teh*_*ehK 66 ssh public-key vagrant
我在向Vagrant VM添加ssh密钥时遇到了问题.基本上我在这里的设置工作正常.一旦创建了VM,我就可以访问它们vagrant ssh,用户"vagrant"存在,并且该authorized_keys文件中有该用户的ssh密钥.
我现在要做的是:能够通过ssh或使用连接到这些VM scp.所以我只需要将我的公钥添加id_rsa.pub到authorized_keys- 就像我一样ssh-copy-id.
有没有办法告诉Vagrant在设置过程中应该包含我的公钥?如果没有(根据我的谷歌搜索结果,可能是这样),有没有办法在流浪汉设置过程中轻松附加我的公钥?
Meo*_*eow 64
您可以使用Ruby的核心File模块,如下所示:
config.vm.provision "shell" do |s|
ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip
s.inline = <<-SHELL
echo #{ssh_pub_key} >> /home/vagrant/.ssh/authorized_keys
echo #{ssh_pub_key} >> /root/.ssh/authorized_keys
SHELL
end
此工作示例附加~/.ssh/id_rsa.pub到~/.ssh/authorized_keysvagrant和root用户,这将允许您使用现有的SSH密钥.
Rem*_*anu 40
复制所需的公钥将完全属于配置阶段.确切的答案取决于您想要使用的配置(shell,Chef,Puppet等).最琐碎的是file关键的供应者,这是:
config.vm.provision "file", source: "~/.ssh/id_rsa.pub", destination: "~/.ssh/me.pub"
好吧,实际上你需要附加到authorized_keys,使用真正的配置器,比如Puppet.例如,请参阅使用Puppet管理SSH授权密钥.
小智 34
有一种更"优雅"的方式来完成你想做的事情.您可以找到现有的私钥并使用它,而不是经历添加公钥的麻烦.
像这样继续查看现有私钥的路径(请参见下面的IdentityFile):
跑
vagrant ssh-config
结果:
$ vagrant ssh-config Host magento2.vagrant150 HostName 127.0.0.1 User vagrant Port 3150 UserKnownHostsFile /dev/null StrictHostKeyChecking no PasswordAuthentication no IdentityFile "/Users/madismanni/m2/vagrant-magento/.vagrant/machines/magento2.vagrant150/virtualbox/private_key" IdentitiesOnly yes LogLevel FATAL
然后你可以像这样使用私钥,还要注意关闭密码验证的开关
ssh -i /Users/madismanni/m2/vagrant-magento/.vagrant/machines/magento2.vagrant150/virtualbox/private_key -o PasswordAuthentication=no vagrant@127.0.0.1 -p 3150
更短更正确的代码应该是:
ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip
config.vm.provision 'shell', inline: 'mkdir -p /root/.ssh'
config.vm.provision 'shell', inline: "echo #{ssh_pub_key} >> /root/.ssh/authorized_keys"
config.vm.provision 'shell', inline: "echo #{ssh_pub_key} >> /home/vagrant/.ssh/authorized_keys", privileged: false
否则用户.ssh/authorized_keys将属于root用户.
它仍然会在每次提供运行时添加一行,但Vagrant用于测试,而VM通常寿命较短,因此不是一个大问题.
我最终使用的代码如下:
config.ssh.forward_agent = true
config.ssh.insert_key = false
config.ssh.private_key_path = ["~/.vagrant.d/insecure_private_key","~/.ssh/id_rsa"]
config.vm.provision :shell, privileged: false do |s|
ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip
s.inline = <<-SHELL
echo #{ssh_pub_key} >> /home/$USER/.ssh/authorized_keys
sudo bash -c "echo #{ssh_pub_key} >> /root/.ssh/authorized_keys"
SHELL
end
请注意,我们不应该硬编码路径,/home/vagrant/.ssh/authorized_keys因为一些流浪盒不使用vagrant用户名.
扩展Meow的示例,我们可以复制本地pub/private ssh密钥,设置权限,并使内联脚本具有幂等性(运行一次,只有在测试条件失败时才会重复,因此需要配置):
config.vm.provision "shell" do |s|
ssh_prv_key = ""
ssh_pub_key = ""
if File.file?("#{Dir.home}/.ssh/id_rsa")
ssh_prv_key = File.read("#{Dir.home}/.ssh/id_rsa")
ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip
else
puts "No SSH key found. You will need to remedy this before pushing to the repository."
end
s.inline = <<-SHELL
if grep -sq "#{ssh_pub_key}" /home/vagrant/.ssh/authorized_keys; then
echo "SSH keys already provisioned."
exit 0;
fi
echo "SSH key provisioning."
mkdir -p /home/vagrant/.ssh/
touch /home/vagrant/.ssh/authorized_keys
echo #{ssh_pub_key} >> /home/vagrant/.ssh/authorized_keys
echo #{ssh_pub_key} > /home/vagrant/.ssh/id_rsa.pub
chmod 644 /home/vagrant/.ssh/id_rsa.pub
echo "#{ssh_prv_key}" > /home/vagrant/.ssh/id_rsa
chmod 600 /home/vagrant/.ssh/id_rsa
chown -R vagrant:vagrant /home/vagrant
exit 0
SHELL
end