diff --git a/docs/base_boxes.md b/docs/base_boxes.md index c63b7cdc4..d4d41a296 100644 --- a/docs/base_boxes.md +++ b/docs/base_boxes.md @@ -21,8 +21,7 @@ are ones which contain the bare bones necessary for Vagrant to function. The bas requirements of a base box are as follows: * VirtualBox Guest Additions for shared folders, port forwarding, etc. -* SSH with basic username/password SSH authentication -* Password-less `sudo` for the main account +* SSH with key-based auth support for the vagrant user * Ruby & RubyGems to install Chef * Chef for provisioning support @@ -30,11 +29,12 @@ The above are absolutely _required_ of a base box in order to work properly with The versions of those requirements however are up to you, as long as they are working properly.
-

Isn't a password-less sudo a security risk? What about public/private keys?

+

What about password-based SSH? Why public/private keys?

- Since Vagrant targets development environments, security is not a major concern, and we - currently value simplicity over it. However, Vagrant is still young, and in the future we may - support keys, password sudo, etc. Right now though, these are not possible. + While Vagrant was initially released with password-based SSH support, this proved + to be difficult to support across multiple platforms. Instead, we switched to + supporting only key-based authentication which has made cross platform support + much easier.

@@ -99,13 +99,6 @@ you're installing the operating system from, and follow the install procedure.
  • Main account login: vagrant
  • Main account password: vagrant
    • -

    - Also keep in mind that, in order to simplify configurations, Vagrant make - assumptions about the main account login/password. It will assume the text - 'vagrant' for both values. If any of these are changed, you will need to - remember to specify them in the Vagrantfile using the appropriate configuration - methods before packaging the box. -

    ### Setup Permissions @@ -182,6 +175,22 @@ management tools, so the details won't be gone into here. If promoted, make sure SSH package is set to use **basic username/password authentication** and write down the username/password for later. +### Configure SSH Authentication with a Public Key + +Since Vagrant only supports key-based authentication for SSH, you must setup the SSH +user to use key-based authentication. This simply requires copying a public key into +`~/.ssh/authorized_keys`. + +If you plan on distributing this base box as a public box, Vagrant provides an +"insecure" pair of public and private keys which are [available here](http://github.com/mitchellh/vagrant/tree/master/keys/). +By using the public key in that box, any Vagrant installation will automatically +be able to connect to your box since Vagrant defaults to using that insecure private +key. + +If this box is meant to be private, we recommend you create your own custom +pair of keys and set that up. Users of your box can then specify the private key +you created by setting `config.ssh.private_key_path`. + ### Copy the MAC Address When the operating system was installed, it typically sets up the basic network devices @@ -216,12 +225,6 @@ look like, well commented to explain each option: {% highlight ruby %} Vagrant::Config.run do |config| - # SSH username - config.ssh.username = "vagrant" - - # SSH password - config.ssh.password = "vagrant" - # Forward the SSH port. The 'forward_port_key' should match the # name of the forwarded port. config.ssh.forwarded_port_key = "ssh"