vagrant
vagrant copied to clipboard
hashicorp
`config.ssh.keys_only = false` breaks default value for `config.ssh.private_key_path`
Vagrant version
Affects all versions since https://github.com/hashicorp/vagrant/commit/cb70749bd843197890069581a8649688f35a4297
Host operating system
Fedora
Guest operating system
Fedora
Vagrantfile
Vagrant.configure("2") do |config|
config.vm.box = "fedora/34-cloud-base"
config.ssh.keys_only = false
end
Debug output
https://gist.github.com/wbclark/e41674d5680558e9b2d22ca7f737e2bf
Expected behavior
==> default: Waiting for SSH to become available...
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Configuring and enabling network interfaces...
default: SSH address: 192.168.121.219:22
default: SSH username: vagrant
default: SSH auth method: private key
==> default: Rsyncing folder: /home/wclark/Projects/vagrant_repro/ => /vagrant
Actual behavior
DEBUG ssh: Checking whether SSH is ready...
INFO ssh: Attempting SSH connection...
INFO ssh: Attempting to connect to SSH...
INFO ssh: - Host: 192.168.121.53
INFO ssh: - Port: 22
INFO ssh: - Username: vagrant
INFO ssh: - Password? false
INFO ssh: - Key Path: []
DEBUG ssh: - connect_opts: {:auth_methods=>["none", "hostbased", "publickey"], :config=>false, :forward_agent=>false, :send_env=>false, :keys_only=>false, :verify_host_key=>:never, :password=>nil, :port=>22, :timeout=>15, :user_known_hosts_file=>[], :verbose=>:debug, :logger=>#<Logger:0x000055ca652ebed8 @level=0, @progname=nil, @default_formatter=#<Logger::Formatter:0x000055ca652ebe60 @datetime_format=nil>, @formatter=nil, @logdev=#<Logger::LogDevice:0x000055ca652ebe10 @shift_period_suffix=nil, @shift_size=nil, @shift_age=nil, @filename=nil, @dev=#<StringIO:0x000055ca652ebf78>, @binmode=false, @mon_data=#<Monitor:0x000055ca652ebde8>, @mon_data_owner_object_id=157160>>, :keys=>[], :remote_user=>"vagrant"}
...
...
E, [2022-09-10T00:55:19.024225 #620119] ERROR -- net.ssh.authentication.session[2664c]: all authorization methods failed (tried none, publickey)
DEBUG ssh: == Net-SSH connection debug-level log END ==
INFO ssh: SSH not up: #<Vagrant::Errors::SSHAuthenticationFailed: SSH authentication failed! This is typically caused by the public/private
keypair for the SSH user not being properly set on the guest VM. Please
verify that the guest VM is setup with the proper public key, and that
the private key path for Vagrant is setup properly as well.>
ad infinitum
Steps to reproduce
- Set
ssh.keys_only = false -
vagrant up
References
Based on these param docs:
config.ssh.keys_only (boolean) - Only use Vagrant-provided SSH private keys (do not use any keys stored in ssh-agent). The default value is true.
...
config.ssh.private_key_path (string, array of strings) - The path to the private key to use to SSH into the guest machine. By default this is the insecure private key that ships with Vagrant, since that is what public boxes use. If you make your own custom box with a custom SSH key, this should point to that private key. You can also specify multiple private keys by setting this to be an array. This is useful, for example, if you use the default private key to bootstrap the machine, but replace it with perhaps a more secure key later.
The default for config.ssh.private_key_path should still be honored when config.ssh.keys_only is disabled.
