vagrant-rekey-ssh 0.1.1 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +8 -8
- data/Gemfile +1 -1
- data/README.md +5 -5
- data/lib/vagrant-rekey-ssh/actions/ssh_info.rb +5 -1
- data/lib/vagrant-rekey-ssh/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
---
|
|
2
2
|
!binary "U0hBMQ==":
|
|
3
3
|
metadata.gz: !binary |-
|
|
4
|
-
|
|
4
|
+
ZjNkMTYxOTliZDNiN2ZlMDU0ZTBjNDIwZDM2ZTdjMDRjNzEzOWRjMQ==
|
|
5
5
|
data.tar.gz: !binary |-
|
|
6
|
-
|
|
6
|
+
NzFkMTljMTRhMmEwYzgyYjQ2YjMwYTI0Y2QzZDMxMmZmY2JjMTU1OQ==
|
|
7
7
|
SHA512:
|
|
8
8
|
metadata.gz: !binary |-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
MjlhMzQ2NzAzOWRhZjUzMGI1ZjM1MjMxNmNiYzRjODMwZTE1NDJlZmNlMmVl
|
|
10
|
+
ZDUyYmMwNGEwYWNmNmJkNjYxYzkyMGZhNGI1OGE1ZmZlNjFlN2JiZDM1MDhi
|
|
11
|
+
MDlmOTA2OWRmYTg3MWNkZGJmODI5M2UyM2EwZDBkZDk2ZTQ0ZDE=
|
|
12
12
|
data.tar.gz: !binary |-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
MTRjMDlhZTI0ZDExNTVkZDI1M2YzZTM2MTU4M2I5Yzk0Y2VlNmNhMGI1MThl
|
|
14
|
+
M2ZkM2U4Zjk5ODE1NDI2OTU4NzE0OWYyNDYyZjIxM2VlYTcxYjVmZWUwMmY5
|
|
15
|
+
NTI5YjEwYWNlZjNlZmMyYzBmZmQyMDU0NWEwYzMwNzZjMWRkZDk=
|
data/Gemfile
CHANGED
|
@@ -7,6 +7,6 @@ group :development do
|
|
|
7
7
|
# We depend on Vagrant for development, but we don't add it as a
|
|
8
8
|
# gem dependency because we expect to be installed within the
|
|
9
9
|
# Vagrant environment itself using `vagrant plugin`.
|
|
10
|
-
gem "vagrant", :git => "https://github.com/mitchellh/vagrant.git"
|
|
10
|
+
# gem "vagrant", :git => "https://github.com/mitchellh/vagrant.git"
|
|
11
11
|
end
|
|
12
12
|
|
data/README.md
CHANGED
|
@@ -8,7 +8,7 @@ Rationale
|
|
|
8
8
|
---------
|
|
9
9
|
|
|
10
10
|
All Vagrant boxes come with the same ssh key and passwords installed. This
|
|
11
|
-
means anyone who can ssh into your VM
|
|
11
|
+
means anyone who can ssh into your VM will be able to authenticate to it
|
|
12
12
|
if they try the vagrant default credentials. Additionally, vagrant boxes
|
|
13
13
|
come with passwordless sudo privileges, so anyone able to SSH into your
|
|
14
14
|
box will be able to do whatever they want on it.
|
|
@@ -17,7 +17,7 @@ As of Vagrant 1.2.3, for the most part this doesn't matter, because you can
|
|
|
17
17
|
only access the Vagrant VM from localhost (previous versions allowed access
|
|
18
18
|
from any machine on your local network). However, this becomes *extremely*
|
|
19
19
|
important if you are using a vagrant box that is on a bridged network. If
|
|
20
|
-
your VM is on a bridged network
|
|
20
|
+
your VM is on a bridged network without other controls in place, that means
|
|
21
21
|
*anyone* who has access to your local network can SSH into your VM and get
|
|
22
22
|
root access on it. There are plenty of documented ways of breaking out of a
|
|
23
23
|
VM, so this is clearly a problem that needs to be addressed.
|
|
@@ -28,12 +28,12 @@ Since that isn't currently the case, I've created this plugin to help.
|
|
|
28
28
|
This solution
|
|
29
29
|
-------------
|
|
30
30
|
|
|
31
|
-
The first time that this plugin is
|
|
31
|
+
The first time that this plugin is run, it generates a unique SSH key and
|
|
32
32
|
stores it as `~/vagrant.d/less_insecure_private_key`. Whenever you run the
|
|
33
33
|
`vagrant provision` command, this plugin will run a script to check the
|
|
34
34
|
authorized keys for the vagrant user to determine if the insecure key
|
|
35
|
-
public key is present. If it is present, it will replace the key
|
|
36
|
-
public key for the generated
|
|
35
|
+
public key is present. If it is present, it will replace the insecure key
|
|
36
|
+
with the public key for the generated key pair.
|
|
37
37
|
|
|
38
38
|
Additionally, if the insecure public key is present, it will delete the
|
|
39
39
|
passwords for root and vagrant, so that you cannot login using a password.
|
|
@@ -28,7 +28,11 @@ module VagrantPlugins
|
|
|
28
28
|
if @machine.config.ssh.private_key_path.nil?
|
|
29
29
|
|
|
30
30
|
if ::File.exists?(rekey_sentinel_file)
|
|
31
|
-
|
|
31
|
+
if Vagrant::VERSION < "1.4.0"
|
|
32
|
+
@machine.config.ssh.private_key_path = ssh_key_path
|
|
33
|
+
else
|
|
34
|
+
@machine.config.ssh.private_key_path = [ssh_key_path]
|
|
35
|
+
end
|
|
32
36
|
end
|
|
33
37
|
|
|
34
38
|
# Vagrant < 1.4 only supports a single ssh key, do this differently
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: vagrant-rekey-ssh
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dustin Spicuzza
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2013-12-
|
|
11
|
+
date: 2013-12-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -80,7 +80,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
80
80
|
version: '0'
|
|
81
81
|
requirements: []
|
|
82
82
|
rubyforge_project:
|
|
83
|
-
rubygems_version: 2.1.
|
|
83
|
+
rubygems_version: 2.1.5
|
|
84
84
|
signing_key:
|
|
85
85
|
specification_version: 4
|
|
86
86
|
summary: Automatically secure vagrant boxes with a randomly generated SSH key
|