{"id":13572436,"url":"https://github.com/virtuald/vagrant-rekey-ssh","last_synced_at":"2025-04-04T10:30:28.972Z","repository":{"id":12366122,"uuid":"15016151","full_name":"virtuald/vagrant-rekey-ssh","owner":"virtuald","description":"Obsolete after Vagrant 1.7. Vagrant plugin which plugs default gaping holes in a vagrant box","archived":true,"fork":false,"pushed_at":"2016-02-27T06:11:51.000Z","size":18,"stargazers_count":55,"open_issues_count":2,"forks_count":6,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-11-05T05:34:18.262Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/virtuald.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-12-08T01:20:03.000Z","updated_at":"2023-09-08T16:43:55.000Z","dependencies_parsed_at":"2022-09-10T17:22:19.528Z","dependency_job_id":null,"html_url":"https://github.com/virtuald/vagrant-rekey-ssh","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/virtuald%2Fvagrant-rekey-ssh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/virtuald%2Fvagrant-rekey-ssh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/virtuald%2Fvagrant-rekey-ssh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/virtuald%2Fvagrant-rekey-ssh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/virtuald","download_url":"https://codeload.github.com/virtuald/vagrant-rekey-ssh/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247160157,"owners_count":20893777,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T14:01:23.165Z","updated_at":"2025-04-04T10:30:28.649Z","avatar_url":"https://github.com/virtuald.png","language":"Ruby","funding_links":[],"categories":["Ruby"],"sub_categories":[],"readme":"OBSOLETE: The functionality this plugin provides is available in Vagrant 1.7+\n\nvagrant-rekey-ssh\n=================\n\nThis is a [vagrant](http://vagrantup.com) plugin that will make your vagrant\nboxes a bit more secure than they currently are.\n\nRationale\n---------\n\nAll Vagrant boxes come with the same ssh key and passwords installed. This\nmeans anyone who can ssh into your VM will be able to authenticate to it\nif they try the vagrant default credentials. Additionally, vagrant boxes\ncome with passwordless sudo privileges, so anyone able to SSH into your \nbox will be able to do whatever they want on it.\n\nAs of Vagrant 1.2.3, for the most part this doesn't matter, because you can \nonly access the Vagrant VM from localhost (previous versions allowed access\nfrom any machine on your local network). However, this becomes *extremely*\nimportant if you are using a vagrant box that is on a bridged network. If\nyour VM is on a bridged network without other controls in place, that means\n*anyone* who has access to your local network can SSH into your VM and get\nroot access on it. There are plenty of documented ways of breaking out of a\nVM, so this is clearly a problem that needs to be addressed.\n\nIdeally, Vagrant would have something built into it to solve the problem.\nSince that isn't currently the case, I've created this plugin to help. \n\nThis solution\n-------------\n\nThe first time that this plugin is run, it generates a unique SSH key and\nstores it as `~/vagrant.d/less_insecure_private_key`. Whenever you run the\n`vagrant provision` command, this plugin will run a script to check the\nauthorized keys for the vagrant user to determine if the insecure key\npublic key is present. If it is present, it will replace the insecure key\nwith the public key for the generated key pair.\n\nAdditionally, if the insecure public key is present, it will delete the\npasswords for root and vagrant, so that you cannot login using a password.\n\nWhenever vagrant tries to SSH into a box using an SSH key, this plugin will\nadd the generated SSH key to the list of keys it tries. This ensures that\nyou will still be able to SSH into boxes that have the insecure key installed.\n\nInstallation\n------------\n\n    vagrant plugin install vagrant-rekey-ssh\n\nUsage\n-----\n\nJust install the plugin. It will do its magic automatically when you provision\na box.\n\nTo secure already running VMs, you will need to run `vagrant provision` on\nthem.\n\nSettings\n--------\n\nYou can set these settings in an individual Vagrantfile, or you can specify\nthis in your global Vagrantfile (~/.vagrant.d/Vagrantfile)\n\n* `config.rekey_ssh.enable` - Enables or disables the plugin. Default: enabled\n\n\nCompatibility\n-------------\n\nI've only tested this on Vagrant 1.3.5 using the Virtualbox provider on Ubuntu\nand OSX. In addition, it was tested on Windows 8.1 with Vagrant 1.6.3 and the\nVirtualBox provider. Let me know if it works on earlier versions of Vagrant,\nand I'll put that here.\n\nKnown Issues\n------------\n\nI haven't figured out a generic way to override a machine's configuration\nwithout hooking specific actions, which results in the following bugs that\nI am aware of:\n\n* The ssh-config command does not include the correct keys\n* May not work with commands that are not built in to vagrant\n\nIf you can figure out a good way to fix these, please submit a pull request.\n\nContributing new changes\n========================\n\n1. Fork this repository\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Add some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Create new Pull Request\n\nDevelopment\n===========\n\nTo work on the `vagrant-rekey-ssh` plugin, clone this repository out, and use\n[Bundler](http://gembundler.com) to get the dependencies:\n\n    $ bundle\n\nYou can test the plugin without installing it into your Vagrant environment \nby just creating a `Vagrantfile` in the top level of this directory (it is\ngitignored) that uses it, and uses bundler to execute Vagrant:\n\n    $ bundle exec vagrant WHATEVER\n\nCredits\n=======\n\nSince I'm not really a ruby programmer, a lot of the skeleton of this plugin\ncame from other Vagrant plugins, particularly `vagrant-ohai` and \n`vagrant-openstack-plugin`. \n\nAuthor\n======\n\nAuthor:: Dustin Spicuzza (dustin@virtualroadside.com)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvirtuald%2Fvagrant-rekey-ssh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvirtuald%2Fvagrant-rekey-ssh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvirtuald%2Fvagrant-rekey-ssh/lists"}