You’ve lost me, where are private keys being used other than on the Vagrant host?
The issue remains the same, how do you get a new key (or a key you specify) on to a vbox instance without first having a password for an existing account on the guest box or the private key for a public key in the authorised_keys file on the guest box? Vagrant uses SSH and it’s the “known public key” being installed on the guest box to drive the automation. From: Jason Harris jason.f.har...@gmail.com Reply: vagrant-up@googlegroups.com vagrant-up@googlegroups.com Date: 27 April 2014 at 01:29:32 To: vagrant-up@googlegroups.com vagrant-up@googlegroups.com Subject: Re: [vagrant-up] I am confused about public keys and vagrant... Actually I found (not surprisingly after thinking about this) that there are a number of other people that also want this: https://github.com/mitchellh/vagrant/issues/992 yet this issue seems to have been closed: https://github.com/mitchellh/vagrant/pull/907 I would think that exchanging public keys is the way to go here... Why are private keys being used here? Thanks, Jason On Saturday, April 26, 2014 1:53:05 AM UTC+2, Jason Harris wrote: Thanks! At least that tells me I am not missing something obvious. I of course can set up an ansible script to do exactly this. However, it is just a bit ironic to have to do this on a system which is all about automating bringing up an experimental box to play in :) I would think there could easily be options: config.ssh.admin_public_key_path = ... config.user.admin_user =... config.user.admin_user_crypted_pass = ... config.user.disable_vagrant_user = ... So then a typical Vagrant file would be something like: config.ssh.admin_public_key_path = '~/.ssh/id_rsa.pub' config.user.admin_user = deploy config.user.admin_user_crypted_pass = '$6$AC3bdCF7!$KLZmE6Biiry1hSdrGkTBgmskX/UxG6OuD3.m035J0zlEwxICcDgaH2zffvfCBP2b38kIs5keVr4RV2/IsjDr4.' config.user.disable_vagrant_user = true Where crypted password is simply generated on a Linux box using: echo 'import crypt,getpass; print crypt.crypt(getpass.getpass(), "$SomeRandomSalt!")' | python - I would imagine this would be the default way most users would set things up if this was available. Moreover it would solve the security problem out of the box... Is there any reason why this can't be done and wouldn't make a good normal way that is proposed to users on how to set their boxes up? Thanks, Jason On Friday, April 25, 2014 3:15:02 PM UTC+2, Simon McCartney wrote: Vagrant deals with pre-built boxes/images, and under systems like Virtualbox & VMWare, there is no mechanism for dropping a key into an image (under AWS & digital ocean, they use the cloud-init/user-data hooks for dropping data into booting instances), for this reason, Vagrant defaults to using a known key & baking the public key into the standard boxes. If you’re using vagrant against cloud providers instead of local virtualisation, I believe that Vagrant does support using your own keys & seeding them into instances. HTH, Simon. -- Simon McCartney si...@mccartney.ie +44 7710 836 915 From: Jason Harris jason.f...@gmail.com Reply: vagra...@googlegroups.com vagra...@googlegroups.com Date: 25 April 2014 at 03:02:30 To: vagra...@googlegroups.com vagra...@googlegroups.com Subject: [vagrant-up] I am confused about public keys and vagrant... Hi, I am confused about ssh keys. (I just started using vagrant so this might be a standard question...) Normally if I start a new VM instance on say digital ocean I would proceed to use say ssh-copy-id.sh root@newMachineIP then I would enter the password that say digital ocean sent me and this would transfer my *public* key id_rsa.pub into /root/.ssh/authorized_keys Then I could just ssh root@newMachineIP and it would work... With digital ocean I can even given them my *public* key id_rsa.pub and then I will be able to log into the machine without this step. Sooo... How come I can't set some config.ssh.public_key_path = '~/.ssh/id_rsa.pub' and when the machine is provisioned it would just add this into the /vagrant/.ssh/authorized_keys ? why does the config / setup want my private key? It would be nice to then not have the vagrant key in there at all... I must be missing something... Thanks, Jason -- You received this message because you are subscribed to the Google Groups "Vagrant" group. To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Vagrant" group. To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Vagrant" group. To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
