On Apr 28, 2014, at 5:32 PM, Simon McCartney <[email protected]> wrote:
> You've lost me, where are private keys being used other than on the Vagrant > host? There is no vagrant option config.ssh.public_key_path, there is however the vagrant option config.ssh.private_key_path. My question is I thought the former should exist and I am not sure why the latter one does. > The issue remains the same, how do you get a new key We are talking about a public key here right? (just like copy ssh-copy-id copies over) > (or a key you specify) on to a vbox instance without first having a password > for an existing account on the guest box or the private key for a public key > in the authorised_keys file on the guest box? Agreed how do you seamlessly and smoothy do this? That is the question. > Vagrant uses SSH and it's the "known public key" being installed on the guest > box to drive the automation. Right I can image initially provisioning can utilize the user:vagrant and pass:vagrant to first login and then do the transfer of your public key and then remove for instance the vagrant insecure key, and remove login via password for the vagrant user. In fact programadoresweb gave parts of the exact instructions on how to do this in https://github.com/mitchellh/vagrant/issues/992 So this can be done. Vagrant looks like it is all about smoothly and easily bringing up a VM and provisioning it. As far as I can tell, currently the issue of key exchange etc is not a smooth process. IMHO It should be. (unless I have missed an easy and smooth way to do this...) Thanks, Jas > > > From: Jason Harris [email protected] > Reply: [email protected] [email protected] > Date: 27 April 2014 at 01:29:32 > To: [email protected] [email protected] > Subject: Re: [vagrant-up] I am confused about public keys and vagrant... > >> Actually I found (not surprisingly after thinking about this) that there are >> a number of other people that also want this: >> >> https://github.com/mitchellh/vagrant/issues/992 >> >> yet this issue seems to have been closed: >> >> https://github.com/mitchellh/vagrant/pull/907 >> >> I would think that exchanging public keys is the way to go here... Why are >> private keys being used here? >> >> Thanks, >> Jason >> >> On Saturday, April 26, 2014 1:53:05 AM UTC+2, Jason Harris wrote:Thanks! At >> least that tells me I am not missing something obvious. >> >> I of course can set up an ansible script to do exactly this. However, it is >> just a bit ironic to have to do this on a system which is all about >> automating bringing up an experimental box to play in :) >> >> I would think there could easily be options: >> >> config.ssh.admin_public_key_path = ... >> config.user.admin_user =... >> config.user.admin_user_crypted_pass = ... >> config.user.disable_vagrant_user = ... >> >> So then a typical Vagrant file would be something like: >> >> config.ssh.admin_public_key_path = '~/.ssh/id_rsa.pub' >> config.user.admin_user = deploy >> config.user.admin_user_crypted_pass = >> '$6$AC3bdCF7!$KLZmE6Biiry1hSdrGkTBgmskX/UxG6OuD3.m035J0zlEwxICcDgaH2zffvfCBP2b38kIs5keVr4RV2/IsjDr4.' >> config.user.disable_vagrant_user = true >> >> Where crypted password is simply generated on a Linux box using: echo >> 'import crypt,getpass; print crypt.crypt(getpass.getpass(), >> "$SomeRandomSalt!")' | python - >> >> I would imagine this would be the default way most users would set things up >> if this was available. Moreover it would solve the security problem out of >> the box... Is there any reason why this can't be done and wouldn't make a >> good normal way that is proposed to users on how to set their boxes up? >> >> >> Thanks, Jason >> >> On Friday, April 25, 2014 3:15:02 PM UTC+2, Simon McCartney wrote: >> Vagrant deals with pre-built boxes/images, and under systems like Virtualbox >> & VMWare, there is no mechanism for dropping a key into an image (under AWS >> & digital ocean, they use the cloud-init/user-data hooks for dropping data >> into booting instances), for this reason, Vagrant defaults to using a known >> key & baking the public key into the standard boxes. >> >> If you're using vagrant against cloud providers instead of local >> virtualisation, I believe that Vagrant does support using your own keys & >> seeding them into instances. >> >> HTH, >> >> Simon. >> -- >> Simon McCartney >> [email protected] >> +44 7710 836 915 >> >> >> From: Jason Harris [email protected] >> Reply: [email protected] [email protected] >> Date: 25 April 2014 at 03:02:30 >> To: [email protected] [email protected] >> Subject: [vagrant-up] I am confused about public keys and vagrant... >> >>> Hi, >>> >>> I am confused about ssh keys. (I just started using vagrant so this might >>> be a standard question...) Normally if I start a new VM instance on say >>> digital ocean I would proceed to use say >>> >>> ssh-copy-id.sh root@newMachineIP >>> >>> then I would enter the password that say digital ocean sent me and this >>> would transfer my *public* key id_rsa.pub into /root/.ssh/authorized_keys >>> >>> Then I could just >>> >>> ssh root@newMachineIP >>> >>> and it would work... With digital ocean I can even given them my *public* >>> key id_rsa.pub and then I will be able to log into the machine without this >>> step. >>> >>> Sooo... How come I can't set some >>> >>> config.ssh.public_key_path = '~/.ssh/id_rsa.pub' >>> >>> and when the machine is provisioned it would just add this into the >>> /vagrant/.ssh/authorized_keys ? >>> >>> why does the config / setup want my private key? It would be nice to then >>> not have the vagrant key in there at all... >>> >>> I must be missing something... >>> >>> Thanks, >>> Jason >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Vagrant" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >> -- >> You received this message because you are subscribed to the Google Groups >> "Vagrant" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to a topic in the Google > Groups "Vagrant" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/vagrant-up/VSd7P9mCkuQ/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Vagrant" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
