#332 Setup OpenSSH Portable for windows

[abbbi]

Install OpenSSH Portable for windows, which can be used for provisioning as an alternative to winrm
on libvirt based setups.

While by default, winrm is used, users can enable the ssh communicator using the following settings within the
Vagrantfile:

  config.vm.communicator = "winssh"                                                                                                                                                            
  config.ssh.password = "vagrant"  # required to allow vagrant to add ssh key during first step
  config.vm.provision "shell",
    inline: "Write hello"

As virtual machine spins up, connection is attempted and provisioning scripts are executed via
SSH:

==> default: Starting domain.
==> default: Waiting for domain to get an IP address...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 10.0.0.10:22
    default: SSH username: vagrant
    default: SSH auth method: password
    default: Warning: Connection reset. Retrying...
    default: 
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Forwarding ports...
==> default: 3389 (guest) => 3389 (host) (adapter eth0)
==> default: 5986 (guest) => 5986 (host) (adapter eth0)
==> default: 5985 (guest) => 5985 (host) (adapter eth0)
==> default: Running provisioner: shell...
    default: Running: inline script
    default: 
    default: hello

[ruzickap]

Thank you for your contribution...

The SSH seems to be working fine (I checked in on Win10).
It's good idea to have SSH enabled. I tried the OpenSSH for windows few years back and it was not working very well. Now it looks like it is more mature...

One more thing which I am missing. When I run vagrant ssh I can get in using "vagrant" password:

$ vagrant ssh
[email protected]'s password: 

Is there a chance to add the "Vagrant key" to skip the authentication like it is for linux systems: https://github.com/ruzickap/packer-templates/blob/master/scripts/linux-common/vagrant.sh ?

[abbbi]

Is there a chance to add the "Vagrant key" to skip the authentication like it is for linux systems: https://github.com/ruzickap/packer-templates/blob/master/scripts/linux-common/vagrant.sh ?

yeah, so as far as i know this is how it works: image build place a default "insecure" key within the virtual machine which allows
for vagrant to access right after the virtual machine is up. It then creates a new key and places it within the virtual machine.

I think to get the passwordless auth working with windows, its required to place the vagrant insecure key within the image during build:

https://github.com/hashicorp/vagrant/tree/master/keys

I dont know where the place it on windows, as i dont have experience where the openssh service searches for it.
Its probably easy to detect while running "vagrant up --debug" and watch it replacing the key with the password used
during spinup.

It actually manages to replace the key with the password setting, but then doesnt use it for some reason..

[abbbi]

thats what i get from debug:

DEBUG guest: Found cap: insert_public_key in windows
 INFO guest: Execute capability: insert_public_key [#<Vagrant::Machine: default (VagrantPlugins::ProviderLibvirt::Provider)>, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCads2njvRpYsJqSL5CJz0/bxjNgWITJKOKmDM+l2jzkE3vsNkJf1M+M6VNMt7WmmSv6BER/Xr1UIOrkT4deOSKqWyF8TVRZBySh8Y2aK8/YkTn3RMpNsJ++gLiulFZJTIzS/987J4q4iHzQlIhcEiL6sZJa83TqknW+vJoLqx29cWNBtVEZx9ALwLth8c0K4R7BPasCLX8Vy6l8HW74ItxOlnhJH5Y2jMpR2ZkJd4C0dtVrwsJGvTLNGuxnmfdgNcNn0XV6Ra03WgHbvsWGf0s293qqgIIWEle0yn28n+6wvI4Y2Kofj5m71JAUYk8+h98pAUv2sb6sjKdka1nCgXJ vagrant"] (windows)
DEBUG winssh: Re-using SSH connection.
 INFO winssh: Execute: Write-Output $env:TEMP
Write-Output $env:USERPROFILE - opts: {:sudo=>false, :shell=>"powershell", :force_raw=>false}
DEBUG winssh: Base SSH exec command: Write-Output $env:TEMP
Write-Output $env:USERPROFILE
DEBUG winssh: stderr: 41e57d38-b4f7-4e46-9c38-13873d338b86-vagrant-ssh

DEBUG winssh: Exit status: 0
DEBUG winssh: Re-using SSH connection.
 INFO winssh: Execute: New-Item -Path 'C:\Users\vagrant\.ssh' -ItemType directory -Force - opts: {:sudo=>false, :shell=>"powershell", :force_raw=>false}
DEBUG winssh: Base SSH exec command: New-Item -Path 'C:\Users\vagrant\.ssh' -ItemType directory -Force
DEBUG winssh: stderr: 41e57d38-b4f7-4e46-9c38-13873d338b86-vagrant-ssh

DEBUG winssh: Exit status: 0
DEBUG winssh: Re-using SSH connection.
 INFO winssh: Execute: cmd.exe /c 'dir "C:\Users\vagrant\.ssh\authorized_keys"' - opts: {:sudo=>false, :shell=>"cmd", :force_raw=>false}
DEBUG winssh: Base SSH exec command: cmd.exe /c 'dir "C:\Users\vagrant\.ssh\authorized_keys"'
DEBUG winssh: stderr: 41e57d38-b4f7-4e46-9c38-13873d338b86-vagrant-ssh

[abbbi]

So in theory everything should behave nicely if we place the vagrant default insecure public key to:

"C:\Users\vagrant.ssh\authorized_keys"
"C:\Users\Administrator\.ssh\authorized_keys"

during image build.

Then the option:

config.ssh.password = "vagrant"

is not necessary anymore and vagrant can use keys from the start.

[ruzickap]

Ok let's merge the OpenSSH first, test it with all "windows" boxes and then look at the

• C:\Users\vagrant.ssh\authorized_keys
• C:\Users\Administrator\.ssh\authorized_keys