[CentOS-devel] password ssh-ing in Centos/7 Vagrant box

Thu Oct 6 16:01:29 UTC 2016
Rafal Skolasinski <r.j.skolasinski at gmail.com>

*shouldn't ;)

On 6 October 2016 at 17:57, Rafal Skolasinski <r.j.skolasinski at gmail.com>
wrote:

> Hi Laurențiu,
>
> Thanks for detailed information! I am using playbooks to create vms on a
> remote host and then I want to run another playbook to configure them.
> I want to enable password authentication only for a moment of initial
> configuration and then disable it again - I believe this should cause any
> security risk.
>
> Thanks,
> Rafal
>
>
>
> On 6 October 2016 at 17:42, Laurentiu Pancescu <lpancescu at gmail.com>
> wrote:
>
>> Hi Rafal,
>>
>> On 06/10/16 15:42, Rafal Skolasinski wrote:
>>
>>> Vagrant Image version 1607.01 introduced a nice fix for a security issue
>>> with default password for a Vagrant user.
>>>
>>> I understand that this is important, however I wanted to ask if it is
>>> possible to switch it off?
>>> I couldn't figure out a way it was introduced.
>>>
>>
>> If you want to reenable it, set PasswordAuthentication to no in
>> /etc/ssh/sshd_config, then reload sshd.  I wouldn't recommend that, since
>> the system is fully usable with passwords disabled.
>>
>> I was using first ansible login via password to configure my vms and then
>>> switching that option off by myself anyway.
>>>
>>
>> You can still do this without enabling password authentication.  If you
>> use Vagrant's Ansible provisioner, things will just work without doing
>> anything special (this is how I work). [1]
>>
>> Alternatively, configure Ansible to connect using the private key that
>> Vagrant generates (e.g. .vagrant/machines/default/virtualbox/private_key);
>> if you'd like to use your own key for all boxes, add 'config.ssh.insert_key
>> = false' to your Vagrantfile, and replace the insecure key from your
>> playbook.
>>
>> Another way is to generate a ssh configuration file locally, via 'vagrant
>> ssh-config > my_ssh_config', and use Ansible's --ssh-common-args option to
>> pass "-F my_ssh_cfg" to ssh.
>>
>> Best regards,
>> Laurențiu
>>
>>
>> [1] https://www.vagrantup.com/docs/provisioning/ansible.html
>> _______________________________________________
>> CentOS-devel mailing list
>> CentOS-devel at centos.org
>> https://lists.centos.org/mailman/listinfo/centos-devel
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20161006/55ba67ff/attachment-0008.html>