| |
@@ -53,11 +53,5 @@
|
| |
chmod 600 ~vagrant/.ssh/authorized_keys
|
| |
chown -R vagrant:vagrant ~vagrant/.ssh/
|
| |
|
| |
- # Further suggestion from @purpleidea (James Shubin) - extend key to root users as well
|
| |
- mkdir -m 0700 -p /root/.ssh
|
| |
- cp /home/vagrant/.ssh/authorized_keys /root/.ssh/authorized_keys
|
| |
- chmod 600 /root/.ssh/authorized_keys
|
| |
- chown -R root:root /root/.ssh
|
| |
-
|
| |
%end
|
| |
|
| |
Having the insecure key for both the vagrant user and the root user
means that at least one of them won't be replaced with a more secure
key on instance boot. Typically the vagrant software uses the vagrant
user which means that in a default situation you end up with the
insecure pubkey on the root user account. So if anyone were able to get
access to the same network as the VM they'd be able to log in as root
using the insecure vagrant key.
The guidelines for building a base box are at [1] and don't mention
setting the insecure key for the root user. Let's remove this now.
[1] https://www.vagrantup.com/docs/boxes/base.html