Support private key in box archive
Opened this issue · 3 comments
varac commented
some boxes are distributed with an own private ssh key, like this one (i added the suffix .tgz only to be able to show the content) :
tar -tzf platform-workshop-wheezy.box.tar.gz
./box-disk1.vmdk
./box.ovf
./vagrant_private_key
./Vagrantfile
i used this to convert it:
vagrant mutate platform-workshop-wheezy.box libvirt
but in the resulting box directory, the vagrant_private_key file is missing:
ls -la ~/.vagrant.d/boxes/platform-workshop-wheezy/0/libvirt
total 2909336
drwxrwxr-x 2 varac varac 4096 Jan 29 09:57 .
drwxrwxr-x 3 varac varac 4096 Jan 29 09:57 ..
-rw-r--r-- 1 varac varac 2979201024 Jan 29 09:58 box.img
-rw-rw-r-- 1 varac varac 57 Jan 29 09:57 metadata.json
-rw-rw-r-- 1 varac varac 136 Jan 29 09:57 Vagrantfile
vagrant ssh falls back to use the /home/varac/.vagrant.d/insecure_private_key, which will not work:
DEBUG ssh: Checking whether SSH is ready...
INFO machine: Calling action: read_ssh_info on provider Libvirt (6fdfb08c-d5ec-4ad8-98e3-aabf14bc1ca9)
INFO runner: Preparing hooks for middleware sequence...
INFO runner: 3 hooks defined.
INFO runner: Running action: #<Vagrant::Action::Builder:0x00000003f3d4e8>
INFO warden: Calling IN action: #<VagrantPlugins::Triggers::Action::Trigger:0x00000003f57410>
INFO warden: Calling IN action: #<VagrantPlugins::Triggers::Action::Trigger:0x00000004bc3168>
DEBUG trigger: Looking for triggers with:
DEBUG trigger: -- action: read_ssh_info
DEBUG trigger: -- condition: instead_of
DEBUG trigger: -- vm: default
INFO warden: Calling IN action: #<VagrantPlugins::Triggers::Action::Trigger:0x00000004c18d70>
DEBUG trigger: Looking for triggers with:
DEBUG trigger: -- action: read_ssh_info
DEBUG trigger: -- condition: before
DEBUG trigger: -- vm: default
INFO warden: Calling IN action: #<Vagrant::Action::Builtin::ConfigValidate:0x007f6ef0416638>
INFO warden: Calling IN action: #<VagrantPlugins::ProviderLibvirt::Action::ConnectLibvirt:0x007f6ef0416610>
INFO warden: Calling IN action: #<VagrantPlugins::ProviderLibvirt::Action::ReadSSHInfo:0x007f6ef0458c68>
INFO warden: Calling OUT action: #<VagrantPlugins::ProviderLibvirt::Action::ReadSSHInfo:0x007f6ef0458c68>
INFO warden: Calling OUT action: #<VagrantPlugins::ProviderLibvirt::Action::ConnectLibvirt:0x007f6ef0416610>
INFO warden: Calling OUT action: #<Vagrant::Action::Builtin::ConfigValidate:0x007f6ef0416638>
INFO warden: Calling OUT action: #<VagrantPlugins::Triggers::Action::Trigger:0x00000004c18d70>
INFO warden: Calling OUT action: #<VagrantPlugins::Triggers::Action::Trigger:0x00000004bc3168>
DEBUG trigger: Looking for triggers with:
DEBUG trigger: -- action: read_ssh_info
DEBUG trigger: -- condition: after
DEBUG trigger: -- vm: default
INFO warden: Calling OUT action: #<VagrantPlugins::Triggers::Action::Trigger:0x00000003f57410>
DEBUG ssh: Checking key permissions: /home/varac/.vagrant.d/insecure_private_key
INFO ssh: Attempting SSH connection...
INFO ssh: Attempting to connect to SSH...
