[CentOS-devel] password ssh-ing in Centos/7 Vagrant box

Thu Oct 6 15:57:30 UTC 2016
Rafal Skolasinski <r.j.skolasinski at gmail.com>

Hi Laurențiu,

Thanks for detailed information! I am using playbooks to create vms on a
remote host and then I want to run another playbook to configure them.
I want to enable password authentication only for a moment of initial
configuration and then disable it again - I believe this should cause any
security risk.

Thanks,
Rafal



On 6 October 2016 at 17:42, Laurentiu Pancescu <lpancescu at gmail.com> wrote:

> Hi Rafal,
>
> On 06/10/16 15:42, Rafal Skolasinski wrote:
>
>> Vagrant Image version 1607.01 introduced a nice fix for a security issue
>> with default password for a Vagrant user.
>>
>> I understand that this is important, however I wanted to ask if it is
>> possible to switch it off?
>> I couldn't figure out a way it was introduced.
>>
>
> If you want to reenable it, set PasswordAuthentication to no in
> /etc/ssh/sshd_config, then reload sshd.  I wouldn't recommend that, since
> the system is fully usable with passwords disabled.
>
> I was using first ansible login via password to configure my vms and then
>> switching that option off by myself anyway.
>>
>
> You can still do this without enabling password authentication.  If you
> use Vagrant's Ansible provisioner, things will just work without doing
> anything special (this is how I work). [1]
>
> Alternatively, configure Ansible to connect using the private key that
> Vagrant generates (e.g. .vagrant/machines/default/virtualbox/private_key);
> if you'd like to use your own key for all boxes, add 'config.ssh.insert_key
> = false' to your Vagrantfile, and replace the insecure key from your
> playbook.
>
> Another way is to generate a ssh configuration file locally, via 'vagrant
> ssh-config > my_ssh_config', and use Ansible's --ssh-common-args option to
> pass "-F my_ssh_cfg" to ssh.
>
> Best regards,
> Laurențiu
>
>
> [1] https://www.vagrantup.com/docs/provisioning/ansible.html
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> https://lists.centos.org/mailman/listinfo/centos-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20161006/32f018f7/attachment-0008.html>