From 6e6fc44f32470a2e452f968398bb17e01e4dec99 Mon Sep 17 00:00:00 2001 From: John-Paul Robinson <jpr@uab.edu> Date: Tue, 8 Jan 2019 17:17:40 -0600 Subject: [PATCH] Improve ssh key config Move insert_key directive before VM create to avoid custom key create Add comments motivating the config choices for ssh config steps Expand user key authz logic to append key rather than just replace all existing keys in vagrant user authorized_keys file. --- Vagrantfile | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 03c6630..2166189 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -3,6 +3,9 @@ Vagrant.configure("2") do |config| + # don't configure host-specific keys, config will use the user's key + config.ssh.insert_key = false + config.vm.define "ohpc" do |ohpc| ohpc.vm.box = "ravi89/centos7.5" ohpc.vm.box_version = "1" @@ -27,9 +30,17 @@ Vagrant.configure("2") do |config| vb.memory = "2048" end - config.ssh.insert_key = false + # define user's key and insecure default + # insecure default is required for initial provisioning config.ssh.private_key_path = ["~/.ssh/id_rsa", "~/.vagrant.d/insecure_private_key"] - config.vm.provision "file", source: "~/.ssh/id_rsa.pub", destination: "~/.ssh/authorized_keys" + # append user's key to vagrant config to avoid overwrite of existing authorized_keys + # https://stackoverflow.com/a/31153912/8928529 + config.vm.provision "ssh_pub_key", type: "shell" do |s| + ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip + s.inline = <<-SHELL + echo #{ssh_pub_key} >> /home/vagrant/.ssh/authorized_keys + SHELL + end config.vm.provision "shell", inline: <<-SHELL if [ -f /vagrant/localenv.sh ]; then -- GitLab