vagrant-rekey-ssh 0.1.1 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/Gemfile +1 -1
- data/README.md +5 -5
- data/lib/vagrant-rekey-ssh/actions/ssh_info.rb +5 -1
- data/lib/vagrant-rekey-ssh/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
ZjNkMTYxOTliZDNiN2ZlMDU0ZTBjNDIwZDM2ZTdjMDRjNzEzOWRjMQ==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
NzFkMTljMTRhMmEwYzgyYjQ2YjMwYTI0Y2QzZDMxMmZmY2JjMTU1OQ==
|
7
7
|
SHA512:
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
MjlhMzQ2NzAzOWRhZjUzMGI1ZjM1MjMxNmNiYzRjODMwZTE1NDJlZmNlMmVl
|
10
|
+
ZDUyYmMwNGEwYWNmNmJkNjYxYzkyMGZhNGI1OGE1ZmZlNjFlN2JiZDM1MDhi
|
11
|
+
MDlmOTA2OWRmYTg3MWNkZGJmODI5M2UyM2EwZDBkZDk2ZTQ0ZDE=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
MTRjMDlhZTI0ZDExNTVkZDI1M2YzZTM2MTU4M2I5Yzk0Y2VlNmNhMGI1MThl
|
14
|
+
M2ZkM2U4Zjk5ODE1NDI2OTU4NzE0OWYyNDYyZjIxM2VlYTcxYjVmZWUwMmY5
|
15
|
+
NTI5YjEwYWNlZjNlZmMyYzBmZmQyMDU0NWEwYzMwNzZjMWRkZDk=
|
data/Gemfile
CHANGED
@@ -7,6 +7,6 @@ group :development do
|
|
7
7
|
# We depend on Vagrant for development, but we don't add it as a
|
8
8
|
# gem dependency because we expect to be installed within the
|
9
9
|
# Vagrant environment itself using `vagrant plugin`.
|
10
|
-
gem "vagrant", :git => "https://github.com/mitchellh/vagrant.git"
|
10
|
+
# gem "vagrant", :git => "https://github.com/mitchellh/vagrant.git"
|
11
11
|
end
|
12
12
|
|
data/README.md
CHANGED
@@ -8,7 +8,7 @@ Rationale
|
|
8
8
|
---------
|
9
9
|
|
10
10
|
All Vagrant boxes come with the same ssh key and passwords installed. This
|
11
|
-
means anyone who can ssh into your VM
|
11
|
+
means anyone who can ssh into your VM will be able to authenticate to it
|
12
12
|
if they try the vagrant default credentials. Additionally, vagrant boxes
|
13
13
|
come with passwordless sudo privileges, so anyone able to SSH into your
|
14
14
|
box will be able to do whatever they want on it.
|
@@ -17,7 +17,7 @@ As of Vagrant 1.2.3, for the most part this doesn't matter, because you can
|
|
17
17
|
only access the Vagrant VM from localhost (previous versions allowed access
|
18
18
|
from any machine on your local network). However, this becomes *extremely*
|
19
19
|
important if you are using a vagrant box that is on a bridged network. If
|
20
|
-
your VM is on a bridged network
|
20
|
+
your VM is on a bridged network without other controls in place, that means
|
21
21
|
*anyone* who has access to your local network can SSH into your VM and get
|
22
22
|
root access on it. There are plenty of documented ways of breaking out of a
|
23
23
|
VM, so this is clearly a problem that needs to be addressed.
|
@@ -28,12 +28,12 @@ Since that isn't currently the case, I've created this plugin to help.
|
|
28
28
|
This solution
|
29
29
|
-------------
|
30
30
|
|
31
|
-
The first time that this plugin is
|
31
|
+
The first time that this plugin is run, it generates a unique SSH key and
|
32
32
|
stores it as `~/vagrant.d/less_insecure_private_key`. Whenever you run the
|
33
33
|
`vagrant provision` command, this plugin will run a script to check the
|
34
34
|
authorized keys for the vagrant user to determine if the insecure key
|
35
|
-
public key is present. If it is present, it will replace the key
|
36
|
-
public key for the generated
|
35
|
+
public key is present. If it is present, it will replace the insecure key
|
36
|
+
with the public key for the generated key pair.
|
37
37
|
|
38
38
|
Additionally, if the insecure public key is present, it will delete the
|
39
39
|
passwords for root and vagrant, so that you cannot login using a password.
|
@@ -28,7 +28,11 @@ module VagrantPlugins
|
|
28
28
|
if @machine.config.ssh.private_key_path.nil?
|
29
29
|
|
30
30
|
if ::File.exists?(rekey_sentinel_file)
|
31
|
-
|
31
|
+
if Vagrant::VERSION < "1.4.0"
|
32
|
+
@machine.config.ssh.private_key_path = ssh_key_path
|
33
|
+
else
|
34
|
+
@machine.config.ssh.private_key_path = [ssh_key_path]
|
35
|
+
end
|
32
36
|
end
|
33
37
|
|
34
38
|
# Vagrant < 1.4 only supports a single ssh key, do this differently
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vagrant-rekey-ssh
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dustin Spicuzza
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2013-12-
|
11
|
+
date: 2013-12-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -80,7 +80,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
80
80
|
version: '0'
|
81
81
|
requirements: []
|
82
82
|
rubyforge_project:
|
83
|
-
rubygems_version: 2.1.
|
83
|
+
rubygems_version: 2.1.5
|
84
84
|
signing_key:
|
85
85
|
specification_version: 4
|
86
86
|
summary: Automatically secure vagrant boxes with a randomly generated SSH key
|