I just want to create a box I can share with other people - why is this next to impossible?

[ben wyatt]

Seriously - I have been trying for 4 days non-stop.

What I would like to do:

1. Download minimal/centos7

2. Update yum, install python-pip & ansible, update vboxguestadditions

3. Package

4. Upload to share site

5. User downloads and does NOTHING apart from 'vagrant up' and 'vagrant ssh', no ssh-keygen shenanigans or downloading the public insecure key

Obviously as I am sure you can imagine, there are all sorts of ssh issues rendering it impossible to share the box. A shared box should be like a clean install for anyone downloading it - just like when one downloads minimal/centos7 - no messing about with keys or whatever - just vagrant up && vagrant ssh and you are in.

config.ssh.insert_key = false - obviously doesn't work

Vagrant is a great idea - why have they completely fecked it with this idiotic ssh nonsense!!!

Any help would be hugely appreciated!!!!

Many thanks in advance,

Ben

[Mário Costa]

Hi, I'm not sure what's your problem/use case that you are failing to achieve?

I'm using vagrant for a while, never had such problems with linux.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/eced5bae-1d6e-4ac2-8628-f18f0665cf90%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ben wyatt]

Hi,

 

Thanks for replying

 

What I would like to do:

 

1. Download minimal/centos7

2. Update yum, install python-pip & ansible, update vboxguestadditions

3. Package

4. Upload to share site

5. User downloads and does NOTHING apart from 'vagrant up' and 'vagrant ssh', no ssh-keygen shenanigans or downloading the public insecure key

 

I can do all of the above – but then the ssh issue rears its ugly head and renders the whole concept unusable. The user has to think – which is not what I want. All I want is vagrant ssh and they are in. No password or anything – do you know how to do this?

 

Thanks,

 

ben

On Wednesday, 16 May 2018 15:58:56 UTC+4, Mário Costa wrote:

Hi, I'm not sure what's your problem/use case that you are failing to achieve?

I'm using vagrant for a while, never had such problems with linux.

On Wed, May 16, 2018 at 12:04 PM, 'ben wyatt' via Vagrant <vagra...@googlegroups.com> wrote:

Seriously - I have been trying for 4 days non-stop.

What I would like to do:

1. Download minimal/centos7

2. Update yum, install python-pip & ansible, update vboxguestadditions

3. Package

4. Upload to share site

5. User downloads and does NOTHING apart from 'vagrant up' and 'vagrant ssh', no ssh-keygen shenanigans or downloading the public insecure key

Obviously as I am sure you can imagine, there are all sorts of ssh issues rendering it impossible to share the box. A shared box should be like a clean install for anyone downloading it - just like when one downloads minimal/centos7 - no messing about with keys or whatever - just vagrant up && vagrant ssh and you are in.

config.ssh.insert_key = false - obviously doesn't work

Vagrant is a great idea - why have they completely fecked it with this idiotic ssh nonsense!!!

Any help would be hugely appreciated!!!!

Many thanks in advance,

Ben

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.

To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com.

[Antony Stone]

On Wednesday 16 May 2018 at 14:05:38, 'ben wyatt' via Vagrant wrote:

> What I would like to do:
>
> 1. Download minimal/centos7
>
> 2. Update yum, install python-pip & ansible, update vboxguestadditions
>
> 3. Package
>
> 4. Upload to share site
>
> 5. User downloads and does NOTHING apart from 'vagrant up' and 'vagrant
> ssh', no ssh-keygen shenanigans or downloading the public insecure key
>
>
> I can do all of the above – but then the ssh issue rears its ugly head and
> renders the whole concept unusable. The user has to think – which is not
> what I want. All I want is vagrant ssh and they are in. No password or
> anything – do you know how to do this?

I think you're failing to consider what the first S in SSH stands for.

I believe it is not possible to configure SSH to allow access without either a
password or a public key.

This is a feature (not a bug) of SSH, and is really nothing to do with
Vagrant.

Can you think of any other virtualisation / containerisation / similar system
which allows you to access the virtual / container / machine without any form
of authentication?


My final comment is that if "the user has to think - which is not what I want",
what sort of users are you giving access to your CentOS machines?


Antony.

--
Schrödinger's rule of data integrity: the condition of any backup is unknown
until a restore is attempted.

Please reply to the list;
please *don't* CC me.

[ben wyatt]

Hi,

Thanks for replying. So:

1. Download minimal/centos7
2. Add the software I need
3. vagrant package —output my.box
4. Upload to a shared directory
5. Email user Vagrantfile with details for my.box
6. User saves Vagrantfile
7. User runs ‘vagrant up’
8. User runs ‘vagrant ssh’

It is the last part that doesn’t work. The user is aksed for the ssh password.

Thanks,

Ben

[Antony Stone]

So, include that information in step 5.



Antony.

--
BASIC is to computer languages what Roman numerals are to arithmetic.

[Alvaro Miranda Aguilera]

Hello

If you have problems understanding the chicken egg that happens here is good to slow down, and take a look at the bigger picture.

1. build your own box thats fit for the task you need

2. share it

3. profit

simple as that.

If you are able to vagrant up / vagrant ssh the initial box, then the part when the box "become un-usable" is on your side of tasks

I would suggest.

