Can't ssh to vagrant VMs using the insecure private key (vagrant 1.7.2)

Question

I have a cluster of 3 VMs. Here is the Vagrantfile:

 # -*- mode: ruby -*-
# vi: set ft=ruby :


hosts = {
  \"host0\" => \"192.168.33.10\",
  \"host1\" =&         


        

Answer 1

tldr;

ssh vagrant@127.0.0.1 -p2222 -i/~/www/vw/vw-environment/.vagrant/machines/default/virtualbox/private_key

I couldn't get this to work, so in the end I added the following to the ssh.rb ruby script (/opt/vagrant/embedded/gems/gems/vagrant-1.7.1//lib/vagrant/util/ssh.rb)

print(*command_options)

just before this line that executes the ssh call

SafeExec.exec("ssh", *command_options)

So that prints out all the command options passed to the ssh call, from there you can work out something that works for you based on what vagrant calculates to be the correct ssh parameters.

Answer 2

Adding config.ssh.insert_key = false to the Vagrantfile and removing the new vm private key .vagrant/machines/default/virtualbox/private_key vagrant automatically updates vagrant ssh-config with the correct private key ~/.vagrant.d/insecure_private_key. The last thing I had to do was ssh into the vm and update the authorized keys file on the vm. curl https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub > ~/.ssh/authorized_keys

Answer 3

Vagrant changed the behaviour between 1.6 and 1.7 versions and now will insert auto generated insecure key instead of the default one.

You can cancel this behaviour by setting config.ssh.insert_key = false in your Vagrantfile.

Vagrant shouldn't replace insecure key if you specify private_key_path like you did, however the internal logic checks if the private_key_path points to the default insecure_private_key, and if it does, Vagrant will replace it.

More info can be found here.

Answer 4

When Vagrant creates a new ssh key it's saved with the default configuration below the Vagrantfile directory at .vagrant/machines/default/virtualbox/private_key.

Using the autogenerated key you can login with that from the same directory as the Vagrantfile like this:

ssh -i .vagrant/machines/default/virtualbox/private_key -p 2222 vagrant@localhost

To learn about all details about the actual ssh configuration of a vagrant box use the vagrant ssh-config command.

# vagrant ssh-config
Host default
  HostName 127.0.0.1
  User vagrant
  Port 2222
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  PasswordAuthentication no
  IdentityFile /Users/babo/src/centos/.vagrant/machines/default/virtualbox/private_key
  IdentitiesOnly yes
  LogLevel FATAL

Answer 5

If you are specifically using Ansible (not the Vagrant Ansible provisioner), you might want to consider using the vagrant dynamic inventory script from Ansible's repo:

• https://github.com/ansible/ansible/blob/devel/contrib/inventory/vagrant.py

Alternatively, you'd can handcraft your own script and dynamically build your own vagrant inventory file:

SYSTEMS=$(vagrant status | grep running | cut -d ' '  -f1)

echo '[vagrant_systems]' > vagrant.ini

for SYSTEM in ${SYSTEMS}; do
  SSHCONFIG=$(vagrant ssh-config ${SYSTEM})
  IDENTITY_FILE=$(echo "${SSHCONFIG}" | grep -o "\/.*${SYSTEM}.*")
  PORT=$(echo "${SSHCONFIG}" | grep -oE '[0-9]{4,5}')
  echo "${SYSTEM} ansible_ssh_host=127.0.0.1 ansible_ssh_port=${PORT} ansible_ssh_private_key_file=${IDENTITY_FILE}" >> vagrant.ini
done

Then use ansible-playbook -i=vagrant.ini

If you try to use the ~/.ssh/config, you'll have to dynamically create or edit existing entries, as the ssh ports can change (due to the collision detection in Vagrant).