Best IT Recipes

How to add your own public key to Vagrant VM?

I am having a problem adding the ssh key to Vagrant VM. Basically, the setup I'm here is working fine. After creating the virtual machines, I can access them through vagrant ssh , there is a "tramp" of the user and there is an ssh key for this user in the authorized_keys file.

Now I would like to do the following: to be able to connect to these virtual machines via ssh or use scp . So I would need to add only the public key from id_rsa.pub to authorized_keys - just as I would with ssh-copy-id .

Is there a way to tell Vagrant during installation that my public key should be turned on? If not (which is probably according to my google results), is there a way to easily add my public key while setting up strollers?

+64
vagrant ssh public-key
May 6 '15 at 11:31
source share
10 answers

Copying the desired public key will go straight into the provisioning phase. The exact answer depends on what service you want to use (shell, chef, puppet, etc.). The most trivial would be to create a file for the key, something like this:

 config.vm.provision "file", source: "~/.ssh/id_rsa.pub", destination: "~/.ssh/me.pub"

Well, in fact, you need to add to authorized_keys, use a real support mechanism, for example Puppet . For example, see Managing SSH Authorized Keys Using Puppet .

+38
May 6 '15 at 11:37
source share

You can use the Ruby core file module, for example:

  config.vm.provision "shell" do |s| ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip s.inline = <<-SHELL echo #{ssh_pub_key} >> /home/vagrant/.ssh/authorized_keys echo #{ssh_pub_key} >> /root/.ssh/authorized_keys SHELL end

This working example adds ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys both the firewall and the root user, allowing you to use the existing SSH key.

+64
Jul 01 '15 at 6:22
source share

There is a more β€œelegant” way to accomplish what you want to do. You can find the existing private key and use it instead of making it difficult to add the public key.

Go through this to see the path to the existing private key (see below for IdentityFile):

execute

  vagrant ssh-config

result:

 $ vagrant ssh-config
 Host magento2.vagrant150
   HostName 127.0.0.1
   User vagrant
   Port 3150
   UserKnownHostsFile / dev / null
   StrictHostKeyChecking no
   PasswordAuthentication no
   IdentityFile "/Users/madismanni/m2/vagrant-magento/.vagrant/machines/magento2.vagrant150/virtualbox/private_key"
   IdentitiesOnly yes
   LogLevel FATAL

Then you can use a private key like this, pay attention also to the switch to disable password authentication

 ssh -i /Users/madismanni/m2/vagrant-magento/.vagrant/machines/magento2.vagrant150/virtualbox/private_key -o PasswordAuthentication = no vagrant@127.0.0.1 -p 3150
+33
Apr 23 '16 at 14:50
source share

I end up using code like:

 config.ssh.forward_agent = true config.ssh.insert_key = false config.ssh.private_key_path = ["~/.vagrant.d/insecure_private_key","~/.ssh/id_rsa"] config.vm.provision :shell, privileged: false do |s| ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip s.inline = <<-SHELL echo #{ssh_pub_key} >> /home/$USER/.ssh/authorized_keys sudo bash -c "echo #{ssh_pub_key} >> /root/.ssh/authorized_keys" SHELL end

Please note that we should not hardcode the path to /home/vagrant/.ssh/authorized_keys , as some roaming boxes do not use the vagrant .

+9
Jan 22 '17 at 5:49 on
source share

This great answer was added by user 76329 in a rejected proposed edit.

Understanding the example with Meow , we can copy the local public / private keys ssh, set permissions and make the idempotent an embedded script (it starts once and will be repeated only if the verification condition fails, which requires preparation):

 config.vm.provision "shell" do |s| ssh_prv_key = "" ssh_pub_key = "" if File.file?("#{Dir.home}/.ssh/id_rsa") ssh_prv_key = File.read("#{Dir.home}/.ssh/id_rsa") ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip else puts "No SSH key found. You will need to remedy this before pushing to the repository." end s.inline = <<-SHELL if grep -sq "#{ssh_pub_key}" /home/vagrant/.ssh/authorized_keys; then echo "SSH keys already provisioned." exit 0; fi echo "SSH key provisioning." mkdir -p /home/vagrant/.ssh/ touch /home/vagrant/.ssh/authorized_keys echo #{ssh_pub_key} >> /home/vagrant/.ssh/authorized_keys echo #{ssh_pub_key} > /home/vagrant/.ssh/id_rsa.pub chmod 644 /home/vagrant/.ssh/id_rsa.pub echo "#{ssh_prv_key}" > /home/vagrant/.ssh/id_rsa chmod 600 /home/vagrant/.ssh/id_rsa chown -R vagrant:vagrant /home/vagrant exit 0 SHELL end
+9
Feb 11 '18 at 22:06
source share

A shorter and more correct code should be:

 ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip config.vm.provision 'shell', inline: 'mkdir -p /root/.ssh' config.vm.provision 'shell', inline: "echo #{ssh_pub_key} >> /root/.ssh/authorized_keys" config.vm.provision 'shell', inline: "echo #{ssh_pub_key} >> /home/vagrant/.ssh/authorized_keys", privileged: false

Otherwise, the user .ssh/authorized_keys will belong to the root user.

