Official Vagrant images for CentOS Linux 6 and CentOS Linux 7 for x86_64 are now available for download, featuring updated packages to 28 July 2016 and the following improvements:
/vagrant
sshd
DNS lookups are disabled by defaultvagrant
sshd
password authentication is now disabled (the vagrant
user is configured with the publicly-known password vagrant
and passwordless sudo, making it trivial for third-parties to gain administrative access via ssh
if password authentication is enabled). You can still login as root
or vagrant
by entering the password on the console, if needed. We recommend re-creating all Vagrant boxes that were configured with private or public networking in the Vagrantfile.sendfile
is enabled. If you still want to install the Guest Additions, you can try either vbguest or, if you already use Ansible, take a look at https://github.com/lpancescu/cloud-instance-starter-kit for an example of automatic installation.vagrant up
to fail on Windows, where rsync is not installed by default. As a workaround, Windows users can either install rsync via Cygwin or MSYS, or disable the sync directory by adding the line config.vm.synced_folder ".", "/vagrant", disabled: true
to the Vagrantfile.~vagrant/.ssh/authorized_keys
to 0644 (world-readable) when replacing the insecure public key with a newly generated one. Since sshd
will only accept keys readable just by their owner, vagrant up
returns an error, since it cannot connect with the new key and it already removed the insecure key. This is Vagrant bug #7610, which affects all Linux distributions (not just CentOS); you can either downgrade to Vagrant 1.8.4 or wait for 1.8.6 to be released.Only x86_64 images are currently available, for Vagrant’s libvirt and VirtualBox providers.
First-time users can download the official images from Hashicorp’s Atlas. You can use vagrant box add centos/6
for CentOS Linux 6, or vagrant box add centos/7
for CentOS Linux 7.
Existing users can upgrade their boxes directly by Vagrant, e.g. vagrant box update --box centos/7
, but the changes will only apply to newly created instances.
If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos-devel on Freenode.
We would like to thank Nico Kadel-Garcia for his valuable insight on preventing sshd
from performing reverse DNS lookups.
So when this happened with the latest release "sshd password authentication is now disabled" this is not the default of how CentOS7 is setup. I had create an out of band management network where Vagrant stiches together the VMs. Now I can't use Ansible from that oob network since it can't login the first time to install SSH keys. Why did this change?
Latest box doesn't work. Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
By any chance, is there a corresponding Kickstart file shared that can be used to (re)build the same CentOS images available for download? It would be very helpful for making additional adjustments to the image if/when needed.
I was finally able to DL the centos/7 box and saw it does have the complete Kickstart file built during the build. As such, please disregard my question 😉
Good Job)))
It would be really nice to have a vmware_desktop version available as well.
How do you recommend those using packer virtualbox-ovf builder to ssh now as these sshd changes break builds now?
So might have answered this for myself finally, but for those who're using virtualbox-ovf builder they should use the vagrant insecure key instead of password authentication.