sshdDNS lookups are disabled by default
sshdpassword authentication is now disabled (the
vagrantuser is configured with the publicly-known password
vagrantand passwordless sudo, making it trivial for third-parties to gain administrative access via
sshif password authentication is enabled). You can still login as
vagrantby entering the password on the console, if needed. We recommend re-creating all Vagrant boxes that were configured with private or public networking in the Vagrantfile.
sendfileis enabled. If you still want to install the Guest Additions, you can try either vbguest or, if you already use Ansible, take a look at https://github.com/lpancescu/cloud-instance-starter-kit for an example of automatic installation.
vagrant upto fail on Windows, where rsync is not installed by default. As a workaround, Windows users can either install rsync via Cygwin or MSYS, or disable the sync directory by adding the line
config.vm.synced_folder ".", "/vagrant", disabled: trueto the Vagrantfile.
~vagrant/.ssh/authorized_keysto 0644 (world-readable) when replacing the insecure public key with a newly generated one. Since
sshdwill only accept keys readable just by their owner,
vagrant upreturns an error, since it cannot connect with the new key and it already removed the insecure key. This is Vagrant bug #7610, which affects all Linux distributions (not just CentOS); you can either downgrade to Vagrant 1.8.4 or wait for 1.8.6 to be released.
Only x86_64 images are currently available, for Vagrant’s libvirt and VirtualBox providers.
First-time users can download the official images from Hashicorp’s Atlas. You can use
vagrant box add centos/6 for CentOS Linux 6, or
vagrant box add centos/7 for CentOS Linux 7.
Existing users can upgrade their boxes directly by Vagrant, e.g.
vagrant box update --box centos/7, but the changes will only apply to newly created instances.
If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos-devel on Freenode.
We would like to thank Nico Kadel-Garcia for his valuable insight on preventing
sshd from performing reverse DNS lookups.