INFO ssh: - Host: 192.168.121.154
INFO ssh: - Port: 22
INFO ssh: - Username: vagrant
INFO ssh: - Password? false
INFO ssh: - Key Path: ["/home/varac/.vagrant.d/insecure_private_key"]
DEBUG ssh: == Net-SSH connection debug-level log START ==
DEBUG ssh: D, [2015-01-29T10:14:42.087797 #32409] DEBUG -- net.ssh.transport.session[12e281c]: establishing connection to 192.168.121.154:22
D, [2015-01-29T10:14:42.088549 #32409] DEBUG -- net.ssh.transport.session[12e281c]: connection established
I, [2015-01-29T10:14:42.088819 #32409] INFO -- net.ssh.transport.server_version[1335e2c]: negotiating protocol version
D, [2015-01-29T10:14:42.093711 #32409] DEBUG -- net.ssh.transport.server_version[1335e2c]: remote is `SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2'
D, [2015-01-29T10:14:42.093809 #32409] DEBUG -- net.ssh.transport.server_version[1335e2c]: local is `SSH-2.0-Ruby/Net::SSH_2.9.1 x86_64-linux'
D, [2015-01-29T10:14:42.094925 #32409] DEBUG -- tcpsocket[131134c]: read 984 bytes
D, [2015-01-29T10:14:42.095098 #32409] DEBUG -- tcpsocket[131134c]: received packet nr 0 type 20 len 980
I, [2015-01-29T10:14:42.095211 #32409] INFO -- net.ssh.transport.algorithms[172cbac]: got KEXINIT from server
I, [2015-01-29T10:14:42.095393 #32409] INFO -- net.ssh.transport.algorithms[172cbac]: sending KEXINIT
D, [2015-01-29T10:14:42.095755 #32409] DEBUG -- tcpsocket[131134c]: queueing packet nr 0 type 20 len 2020
D, [2015-01-29T10:14:42.095835 #32409] DEBUG -- tcpsocket[131134c]: sent 2024 bytes
I, [2015-01-29T10:14:42.095906 #32409] INFO -- net.ssh.transport.algorithms[172cbac]: negotiating algorithms
D, [2015-01-29T10:14:42.096128 #32409] DEBUG -- net.ssh.transport.algorithms[172cbac]: negotiated:
* kex: diffie-hellman-group-exchange-sha1
* host_key: ssh-rsa
* encryption_server: aes128-cbc
* encryption_client: aes128-cbc
* hmac_client: hmac-sha1
* hmac_server: hmac-sha1
* compression_client: none
* compression_server: none
* language_client:
* language_server:
D, [2015-01-29T10:14:42.096177 #32409] DEBUG -- net.ssh.transport.algorithms[172cbac]: exchanging keys
D, [2015-01-29T10:14:42.096478 #32409] DEBUG -- tcpsocket[131134c]: queueing packet nr 1 type 34 len 20
D, [2015-01-29T10:14:42.096540 #32409] DEBUG -- tcpsocket[131134c]: sent 24 bytes
D, [2015-01-29T10:14:42.097516 #32409] DEBUG -- tcpsocket[131134c]: read 152 bytes
D, [2015-01-29T10:14:42.097800 #32409] DEBUG -- tcpsocket[131134c]: received packet nr 1 type 31 len 148
D, [2015-01-29T10:14:42.099864 #32409] DEBUG -- tcpsocket[131134c]: queueing packet nr 2 type 32 len 140
D, [2015-01-29T10:14:42.099977 #32409] DEBUG -- tcpsocket[131134c]: sent 144 bytes
D, [2015-01-29T10:14:42.102016 #32409] DEBUG -- tcpsocket[131134c]: read 720 bytes
D, [2015-01-29T10:14:42.102133 #32409] DEBUG -- tcpsocket[131134c]: received packet nr 2 type 33 len 700
D, [2015-01-29T10:14:42.103309 #32409] DEBUG -- tcpsocket[131134c]: queueing packet nr 3 type 21 len 20
D, [2015-01-29T10:14:42.103389 #32409] DEBUG -- tcpsocket[131134c]: sent 24 bytes
D, [2015-01-29T10:14:42.103511 #32409] DEBUG -- tcpsocket[131134c]: received packet nr 3 type 21 len 12
D, [2015-01-29T10:14:42.103903 #32409] DEBUG -- net.ssh.authentication.session[1d3deb0]: beginning authentication of `vagrant'
D, [2015-01-29T10:14:42.104125 #32409] DEBUG -- tcpsocket[131134c]: queueing packet nr 4 type 5 len 28
D, [2015-01-29T10:14:42.104173 #32409] DEBUG -- tcpsocket[131134c]: sent 52 bytes
D, [2015-01-29T10:14:42.140129 #32409] DEBUG -- tcpsocket[131134c]: read 52 bytes
D, [2015-01-29T10:14:42.140411 #32409] DEBUG -- tcpsocket[131134c]: received packet nr 4 type 6 len 28
D, [2015-01-29T10:14:42.140616 #32409] DEBUG -- net.ssh.authentication.session[1d3deb0]: trying none
D, [2015-01-29T10:14:42.140884 #32409] DEBUG -- tcpsocket[131134c]: queueing packet nr 5 type 50 len 44
D, [2015-01-29T10:14:42.142560 #32409] DEBUG -- tcpsocket[131134c]: sent 68 bytes
