LoginSignup
15
17

More than 5 years have passed since last update.

@tateren

vagrant up時にAuthentication failureが出続ける原因と対処法

Last updated at Posted at 2016-09-01

環境

  • Windows 7 Professional 64bit
  • Vagrant 1.8.5
  • Oracle VM VirtualBox 5.1.4 + Extension Pack

vagrant upした時の様子

C:\Users\tateren\bento\centos-7.2>vagrant init bento/centos-7.2
A `Vagrantfile` has been placed in this directory. You are now
ready to `vagrant up` your first virtual environment! Please read
the comments in the Vagrantfile as well as documentation on
`vagrantup.com` for more information on using Vagrant.

C:\Users\tateren\bento\centos-7.2>vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'bento/centos-7.2'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'bento/centos-7.2' is up to date...
==> default: Setting the name of the VM: centos-72_default_1472711212402_37255
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: Warning: Remote connection disconnect. Retrying...
    default: Warning: Remote connection disconnect. Retrying...
    default:
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default:
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...

という具合に認証に失敗し続けて先に進まなくなる。

原因の調査と解決方法

    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default:
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...

この辺を見るとinsecure_keyを検出したから新しい鍵ペアを生成して配置してる模様。

vagrant 1.7.0 からの機能らしい。

vagrant/CHANGELOG.md - 1.7.0 (December 9, 2014)

鍵認証ができないだけでVMは立ち上がっているようなので、パスワード認証でゲストOSにログインして調べてみる。

[vagrant@localhost ~]$ sudo cat /var/log/secure
...
Sep  1 08:52:09 localhost sshd[3588]: Authentication refused: bad ownership or modes for file /home/vagrant/.ssh/authorized_keys
Sep  1 08:52:09 localhost sshd[3588]: Connection closed by 10.0.2.2 [preauth]
...

authorized_keysの所有者か権限がおかしいとのこと。

[vagrant@localhost ~]$ ls -l .ssh/authorized_keys 
-rw-rw-r--. 1 vagrant vagrant 389 Sep  1 07:05 .ssh/authorized_keys

パーミッションが664になっていた。

[vagrant@localhost ~]$ chmod 600 .ssh/authorized_keys

適切な権限に修正する。

    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
    default: The guest additions on this VM do not match the installed version of
    default: VirtualBox! In most cases this is fine, but in rare cases it can
    default: prevent things such as shared folders from working properly. If you see
    default: shared folder errors, please make sure the guest additions within the
    default: virtual machine match the version of VirtualBox you have installed on
    default: your host and reload your VM.
    default:
    default: Guest Additions Version: 5.0.26
    default: VirtualBox Version: 5.1
==> default: Mounting shared folders...
    default: /vagrant => C:/Users/tateren/bento/centos-7.2

C:\Users\tateren\bento\centos-7.2>

認証が通ったようで起動処理が完了した。

insecureとは?

[vagrant@localhost ~]$ ssh-keygen -l -f .ssh/authorized_keys 
2048 dd:3b:b8:2e:85:04:06:e9:ab:ff:a8:0a:c0:04:6e:d6  vagrant insecure public key (RSA)

2048bitのRSAなら十分なんじゃないかなぁと思ってたら強度の話ではなくてVagrantの提供している共有公開鍵という意味らしい。

vagrant/keys/vagrant.pub

[vagrant@localhost ~]$ cat .ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key

同じだった。

防止策

  • Vagrantファイルに config.ssh.insert_key = false と記述することでinsecure_keyの自動置き換えを無効にできる。

公式ドキュメント - SSH SETTINGS

追記

Vagrant 1.8.5のバグらしいです

15
17
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
15
17