22

I'd like to enable password ssh authentication (and keep key-based authentication enabled) for may Vagrant VM. How to set that?

Vagrantfile:

Vagrant.configure("2") do |config|
  config.vm.box = "fedora/26-cloud-base"
  config.vm.box_version = "20170705"

  config.ssh.username = 'vagrant'
  config.ssh.password = 'a'
  config.ssh.keys_only = false
end

$ sudo vagrant ssh-config 
Host default
  HostName 192.168.121.166
  User vagrant
  Port 22
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  PasswordAuthentication no
  IdentityFile /home/jakub/src/kubernetes-vms/kubernetes/.vagrant/machines/default/libvirt/private_key
  LogLevel FATAL

Password a is not accepted with this settings.

I guess the might be PasswordAuthentication no in output of vagrant ssh-config. How can that option be switched on?

czerny
  • 15,090
  • 14
  • 68
  • 96

6 Answers6

16

On centos 7, using only below is not enough. By this way, I guess that it just make su vagrant become by password. I cannot find anything why below does not work in the official site.

Vagrant.configure("2") do |config|
  config.vm.box = "centos/7"

  config.ssh.username = 'vagrant'
  config.ssh.password = 'vagrant'
  config.ssh.insert_key = false
end

You should modify sshd_config manually.

  config.vm.provision "shell", inline: <<-SHELL
     sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config    
     systemctl restart sshd.service
  SHELL
vvvvv
  • 25,404
  • 19
  • 49
  • 81
Jess Chen
  • 3,136
  • 1
  • 26
  • 35
12

For me the following works. You need to ssh to the vm as usual and then edit /etc/ssh/sshd_config. There you need to set PasswordAuthentication to yes instead of no. This will allow password authentication.

FreeLightman
  • 2,224
  • 2
  • 27
  • 42
  • It Works! Thanks – vidihermes May 23 '18 at 03:33
  • 4
    is there a proper way to script this in ''Vagrantfile'' rather than manually configuring ssh? Btw.: You also need to restart sshd after the change (i.e. systemctl restart sshd) – DoNuT Jun 21 '18 at 07:57
  • 1
    I would add `perl -i -pe 'if (/^PasswordAuthentication no$/) { s/no$/yes/; $pwdAuth = 1 ; }; if (/^PasswordAuthentication yes$/) { $pwdAuth = 1 } ; END { if (!$pwdAu th) {print "\n# activate password auth\nPasswordAuthentication yes\n"}}' /etc/ssh/sshd_config` and the sshd restart command to your provision script – bernard paulus Feb 26 '19 at 16:14
6

Vagrantfile:

Vagrant.configure("2") do |config|
  config.vm.box = "fedora/26-cloud-base"
  config.vm.box_version = "20170705"

  config.vm.provision 'shell', inline: 'echo "vagrant:a" | chpasswd'
end

Line config.vm.provision 'shell', inline: 'echo "vagrant:a" | chpasswd' invokes shell provisioning that changes password of vagrant user (provided the box comes with predefined user called vagrant).

Then one can connect not only by vagrant ssh but also

ssh vagrant@<vm-ip>
czerny
  • 15,090
  • 14
  • 68
  • 96
4

If you want to force password authentication for the VM, you would need to set the following from your Vagrantfile

  config.ssh.username = 'vagrant'
  config.ssh.password = 'vagrant'
  config.ssh.insert_key = false

You need to make sure the vagrant user in the VM has the corresponding password. I am not sure for the box you use so you'll need to verify yourself. It works for following box: ubuntu/trusty64

Frederic Henri
  • 51,761
  • 10
  • 113
  • 139
  • 1
    It didn't work for me. `vagrant up` command got stuck prompting `vagrant@192.168.121.171's password:`. I can't provide the password since it is not provided by the box author. – czerny Aug 23 '17 at 17:38
  • so you need to login once to the VM and set the password, then repackage the box and use the config from my post – Frederic Henri Aug 23 '17 at 19:19
  • maybe, according to https://apple.stackexchange.com/a/61060/252780 it looks like one can't have different account and ssh passwords. I wasn't able to change account password using `config.ssh.password` during my experiments. So I'm really confused about the purpose of `config.ssh.password`. – czerny Aug 23 '17 at 23:52
  • 2
    you're confusing the authentication and the setting of the password. You need to have the user correctly setup already in the VM (with a password) and `config.ssh.password` is there to let vagrant knows which password is needed to authenticate the user. It is not there to set a new password for the user (you would first need to login to the VM to make this change) – Frederic Henri Aug 24 '17 at 05:56
3

To ssh with password, this will automatically update the sshd config on debian/stretch64:

config.vm.provision "shell", inline: <<-SHELL
  sed -i 's/ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' /etc/ssh/sshd_config    
  service ssh restart
SHELL
Syam
  • 151
  • 1
  • 4
  • Although the tip of changing the sshd_config helped, when i added the piece of config you mentioned here did not work. After the vm was up, i logged in and changed manually. I had to use sudo sed ..... . I am not sure why sudo is required but thats how i got it working – webjockey Sep 24 '20 at 22:12
3

With the following you enable password ssh authentication for a linux VM and (if you wish) you can also set the password for the users vagrant and root

Vagrant.configure("2") do |config|
  config.vm.box = "debian/bullseye64"
  config.vm.provision "shell", inline: <<-'SHELL'
    sed -i 's/^#* *\(PermitRootLogin\)\(.*\)$/\1 yes/' /etc/ssh/sshd_config
    sed -i 's/^#* *\(PasswordAuthentication\)\(.*\)$/\1 yes/' /etc/ssh/sshd_config
    systemctl restart sshd.service
    echo -e "vagrant\nvagrant" | (passwd vagrant)
    echo -e "root\nroot" | (passwd root)
  SHELL
end
wolfrevo
  • 6,651
  • 2
  • 26
  • 38