[CentOS-devel] password ssh-ing in Centos/7 Vagrant box

Thu Oct 6 15:42:52 UTC 2016
Laurentiu Pancescu <lpancescu at gmail.com>

Hi Rafal,

On 06/10/16 15:42, Rafal Skolasinski wrote:
> Vagrant Image version 1607.01 introduced a nice fix for a security issue
> with default password for a Vagrant user.
>
> I understand that this is important, however I wanted to ask if it is
> possible to switch it off?
> I couldn't figure out a way it was introduced.

If you want to reenable it, set PasswordAuthentication to no in 
/etc/ssh/sshd_config, then reload sshd.  I wouldn't recommend that, 
since the system is fully usable with passwords disabled.

> I was using first ansible login via password to configure my vms and then
> switching that option off by myself anyway.

You can still do this without enabling password authentication.  If you 
use Vagrant's Ansible provisioner, things will just work without doing 
anything special (this is how I work). [1]

Alternatively, configure Ansible to connect using the private key that 
Vagrant generates (e.g. 
.vagrant/machines/default/virtualbox/private_key); if you'd like to use 
your own key for all boxes, add 'config.ssh.insert_key = false' to your 
Vagrantfile, and replace the insecure key from your playbook.

Another way is to generate a ssh configuration file locally, via 
'vagrant ssh-config > my_ssh_config', and use Ansible's 
--ssh-common-args option to pass "-F my_ssh_cfg" to ssh.

Best regards,
Laurențiu


[1] https://www.vagrantup.com/docs/provisioning/ansible.html