[DRE-maint] Bug#845165: vagrant-lxc: vagrant ssh key with wrong permissions, vm creation fails

Dean Hamstead dean at fragfest.com.au
Sun Nov 20 23:58:25 UTC 2016 

Package: vagrant-lxc
Version: 1.2.1-2
Severity: important

Dear Maintainer,

When vagrant-lxc places its authorized_keys file in to a new centos7 vm's ~vagrant/.ssh directory, it does so with too permissive ownership.
As a result, the centos7 vm's ssh wont allow ssh login.

I can work around this by manually running the following in another terminal, whilst the vm is being created

chmod 600 /var/lib/lxc/<vagrant vm name>/rootfs/home/vagrant/.ssh/authorized_keys


Here is the main terminal output, the "Authenticaion failure" will repeat over and over and eventually fail. The following examples shows when i perform the manual work around above.



dean at cliffjumper:~/git/stash/conform-OIE-module$ vagrant up --provider=lxc
Bringing machine 'default' up with 'lxc' provider...
==> default: Importing base box 'goodsmileduck/centos-7-lxc'...
==> default: Checking if box 'goodsmileduck/centos-7-lxc' is up to date...
==> default: Setting up mount entries for shared folders...
    default: /foo-module => /home/dean/git/stash/my-foo-module
==> default: Starting container...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 10.0.3.252:22
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: 
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default: 
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
==> default: Machine booted and ready!
==> default: Running provisioner: shell...
    default: Running: inline script
==> default: Loaded plugins: fastestmirror
==> default: Determining fastest mirrors
==> default:  * base: centos.mirror.crucial.com.au
==> default:  * extras: centos.mirror.crucial.com.au
==> default:  * updates: centos.mirror.crucial.com.au
==> default: Resolving Dependencies



-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages vagrant-lxc depends on:
ii  lxc      1:2.0.5-1
ii  redir    2.2.1-13
ii  ruby     1:2.3.0+4
ii  vagrant  1.8.5+dfsg-2

vagrant-lxc recommends no packages.

vagrant-lxc suggests no packages.

-- no debconf information

More information about the Pkg-ruby-extras-maintainers mailing list