Ssh keys not work? I try not to use passwords when I can avoid it. -----Original Message----- From: centos-devel-bounces at centos.org [mailto:centos-devel-bounces at centos.org] On Behalf Of Rafal Skolasinski Sent: Thursday, October 06, 2016 12:01 PM To: The CentOS developers mailing list. Subject: [Non-DoD Source] Re: [CentOS-devel] password ssh-ing in Centos/7 Vagrant box *shouldn't ;) On 6 October 2016 at 17:57, Rafal Skolasinski <r.j.skolasinski at gmail.com> wrote: Hi Laurențiu, Thanks for detailed information! I am using playbooks to create vms on a remote host and then I want to run another playbook to configure them. I want to enable password authentication only for a moment of initial configuration and then disable it again - I believe this should cause any security risk. Thanks, Rafal On 6 October 2016 at 17:42, Laurentiu Pancescu <lpancescu at gmail.com> wrote: Hi Rafal, On 06/10/16 15:42, Rafal Skolasinski wrote: Vagrant Image version 1607.01 introduced a nice fix for a security issue with default password for a Vagrant user. I understand that this is important, however I wanted to ask if it is possible to switch it off? I couldn't figure out a way it was introduced. If you want to reenable it, set PasswordAuthentication to no in /etc/ssh/sshd_config, then reload sshd. I wouldn't recommend that, since the system is fully usable with passwords disabled. I was using first ansible login via password to configure my vms and then switching that option off by myself anyway. You can still do this without enabling password authentication. If you use Vagrant's Ansible provisioner, things will just work without doing anything special (this is how I work). [1] Alternatively, configure Ansible to connect using the private key that Vagrant generates (e.g. .vagrant/machines/default/virtualbox/private_key); if you'd like to use your own key for all boxes, add 'config.ssh.insert_key = false' to your Vagrantfile, and replace the insecure key from your playbook. Another way is to generate a ssh configuration file locally, via 'vagrant ssh-config > my_ssh_config', and use Ansible's --ssh-common-args option to pass "-F my_ssh_cfg" to ssh. Best regards, Laurențiu [1] https://www.vagrantup.com/docs/provisioning/ansible.html <https://www.vagrantup.com/docs/provisioning/ansible.html> _______________________________________________ CentOS-devel mailing list CentOS-devel at centos.org https://lists.centos.org/mailman/listinfo/centos-devel <https://lists.centos.org/mailman/listinfo/centos-devel> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5446 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20161006/68e4cfbd/attachment-0008.p7s>