<div dir="ltr">Hi <span style="font-size:12.8px">Laurențiu,</span><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Thanks for detailed information! I am using playbooks to create vms on a remote host and then I want to run another playbook to configure them.</span></div><div><span style="font-size:12.8px">I want to enable password authentication only for a moment of initial configuration and then disable it again - I believe this should cause any security risk.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Thanks,</span></div><div><span style="font-size:12.8px">Rafal</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 6 October 2016 at 17:42, Laurentiu Pancescu <span dir="ltr"><<a href="mailto:lpancescu@gmail.com" target="_blank">lpancescu@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Rafal,<span class=""><br>
<br>
On 06/10/16 15:42, Rafal Skolasinski wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Vagrant Image version 1607.01 introduced a nice fix for a security issue<br>
with default password for a Vagrant user.<br>
<br>
I understand that this is important, however I wanted to ask if it is<br>
possible to switch it off?<br>
I couldn't figure out a way it was introduced.<br>
</blockquote>
<br></span>
If you want to reenable it, set PasswordAuthentication to no in /etc/ssh/sshd_config, then reload sshd. I wouldn't recommend that, since the system is fully usable with passwords disabled.<span class=""><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I was using first ansible login via password to configure my vms and then<br>
switching that option off by myself anyway.<br>
</blockquote>
<br></span>
You can still do this without enabling password authentication. If you use Vagrant's Ansible provisioner, things will just work without doing anything special (this is how I work). [1]<br>
<br>
Alternatively, configure Ansible to connect using the private key that Vagrant generates (e.g. .vagrant/machines/default/virt<wbr>ualbox/private_key); if you'd like to use your own key for all boxes, add 'config.ssh.insert_key = false' to your Vagrantfile, and replace the insecure key from your playbook.<br>
<br>
Another way is to generate a ssh configuration file locally, via 'vagrant ssh-config > my_ssh_config', and use Ansible's --ssh-common-args option to pass "-F my_ssh_cfg" to ssh.<br>
<br>
Best regards,<br>
Laurențiu<br>
<br>
<br>
[1] <a href="https://www.vagrantup.com/docs/provisioning/ansible.html" rel="noreferrer" target="_blank">https://www.vagrantup.com/docs<wbr>/provisioning/ansible.html</a><br>
______________________________<wbr>_________________<br>
CentOS-devel mailing list<br>
<a href="mailto:CentOS-devel@centos.org" target="_blank">CentOS-devel@centos.org</a><br>
<a href="https://lists.centos.org/mailman/listinfo/centos-devel" rel="noreferrer" target="_blank">https://lists.centos.org/mailm<wbr>an/listinfo/centos-devel</a><br>
</blockquote></div><br></div>