Hi Laurențiu,

Thanks for detailed information! I am using playbooks to create vms on a remote host and then I want to run another playbook to configure them.
I want to enable password authentication only for a moment of initial configuration and then disable it again - I believe this should cause any security risk.

Thanks,
Rafal



On 6 October 2016 at 17:42, Laurentiu Pancescu <lpancescu@gmail.com> wrote:
Hi Rafal,

On 06/10/16 15:42, Rafal Skolasinski wrote:
Vagrant Image version 1607.01 introduced a nice fix for a security issue
with default password for a Vagrant user.

I understand that this is important, however I wanted to ask if it is
possible to switch it off?
I couldn't figure out a way it was introduced.

If you want to reenable it, set PasswordAuthentication to no in /etc/ssh/sshd_config, then reload sshd.  I wouldn't recommend that, since the system is fully usable with passwords disabled.

I was using first ansible login via password to configure my vms and then
switching that option off by myself anyway.

You can still do this without enabling password authentication.  If you use Vagrant's Ansible provisioner, things will just work without doing anything special (this is how I work). [1]

Alternatively, configure Ansible to connect using the private key that Vagrant generates (e.g. .vagrant/machines/default/virtualbox/private_key); if you'd like to use your own key for all boxes, add 'config.ssh.insert_key = false' to your Vagrantfile, and replace the insecure key from your playbook.

Another way is to generate a ssh configuration file locally, via 'vagrant ssh-config > my_ssh_config', and use Ansible's --ssh-common-args option to pass "-F my_ssh_cfg" to ssh.

Best regards,
Laurențiu


[1] https://www.vagrantup.com/docs/provisioning/ansible.html
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
https://lists.centos.org/mailman/listinfo/centos-devel