Vagrant auth failure on new vagrant images?

ssasso · November 24, 2022, 9:14am

It seems that from a certain point in time the official VyOS current vagrant box images (https://app.vagrantup.com/vyos/boxes/current) are broken in some may (I’m using libvirt ones).

vagrant up is stuck at:

vy1: Warning: Authentication failure. Retrying...

I tried to force the Vagrantfile for having:

vy1.ssh.username="vyos"
vy1.ssh.password="vyos"

but nothing changes.

Most probably this is due to missing vagrant default public key?

NOTE: everything was working fine with the 20220920.02.18 image (same Vagrantfile), so the break happened between that time and 20221117.

Is someone else having my same problem?

ssasso · November 24, 2022, 9:47am

NOTE 2: if I do a vagrant ssh vy1, and insert vyos as password, I am able to login.

fernando · November 24, 2022, 12:59pm

it looks like an issues with default public key , Could you create a task on https://phabricator.vyos.net/ ?

thanks

ssasso · November 24, 2022, 1:11pm

https://phabricator.vyos.net/T4838

sysoleg · December 9, 2022, 6:35am

This is due to this commit system login: T874: add 2FA support for local and ssh authentication · vyos/vyos-1x@765f843 · GitHub.

The commit is turning off SSH PasswordAuthentication by default, so VyOS doesn’t expose “password” in SSH authentication methods list anymore. With most clients “keyboard-interactive” (because of VyOS ChallengeResponseAuthentication=yes by default) can be used to authenticate by entering the password, but Vagrant doesn’t list this method during the first SSH connection. The thing is not configurable.

You can “fix” this by hacking Vagrant’s plugins/communicators/ssh/communicator.rb and adding “keyboard-interactive” to auth_methods around line 408.

ssasso · December 9, 2022, 8:32am

Thanks @sysoleg for your reply.

The official Vagrant boxes published under https://app.vagrantup.com/vyos/boxes/current are broken due to this.

A solution could be to add the “vagrant insecure key” to the box for the vyos user.

If the Vagrant boxes are published using this vyos-vm-images/vagrant-libvirt.yml at current · vyos/vyos-vm-images · GitHub , I can try to submit a PR.

ssasso · December 13, 2022, 8:48am

@fernando do you think the PR can be accepted and the issue resolved?

otherwise the existing vagrant boxes on vagrant cloud are totally useless.

Viacheslav · December 13, 2022, 10:25am

I requested maintainers for review
Thanks for PR

ssasso · December 27, 2022, 3:50pm

Hello @Viacheslav , any news for the PR merge?
thanks!