D, [2015-01-29T10:14:42.142708 #32409] DEBUG -- tcpsocket[131134c]: read 68 bytes
D, [2015-01-29T10:14:42.142882 #32409] DEBUG -- tcpsocket[131134c]: received packet nr 5 type 51 len 44
D, [2015-01-29T10:14:42.143015 #32409] DEBUG -- net.ssh.authentication.session[1d3deb0]: allowed methods: publickey,password
D, [2015-01-29T10:14:42.143125 #32409] DEBUG -- net.ssh.authentication.methods.none[1d45980]: none failed
D, [2015-01-29T10:14:42.143228 #32409] DEBUG -- net.ssh.authentication.session[1d3deb0]: trying publickey
D, [2015-01-29T10:14:42.143682 #32409] DEBUG -- net.ssh.authentication.agent[1d51e24]: connecting to ssh-agent
D, [2015-01-29T10:14:42.143845 #32409] DEBUG -- net.ssh.authentication.agent[1d51e24]: sending agent request 1 len 44
D, [2015-01-29T10:14:42.157943 #32409] DEBUG -- net.ssh.authentication.agent[1d51e24]: received agent packet 2 len 5
D, [2015-01-29T10:14:42.158074 #32409] DEBUG -- net.ssh.authentication.agent[1d51e24]: sending agent request 11 len 0
D, [2015-01-29T10:14:42.158707 #32409] DEBUG -- net.ssh.authentication.agent[1d51e24]: received agent packet 12 len 557
D, [2015-01-29T10:14:42.159234 #32409] DEBUG -- net.ssh.authentication.methods.publickey[1d4e814]: trying publickey (dd:3b:b8:2e:85:04:06:e9:ab:ff:a8:0a:c0:04:6e:d6)
D, [2015-01-29T10:14:42.159572 #32409] DEBUG -- tcpsocket[131134c]: queueing packet nr 6 type 50 len 348
D, [2015-01-29T10:14:42.160474 #32409] DEBUG -- tcpsocket[131134c]: sent 372 bytes
D, [2015-01-29T10:14:42.160629 #32409] DEBUG -- tcpsocket[131134c]: read 68 bytes
D, [2015-01-29T10:14:42.160810 #32409] DEBUG -- tcpsocket[131134c]: received packet nr 6 type 51 len 44
D, [2015-01-29T10:14:42.160967 #32409] DEBUG -- net.ssh.authentication.session[1d3deb0]: allowed methods: publickey,password
D, [2015-01-29T10:14:42.161037 #32409] DEBUG -- net.ssh.authentication.session[1d3deb0]: trying password
E, [2015-01-29T10:14:42.161125 #32409] ERROR -- net.ssh.authentication.session[1d3deb0]: all authorization methods failed (tried none, publickey, password)
DEBUG ssh: == Net-SSH connection debug-level log END ==
INFO ssh: SSH not up: #<Vagrant::Errors::SSHAuthenticationFailed: SSH authentication failed! This is typically caused by the public/private
keypair for the SSH user not being properly set on the guest VM. Please
verify that the guest VM is setup with the proper public key, and that
the private key path for Vagrant is setup properly as well.>
^C INFO interface: warn: Waiting for cleanup before exiting...
INFO interface: warn: ==> default: Waiting for cleanup before exiting...
sciurus commented
Interesting; I wasn't aware of this. Does vagrant always look for a file named vagrant_private_key in the box, or do you have to specify this in the box's Vagrantfile?
varac commented
i really not sure about this, and insights from someone who know would be great.
i also didn't find any documentation on distributing boxes with keys inside.
vm4866571246066832v commented
I have such box as well. My box includes this Vagrantfile:
Vagrant::Config.run do |config|
# This Vagrantfile is auto-generated by `vagrant package` to contain
# the MAC address of the box. Custom configuration should be placed in
# the actual `Vagrantfile` in this box.
config.vm.base_mac = "080027808080"
end
# Load include vagrant file if it exists after the auto-generated
# so it can override any of the settings
include_vagrantfiille = File.expand_path("../include/_Vagrantfile", __FILE__)
load include_vagrantfile if File.exist?(include_vagrantfile)
Vagrant.configure("2") do |config|
config.ssh.private_key_path = File.expand_path("../vagrant_private_key", __FILE__)
end
I appended this file with the mutate'd Vagrantfile, which looks like created from scratch. That worked.
Content of box directory:
ls -a 1.0.0/virtualbox/
. .. box-disk001.vmdk box.ovf metadata.json Vagrantfile vagrant_private_key