How to enable password ssh authentication for Vagrant VM?

Asked 23/8, 2017 at 13:30 Answered 25/2, 2022 at 15:25

I'd like to enable password ssh authentication (and keep key-based authentication enabled) for may Vagrant VM. How to set that?

Vagrantfile:

Vagrant.configure("2") do |config|
  config.vm.box = "fedora/26-cloud-base"
  config.vm.box_version = "20170705"

  config.ssh.username = 'vagrant'
  config.ssh.password = 'a'
  config.ssh.keys_only = false
end

$ sudo vagrant ssh-config 
Host default
  HostName 192.168.121.166
  User vagrant
  Port 22
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  PasswordAuthentication no
  IdentityFile /home/jakub/src/kubernetes-vms/kubernetes/.vagrant/machines/default/libvirt/private_key
  LogLevel FATAL

Password a is not accepted with this settings.

I guess the might be PasswordAuthentication no in output of vagrant ssh-config. How can that option be switched on?

Homogenetic answered 23/8, 2017 at 13:30 Comment(0)

On centos 7, using only below is not enough. By this way, I guess that it just make su vagrant become by password. I cannot find anything why below does not work in the official site.

Vagrant.configure("2") do |config|
  config.vm.box = "centos/7"

  config.ssh.username = 'vagrant'
  config.ssh.password = 'vagrant'
  config.ssh.insert_key = false
end

You should modify sshd_config manually.

  config.vm.provision "shell", inline: <<-SHELL
     sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config    
     systemctl restart sshd.service
  SHELL

Floccus answered 4/12, 2019 at 7:14 Comment(0)

For me the following works. You need to ssh to the vm as usual and then edit /etc/ssh/sshd_config. There you need to set PasswordAuthentication to yes instead of no. This will allow password authentication.

Arhna answered 25/3, 2018 at 15:57 Comment(3)

It Works! Thanks – Serpentiform 23/5, 2018 at 3:33

is there a proper way to script this in ''Vagrantfile'' rather than manually configuring ssh? Btw.: You also need to restart sshd after the change (i.e. systemctl restart sshd) – Sullyprudhomme 21/6, 2018 at 7:57

I would add

perl -i -pe 'if (/^PasswordAuthentication no$/) { s/no$/yes/; $pwdAuth = 1 ; }; if (/^PasswordAuthentication yes$/) { $pwdAuth = 1 } ; END { if (!$pwdAu th) {print "\n# activate password auth\nPasswordAuthentication yes\n"}}' /etc/ssh/sshd_config

and the sshd restart command to your provision script – Scibert 26/2, 2019 at 16:14

Vagrantfile:

Vagrant.configure("2") do |config|
  config.vm.box = "fedora/26-cloud-base"
  config.vm.box_version = "20170705"

  config.vm.provision 'shell', inline: 'echo "vagrant:a" | chpasswd'
end

Line config.vm.provision 'shell', inline: 'echo "vagrant:a" | chpasswd' invokes shell provisioning that changes password of vagrant user (provided the box comes with predefined user called vagrant).

Then one can connect not only by vagrant ssh but also

ssh vagrant@<vm-ip>

Homogenetic answered 23/8, 2017 at 17:34 Comment(0)

If you want to force password authentication for the VM, you would need to set the following from your Vagrantfile

  config.ssh.username = 'vagrant'
  config.ssh.password = 'vagrant'
  config.ssh.insert_key = false

You need to make sure the vagrant user in the VM has the corresponding password. I am not sure for the box you use so you'll need to verify yourself. It works for following box: ubuntu/trusty64

Handmaiden answered 23/8, 2017 at 15:11 Comment(4)

It didn't work for me. vagrant up command got stuck prompting [email protected]'s password:. I can't provide the password since it is not provided by the box author. – Homogenetic 23/8, 2017 at 17:38

so you need to login once to the VM and set the password, then repackage the box and use the config from my post – Handmaiden 23/8, 2017 at 19:19

maybe, according to apple.stackexchange.com/a/61060/252780 it looks like one can't have different account and ssh passwords. I wasn't able to change account password using config.ssh.password during my experiments. So I'm really confused about the purpose of config.ssh.password. – Homogenetic 23/8, 2017 at 23:52

you're confusing the authentication and the setting of the password. You need to have the user correctly setup already in the VM (with a password) and config.ssh.password is there to let vagrant knows which password is needed to authenticate the user. It is not there to set a new password for the user (you would first need to login to the VM to make this change) – Handmaiden 24/8, 2017 at 5:56

With the following you enable password ssh authentication for a linux VM and (if you wish) you can also set the password for the users vagrant and root

Vagrant.configure("2") do |config|
  config.vm.box = "debian/bullseye64"
  config.vm.provision "shell", inline: <<-'SHELL'
    sed -i 's/^#* *\(PermitRootLogin\)\(.*\)$/\1 yes/' /etc/ssh/sshd_config
    sed -i 's/^#* *\(PasswordAuthentication\)\(.*\)$/\1 yes/' /etc/ssh/sshd_config
    systemctl restart sshd.service
    echo -e "vagrant\nvagrant" | (passwd vagrant)
    echo -e "root\nroot" | (passwd root)
  SHELL
end

Brannan answered 25/2, 2022 at 15:25 Comment(0)

To ssh with password, this will automatically update the sshd config on debian/stretch64:

config.vm.provision "shell", inline: <<-SHELL
  sed -i 's/ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' /etc/ssh/sshd_config    
  service ssh restart
SHELL

Baxy answered 1/8, 2018 at 14:24 Comment(1)

Although the tip of changing the sshd_config helped, when i added the piece of config you mentioned here did not work. After the vm was up, i logged in and changed manually. I had to use sudo sed ..... . I am not sure why sudo is required but thats how i got it working – Rimmer 24/9, 2020 at 22:12

Recommended topics

Hot tags