A. use config.ssh.insert_key = false

B. vagrant up from a box you want to share

C. ensure you follow OS guidelines to create a template

D. package the box and share

Depending on the OS, you need to do something to bring the box to a clean state.

Thanks

Alvaro.

--

This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.

To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/eced5bae-1d6e-4ac2-8628-f18f0665cf90%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Alvaro

[Mário Costa]

Hi again,

Why do you need " config.ssh.insert_key = false", check here what it does: https://www.vagrantup.com/docs/vagrantfile/ssh_settings.html

if you set it to true, there at the initial provision of the box, vagrant will connect to the box using default user/password (which are vagrant, vagrant or ubuntu, ubuntu), and after that install ssh keys, in the host and ~.ssh/authorized keys of the guest box instance, and afterwards will disable user password interactive login.

This is pretty secure if you are accessing and provisioning the box within your host pc, having e.g. virtualbox nat network. I'm not 100% sure that default user/pass are disabled for all boxes, but if you are not exposing your boxes via bridged network then its ok, I guess.

These are my 5 cents on the issue, but still I don't understand, wy you set "config.ssh.insert_key = false" instead of letting your vagrant deal with the key generation automatically, by setting the default "config.ssh.insert_key = true"

My use case I, just distribute a Vagrantfile with the box and a set of provisioning scripts under /scripts directory, that are invoked from the Vagrantfile, shell provisioner.

Then, users just do, vagrant up && vagrant ssh, and its working in their local machines.

To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/CAHqq0ezFJVVTrZ4NgT%2BpsZnZrn-p%3D1Ou3BXiRRB3O1k47B%3DYbA%40mail.gmail.com.

[Alvaro Miranda Aguilera]

Hello

This is wrong:

"
if you set it to true, there at the initial provision of the box, vagrant will connect to the box using default user/password (which are vagrant, vagrant or ubuntu, ubuntu), and after that install ssh keys, in the host and ~.ssh/authorized keys of the guest box instance, and afterwards will disable user password interactive login."

Vagrant doesn't work in that way.

Vagrant by default doesn't use user/pass use the insecure key.

if you want to re-share a box, the easiest way is:

- create your own box

- tell the intermediate box to keep the insecure keys.

any other option will be overcomplicating things.

take note the original user is asking to re-share a box, not a vagranfile project.

Alvaro.

To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/CALGGjJYz8gT9h73cUNhh8nhS4StUNnYn%3DJ%2BN9E%2Bwga7JCZkqow%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Alvaro

[Mário Costa]

maybe Vagrant developers should update their documentation, in https://www.vagrantup.com/docs/boxes/base.html, that or we are talking about different thigs.

"vagrant" User

By default, Vagrant expects a "vagrant" user to SSH into the machine as. This user should be setup with the insecure keypair that Vagrant uses as a default to attempt to SSH. Also, even though Vagrant uses key-based authentication by default, it is a general convention to set the password for the "vagrant" user to "vagrant". This lets people login as that user manually if they need to.

To configure SSH access with the insecure keypair, place the public key into the ~/.ssh/authorized_keys file for the "vagrant" user. Note that OpenSSH is very picky about file permissions. Therefore, make sure that ~/.ssh has 0700 permissions and the authorized keys file has 0600 permissions.

When Vagrant boots a box and detects the insecure keypair, it will automatically replace it with a randomly generated keypair for additional security while the box is running.

» Root Password: "vagrant"

Vagrant does not actually use or expect any root password. However, having a generally well known root password makes it easier for the general public to modify the machine if needed.

Publicly available base boxes usually use a root password of "vagrant" to keep things easy.

To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/CAHqq0ezsFpkd9EOZQpyWTNnLVJW%3DP1X2RhuyaZQNxFhTrt7BVA%40mail.gmail.com.

[ben wyatt]

Hi,

Thanks for replying.

Would you be able to elaborate on the solution: "- tell the intermediate box to keep the insecure keys."?

As that is what I am finding impossible to achieve...

Thanks

Ben

To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/eced5bae-1d6e-4ac2-8628-f18f0665cf90%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Alvaro

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.

To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/CAHqq0ezFJVVTrZ4NgT%2BpsZnZrn-p%3D1Ou3BXiRRB3O1k47B%3DYbA%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.

To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/CALGGjJYz8gT9h73cUNhh8nhS4StUNnYn%3DJ%2BN9E%2Bwga7JCZkqow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--

Alvaro

[ben wyatt]

Hi,

Because that is the solution that fixed the problem for other users. But it has not worked for me. I am very glad you have had no issues :)

To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/eced5bae-1d6e-4ac2-8628-f18f0665cf90%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Alvaro

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.

To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com.

[ben wyatt]

Hi,

Thanks everyone for helping. So it turns out that it was because I was mounting the /home/vagrant folder to the hosts default folder, and the .ssh/authorized_keys permissions were getting messed up by the host. So even setting the .ssh folder permissions to 0700, the .ssh/authorized_keys to 0600 didn't work.

Lesson learned - thanks for all your help. Do not mount the guest's home folder to the host's home folder. Kind of a strange limitation but there you are.