Actually I found (not surprisingly after thinking about this) that there are a number of other people that also want this:
https://github.com/mitchellh/vagrant/issues/992 yet this issue seems to have been closed: https://github.com/mitchellh/vagrant/pull/907 I would think that exchanging public keys is the way to go here... Why are private keys being used here? Thanks, Jason On Saturday, April 26, 2014 1:53:05 AM UTC+2, Jason Harris wrote: > > Thanks! At least that tells me I am not missing something obvious. > > I of course can set up an ansible script to do exactly this. However, it > is just a bit ironic to have to do this on a system which is all about > automating bringing up an experimental box to play in :) > > I would think there could easily be options: > > config.ssh.admin_public_key_path = ... > config.user.admin_user =... > config.user.admin_user_crypted_pass = ... > config.user.disable_vagrant_user = ... > > So then a typical Vagrant file would be something like: > > config.ssh.admin_public_key_path = '~/.ssh/id_rsa.pub' > config.user.admin_user = deploy > config.user.admin_user_crypted_pass = > '$6$AC3bdCF7!$KLZmE6Biiry1hSdrGkTBgmskX/UxG6OuD3.m035J0zlEwxICcDgaH2zffvfCBP2b38kIs5keVr4RV2/IsjDr4.' > config.user.disable_vagrant_user = true > > Where crypted password is simply generated on a Linux box using: echo > 'import crypt,getpass; print crypt.crypt(getpass.getpass(), > "$SomeRandomSalt!")' | python - > > I would imagine this would be the default way most users would set things > up if this was available. Moreover it would solve the security problem out > of the box... Is there any reason why this can't be done and wouldn't make > a good normal way that is proposed to users on how to set their boxes up? > > > Thanks, Jason > > On Friday, April 25, 2014 3:15:02 PM UTC+2, Simon McCartney wrote: >> >> Vagrant deals with pre-built boxes/images, and under systems like >> Virtualbox & VMWare, there is no mechanism for dropping a key into an image >> (under AWS & digital ocean, they use the cloud-init/user-data hooks for >> dropping data into booting instances), for this reason, Vagrant defaults to >> using a known key & baking the public key into the standard boxes. >> >> If you’re using vagrant against cloud providers instead of local >> virtualisation, I believe that Vagrant does support using your own keys & >> seeding them into instances. >> >> HTH, >> >> Simon. >> -- >> Simon McCartney >> [email protected] >> +44 7710 836 915 >> >> >> From: Jason Harris [email protected] >> Reply: [email protected] [email protected] >> Date: 25 April 2014 at 03:02:30 >> To: [email protected] [email protected] >> Subject: [vagrant-up] I am confused about public keys and vagrant... >> >> Hi, >> >> I am confused about ssh keys. (I just started using vagrant so this might >> be a standard question...) Normally if I start a new VM instance on say >> digital ocean I would proceed to use say >> >> ssh-copy-id.sh root@newMachineIP >> >> then I would enter the password that say digital ocean sent me and this >> would transfer my *public* key id_rsa.pub into /root/.ssh/authorized_keys >> >> Then I could just >> >> ssh root@newMachineIP >> >> and it would work... With digital ocean I can even given them my *public* >> key id_rsa.pub and then I will be able to log into the machine without this >> step. >> >> Sooo... How come I can't set some >> >> config.ssh.public_key_path = '~/.ssh/id_rsa.pub' >> >> and when the machine is provisioned it would just add this into the >> /vagrant/.ssh/authorized_keys ? >> >> why does the config / setup want my private key? It would be nice to then >> not have the vagrant key in there at all... >> >> I must be missing something... >> >> Thanks, >> Jason >> -- >> You received this message because you are subscribed to the Google Groups >> "Vagrant" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> >> -- You received this message because you are subscribed to the Google Groups "Vagrant" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
