Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement Request: Improve winssh config for pubkey authentication #13486

Open
stefan-sesser opened this issue Aug 12, 2024 · 0 comments
Open

Enhancement Request: Improve winssh config for pubkey authentication #13486

stefan-sesser opened this issue Aug 12, 2024 · 0 comments
Labels
enhancement waiting-intake

Comments

@stefan-sesser
Copy link

Is your feature request related to a problem? Please describe.
I managed to use public key authentication on windows machines with the standard config.ssh settings.
My vagrant-libvirt configuration looks like this:

  ...
  c.vm.guest = "windows"
  c.ssh.shell = "powershell"
  c.ssh.insert_key = false
  c.ssh.disable_deprecated_algorithms = true
  ...

I have created a vagrant user which is a member of the Administrators group in my vagrant box. According to the Windows documentation you should us C:\ProgramData\ssh\administrators_authorized_keys for admins. If I start the VM with winssh configuration available it will connect to machine and exchange the ssh keys. Unfortunately, it will place the new keys into the home directory of the vagrant user which leads to an authentication failure.
Logs:

==> windows: Waiting for domain to get an IP address...
==> windows: Waiting for machine to boot. This may take a few minutes...
    windows: SSH address: 192.168.121.13:22
    windows: SSH username: vagrant
    windows: SSH auth method: private key
    windows: 
    windows: Vagrant insecure key detected. Vagrant will automatically replace
    windows: this with a newly generated keypair for better security.
    windows: 
    windows: Inserting generated public key within guest...
    windows: Removing insecure key from the guest if it's present...
    windows: Key inserted! Disconnecting and reconnecting using new SSH key...
    windows: Warning: Authentication failure. Retrying...

With standard ssh config, I am able to skip the key rotation but other things may not work properly (e.g. setup another network interface)

Describe the solution you'd like
If the vagrant user configured in the box is a member of the Administrators group, the newly created keys should be placed in C:\ProgramData\ssh\administrators_authorized_keys.

Describe alternatives you've considered
A workaround would be to implement the insert_key setting for winssh as well.
https://developer.hashicorp.com/vagrant/docs/vagrantfile/ssh_settings#config-ssh-insert_key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement waiting-intake
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stefan-sesser