Add public key to Vagrant

Redactado por: Felipe Juarez

After copying a file to Vagrant and creating a basic file structure. We can continue with our series.

So, in this post, we are going to talk about the following topics:

  1. Assign an IP address
  2. Add your public key
  3. Access to vagrant machine without vagrant ssh

For the first point and taking the file structure previously mentioned, we modify as follow:

Vagrant.configure("2") do |config| = "centos/7" "public_network", bridge: "en0: Wi-Fi (AirPort)", auto_config: false
  config.vm.provision "shell", run: "always", inline: "ip addr add dev eth1"

Once we have finished editing that file, we run vagrant up command. We can test our configuration two different ways. The first one is using ping command:

❯ ping -c 6
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=64 time=0.265 ms
64 bytes from icmp_seq=1 ttl=64 time=0.361 ms
64 bytes from icmp_seq=2 ttl=64 time=0.474 ms
64 bytes from icmp_seq=3 ttl=64 time=0.555 ms
64 bytes from icmp_seq=4 ttl=64 time=0.380 ms
64 bytes from icmp_seq=5 ttl=64 time=0.334 ms

--- ping statistics ---
6 packets transmitted, 6 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.265/0.395/0.555/0.095 ms

And the second one is using vagrant ssh and checking the interface:

❯ vagrant ssh
Last login: Wed Jul  5 04:07:21 2017 from
[vagrant@localhost ~]$ ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:e5:b5:69 brd ff:ff:ff:ff:ff:ff
    inet brd scope global dynamic eth1
       valid_lft 86031sec preferred_lft 86031sec
    inet scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::a9a0:340d:44ab:6ed1/64 scope link
       valid_lft forever preferred_lft forever

With that in place, we are going to add our public key (if you don’t know how create one you can check this github post). So, we edit our Vagrant file again, as follows:

Vagrant.configure("2") do |config| = "centos/7" "public_network", bridge: "en0: Wi-Fi (AirPort)", auto_config: false
  config.vm.provision "shell", run: "always", inline: "ip addr add dev eth1"

  config.ssh.insert_key = false # 1
  config.ssh.private_key_path = ['~/.vagrant.d/insecure_private_key', '~/.ssh/id_rsa'] # 2
  config.vm.provision "file", source: "~/.ssh/", destination: "~/.ssh/authorized_keys" # 3

  # 4
  config.vm.provision "shell", inline: <<-EOC
    sudo sed -i -e "\\#PasswordAuthentication yes# s#PasswordAuthentication yes#PasswordAuthentication no#g" /etc/ssh/sshd_config
    sudo systemctl restart sshd.service
    echo "finished"

In line marked with 1 we tell to Vagrant that use Vagrant’s default insecure key inside the machine. In the next line (2) we specify the paths to the private keys to use to SSH into the guest machine. In step number 3 we copy our into the Vagrant machine and rename as authorized_keys. And finally, in step 4 we change the configuration of sshd, for not asking a password and restart our service.

Finally we can access to our Vagrant machine with pure ssh vagrant@

❯ ssh vagrant@
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:d5Ak9sY7Gg1biVuQJ1Gdp6Axan3uq5+EkwMaoGSNQZw.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (ECDSA) to the list of known hosts.
Last login: Wed Jul  5 04:37:17 2017 from
[vagrant@localhost ~]$

And that’s all, with this you can access to the machine without password. And in the next post we are going to talk about distillery.

comments powered by Disqus