However, it will add a line each time the condition is met, but Vagrant is used for testing, and the virtual machine usually has a short life, so it’s not a big problem.

+8
Apr 26 '16 at 13:09 on
source share

This is a great thread that helped me solve a similar situation that the original poster describes.

While I ultimately used the settings / logic provided in smartwjws answer, I ran into a problem as I use the VAGRANT_HOME environment variable to save the contents of the main vagrant.d file to an external hard drive in one of my development systems.

So, here is the adjusted code that I use in my Vagrantfile to host the VAGRANT_HOME environment VAGRANT_HOME ; "magic" occurs on this line vagrant_home_path = ENV["VAGRANT_HOME"] ||= "~/.vagrant.d" :

 config.ssh.insert_key = false config.ssh.forward_agent = true vagrant_home_path = ENV["VAGRANT_HOME"] ||= "~/.vagrant.d" config.ssh.private_key_path = ["#{vagrant_home_path}/insecure_private_key", "~/.ssh/id_rsa"] config.vm.provision :shell, privileged: false do |shell_action| ssh_public_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip shell_action.inline = <<-SHELL echo #{ssh_public_key} >> /home/$USER/.ssh/authorized_keys SHELL end
+1
Jul 10 '17 at 18:00
source share

For creators of embedded shells - the public key for the public key contains spaces, comments, etc. Therefore, be sure to keep the (escaped) quotation marks around var that extend to the public key:

 config.vm.provision 'shell', inline: "echo \"#{ssh_pub_key}\" >> /home/vagrant/.ssh/authorized_keys", privileged: false
+1
Dec 24 '17 at 21:21
source share

None of the older posts worked for me, although some came close. I had to make rsa keys with keygen in the terminal and go with user keys. In other words, defeated by using Vagrant keys.

I am on Mac OS Mojave at the date of this post. I installed two Vagrant boxes in one Vagrantfile. I show the entire first window so that beginners can see the context. I put the .ssh folder in the same folder as the Vagrant file, otherwise use the user9091383 setting.

Credit for this decision goes to this encoder.

 Vagrant.configure("2") do |config| config.vm.define "pfbox", primary: true do |pfbox| pfbox.vm.box = "ubuntu/xenial64" pfbox.vm.network "forwarded_port", host: 8084, guest: 80 pfbox.vm.network "forwarded_port", host: 8080, guest: 8080 pfbox.vm.network "forwarded_port", host: 8079, guest: 8079 pfbox.vm.network "forwarded_port", host: 3000, guest: 3000 pfbox.vm.provision :shell, path: ".provision/bootstrap.sh" pfbox.vm.synced_folder "ubuntu", "/home/vagrant" pfbox.vm.provision "file", source: "~/.gitconfig", destination: "~/.gitconfig" pfbox.vm.network "private_network", type: "dhcp" pfbox.vm.network "public_network" pfbox.ssh.insert_key = false ssh_key_path = ".ssh/" # This may not be necessary. I may remove. pfbox.vm.provision "shell", inline: "mkdir -p /home/vagrant/.ssh" pfbox.ssh.private_key_path = ["~/.vagrant.d/insecure_private_key", ".ssh/id_rsa"] pfbox.vm.provision "file", source: ".ssh/id_rsa.pub", destination: ".ssh/authorized_keys" pfbox.vm.box_check_update = "true" pfbox.vm.hostname = "pfbox" # VirtualBox config.vm.provider "virtualbox" do |vb| # vb.gui = true vb.name = "pfbox" # friendly name for Oracle VM VirtualBox Manager vb.memory = 2048 # memory in megabytes 2.0 GB vb.cpus = 1 # cpu cores, can't be more than the host actually has. end end config.vm.define "dbbox" do |dbbox| ...
+1
Jan 24 '19 at 18:50
source share

Create an rsa key pair to test the vagrants ssh-keygen -f ~/.ssh/vagrant

You can also add stroller credentials to your ~/.ssh/config

 IdentityFile ~/.ssh/vagrant IdentityFile ~/.vagrant.d/insecure_private_key

For some reason, we cannot just specify the key that we want to insert, so we take a few extra steps to generate the key. Thus, we get security and knowledge of which key we need (+ all stray boxes will receive the same key)

Ssh cannot use abusive virtual machines using an insecure private key (vagrant 1.7.2) How to add my own public key to Vagrant VM?

 config.ssh.insert_key = false config.ssh.private_key_path = ['~/.ssh/vagrant', '~/.vagrant.d/insecure_private_key'] config.vm.provision "file", source: "~/.ssh/vagrant.pub", destination: "/home/vagrant/.ssh/vagrant.pub" config.vm.provision "shell", inline: <<-SHELL cat /home/vagrant/.ssh/vagrant.pub >> /home/vagrant/.ssh/authorized_keys mkdir -p /root/.ssh cat /home/vagrant/.ssh/authorized_keys >> /root/.ssh/authorized_keys

SHELL

-one
Dec 12 '17 at 23:41
source share


More articles:


All Articles