From: Jason Harris [email protected] Reply: [email protected] [email protected] Date: 28 April 2014 at 20:01:04 To: [email protected] [email protected] Subject: Re: [vagrant-up] I am confused about public keys and vagrant...
On Apr 28, 2014, at 5:32 PM, Simon McCartney <[email protected]> wrote: You’ve lost me, where are private keys being used other than on the Vagrant host? There is no vagrant option config.ssh.public_key_path, there is however the vagrant option config.ssh.private_key_path. My question is I thought the former should exist and I am not sure why the latter one does. If you’ve built your own vagrant boxes, it’s perfectly possible to bake in an alternative public key into ~vagrant/.ssh/authorized_keys, if you do this, you need to be able to tell vagrant where the private part of the key pair is so that vagrant can ssh into the box and work it’s magic. As I’ve said before, if Vagrant only has SSH access to a guest, supplying a public key to the vagrant command makes no sense, as if you don’t have working SSH access to the box, you can’t drop on a public key. The issue remains the same, how do you get a new key We are talking about a public key here right? (just like copy ssh-copy-id copies over) Yes, we’re talking about how you get a public key onto a box you don’t have access to. (or a key you specify) on to a vbox instance without first having a password for an existing account on the guest box or the private key for a public key in the authorised_keys file on the guest box? Agreed how do you seamlessly and smoothy do this? That is the question. 1) bake you’re own Vagrant box images using veewee or packer, which include the desired public key in the image & then specify the private key to use for access in your Vagrantfile. 2) Use EC2/RackSpace/DreamHost etc where the key seeding is done via cloud-init. Vagrant uses SSH and it’s the “known public key” being installed on the guest box to drive the automation. Right I can image initially provisioning can utilize the user:vagrant and pass:vagrant to first login and then do the transfer of your public key and then remove for instance the vagrant insecure key, and remove login via password for the vagrant user. In fact programadoresweb gave parts of the exact instructions on how to do this in https://github.com/mitchellh/vagrant/issues/992 So this can be done. Vagrant looks like it is all about smoothly and easily bringing up a VM and provisioning it. As far as I can tell, currently the issue of key exchange etc is not a smooth process. IMHO It should be. (unless I have missed an easy and smooth way to do this…) What programadoresweb is doing there is seeding a set of private keys on to the guest for use on the guest, I thought we were talking about using a different key pair to access the guest (i.e. not the known-vagrant pair) ? Simon. -- You received this message because you are subscribed to the Google Groups "Vagrant" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
