[CentOS-devel] [Non-DoD Source] Re: password ssh-ing in Centos/7 Vagrant box

Conley, Matthew M CTR GXM matthew.m.conley1.ctr at navy.mil
Thu Oct 6 18:46:26 UTC 2016

Ssh keys not work? I try not to use passwords when I can avoid it. 

-----Original Message-----
From: centos-devel-bounces at centos.org [mailto:centos-devel-bounces at centos.org] On Behalf Of Rafal Skolasinski
Sent: Thursday, October 06, 2016 12:01 PM
To: The CentOS developers mailing list.
Subject: [Non-DoD Source] Re: [CentOS-devel] password ssh-ing in Centos/7 Vagrant box

*shouldn't ;)

On 6 October 2016 at 17:57, Rafal Skolasinski <r.j.skolasinski at gmail.com> wrote:

	Hi Laurențiu,
	Thanks for detailed information! I am using playbooks to create vms on a remote host and then I want to run another playbook to configure them.
	I want to enable password authentication only for a moment of initial configuration and then disable it again - I believe this should cause any security risk.

	On 6 October 2016 at 17:42, Laurentiu Pancescu <lpancescu at gmail.com> wrote:

		Hi Rafal,
		On 06/10/16 15:42, Rafal Skolasinski wrote:

			Vagrant Image version 1607.01 introduced a nice fix for a security issue
			with default password for a Vagrant user.
			I understand that this is important, however I wanted to ask if it is
			possible to switch it off?
			I couldn't figure out a way it was introduced.

		If you want to reenable it, set PasswordAuthentication to no in /etc/ssh/sshd_config, then reload sshd.  I wouldn't recommend that, since the system is fully usable with passwords disabled.

			I was using first ansible login via password to configure my vms and then
			switching that option off by myself anyway.

		You can still do this without enabling password authentication.  If you use Vagrant's Ansible provisioner, things will just work without doing anything special (this is how I work). [1]
		Alternatively, configure Ansible to connect using the private key that Vagrant generates (e.g. .vagrant/machines/default/virtualbox/private_key); if you'd like to use your own key for all boxes, add 'config.ssh.insert_key = false' to your Vagrantfile, and replace the insecure key from your playbook.
		Another way is to generate a ssh configuration file locally, via 'vagrant ssh-config > my_ssh_config', and use Ansible's --ssh-common-args option to pass "-F my_ssh_cfg" to ssh.
		Best regards,
		[1] https://www.vagrantup.com/docs/provisioning/ansible.html <https://www.vagrantup.com/docs/provisioning/ansible.html> 
		CentOS-devel mailing list
		CentOS-devel at centos.org
		https://lists.centos.org/mailman/listinfo/centos-devel <https://lists.centos.org/mailman/listinfo/centos-devel> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5446 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20161006/68e4cfbd/attachment.p7s>

More information about the CentOS-devel mailing list