.ssh/authorized_keys ? > > why does the config / setup want my private key? It would be nice to then > not have the vagrant key in there at all... > > I must be missing something... > > Thanks, > Jason > -- > You received this message because you are subscribed to the Google Groups > "Vagrant" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > For more options, visit https://groups.google.com/d/optout. > > -- You received this message because you are subscribed to the Google Groups "Vagrant" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
