Actually I found (not surprisingly after thinking about this) that there 
are a number of other people that also want this:

https://github.com/mitchellh/vagrant/issues/992

yet this issue seems to have been closed:

https://github.com/mitchellh/vagrant/pull/907

I would think that exchanging public keys is the way to go here... Why are 
private keys being used here?

Thanks,
    Jason

On Saturday, April 26, 2014 1:53:05 AM UTC+2, Jason Harris wrote:
>
> Thanks!  At least that tells me I am not missing something obvious.
>
> I of course can set up an ansible script to do exactly this. However, it 
> is just a bit ironic to have to do this on a system which is all about 
> automating bringing up an experimental box to play in :)
>
> I would think there could easily be options:
>
> config.ssh.admin_public_key_path = ...
> config.user.admin_user =...
> config.user.admin_user_crypted_pass = ...
> config.user.disable_vagrant_user = ...
>
> So then a typical Vagrant file would be something like:
>
> config.ssh.admin_public_key_path = '~/.ssh/id_rsa.pub'
> config.user.admin_user = deploy
> config.user.admin_user_crypted_pass = 
> '$6$AC3bdCF7!$KLZmE6Biiry1hSdrGkTBgmskX/UxG6OuD3.m035J0zlEwxICcDgaH2zffvfCBP2b38kIs5keVr4RV2/IsjDr4.'
> config.user.disable_vagrant_user = true
>
> Where crypted password is simply generated on a Linux box using: echo 
> 'import crypt,getpass; print crypt.crypt(getpass.getpass(), 
> "$SomeRandomSalt!")' | python -
>
> I would imagine this would be the default way most users would set things 
> up if this was available. Moreover it would solve the security problem out 
> of the box... Is there any reason why this can't be done and wouldn't make 
> a good normal way that is proposed to users on how to set their boxes up?
>
>
> Thanks,   Jason
>
> On Friday, April 25, 2014 3:15:02 PM UTC+2, Simon McCartney wrote:
>>
>> Vagrant deals with pre-built boxes/images, and under systems like 
>> Virtualbox & VMWare, there is no mechanism for dropping a key into an image 
>> (under AWS & digital ocean, they use the cloud-init/user-data hooks for 
>> dropping data into booting instances), for this reason, Vagrant defaults to 
>> using a known key & baking the public key into the standard boxes.
>>
>> If you’re using vagrant against cloud providers instead of local 
>> virtualisation, I believe that Vagrant does support using your own keys & 
>> seeding them into instances.
>>
>> HTH,
>>
>> Simon.
>> -- 
>> Simon McCartney
>> [email protected]
>> +44 7710 836 915
>>
>>
>> From: Jason Harris [email protected]
>> Reply: [email protected] [email protected]
>> Date: 25 April 2014 at 03:02:30
>> To: [email protected] [email protected]
>> Subject:  [vagrant-up] I am confused about public keys and vagrant... 
>>
>>  Hi, 
>>
>> I am confused about ssh keys. (I just started using vagrant so this might 
>> be a standard question...) Normally if I start a new VM instance on say 
>> digital ocean I would proceed to use say
>>
>>   ssh-copy-id.sh root@newMachineIP
>>
>> then I would enter the password that say digital ocean sent me and this 
>> would transfer my *public* key id_rsa.pub into /root/.ssh/authorized_keys
>>
>> Then I could just
>>
>>   ssh root@newMachineIP
>>
>> and it would work... With digital ocean I can even given them my *public* 
>> key id_rsa.pub and then I will be able to log into the machine without this 
>> step.
>>
>> Sooo... How come I can't set some
>>  
>>   config.ssh.public_key_path = '~/.ssh/id_rsa.pub'
>>
>> and when the machine is provisioned it would just add this into the 
>> /vagrant/.ssh/authorized_keys ?
>>  
>> why does the config / setup want my private key? It would be nice to then 
>> not have the vagrant key in there at all...
>>
>> I must be missing something... 
>>
>> Thanks,
>>    Jason
>>  --
>> You received this message because you are subscribed to the Google Groups 
>> "Vagrant" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to [email protected].
>> For more options, visit https://groups.google.com/d/optout.
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to