Bad permissions on ~/.ssh/authorized_keys in 1.8.5

[ianwestcott]

Vagrant version

1.8.5

Host operating system

Mac OS X 10.11.6

Guest operating system

Ubuntu (12.04 and 14.04)

Vagrantfile

Vagrant.configure("2") do |config|
  config.vm.box = "ubuntu/precise64" # or "ubuntu/trusty64"
  config.vm.provider :virtualbox do |vb|
    vb.customize ["modifyvm", :id, "--memory", "1024"]
  end
end

Debug output

Available upon request.

Expected behavior

After provisioning an Ubuntu guest, the file /home/vagrant/.ssh/authorized_keys should be readable only by the vagrant user (600). This is the case in guests provisioned under Vagrant 1.8.4 and earlier.

Actual behavior

In Vagrant 1.8.5, the authorized_keys file generated during provisioning is both readable and writable by the vagrant group, and is also readable by others (664). This can create issues if, for example, the file's group ownership is changed, which will cause sshd to refuse the connection and log the error Authentication refused: bad ownership or modes for file /home/vagrant/.ssh/authorized_keys.

Steps to reproduce

1. Create a new VM with the precise64 or trusty64 box.
2. SSH into the VM using vagrant ssh
3. Run ls -la ~/.ssh

References

None.

[shadoxx]

There is a manual patch available that will fix this issue until the next release: #7610

[ianwestcott]

Ah, looks like this is a dupe then. Thanks @shadoxx!

[adi2909]

this still does not work.. any one willing to help ?

[ixolt]

same for me... actually doesn't work yet.

[SchnWalter]

@adi2909, @ixolt: For now you can fix this by opening the VirtualBox Manager (after the machine has been booted using vagrant up), right click on the VM you need to fix and select Show, then login using vagrant/vagrant and:

chmod go-w .ssh/authorized_keys

[ixolt]

@SchnWalter, yes I know about this. But in my case I provided vagrant box for developers. And I need fix this automatically. Without manual manipulation
I've used
chmod 0600 /root/.ssh/authorized_keys
But I think that this must be resolved, by Vagran Team in their product. I don't remember when this happend, but it seems like in 1.8.1 I didn't have this problem

[SchnWalter]

@ixolt, a quick (insecure) workaround would be to go back to the old ways of using Vagrant VMs with the default insecure key

# @see: https://www.vagrantup.com/docs/vagrantfile/ssh_settings.html
config.ssh.insert_key = false

[lmeyemezu]

still doesn't work in vagrant 1.8.6. can issue be reopened ?

[chrisroberts]

@lmeyemezu Hi! If you are still seeing this problem, please open a new issue and include all the information requested. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.