问题 流浪者的CoreOS身份验证失败


我今天尝试使用CoreOS。所以我只是试着跟着 开始指南 并执行以下命令:

git clone https://github.com/coreos/coreos-vagrant.git

cd coreos-vagrant

vagrant up

coreos-vagrant的文件夹有一些配置资源,如:config.rb和user-data

config.rb:

$update_channel='alpha'

用户数据:

#cloud-config

coreos:
  etcd:
    addr: $public_ipv4:4001
    peer-addr: $public_ipv4:7001
  fleet:
    public-ip: $public_ipv4
  units:
    - name: etcd.service
      command: start
    - name: fleet.service
      command: start

users:
  - name: carbonell
    passwd: $1$BulVX1y9$8W/3RHZAed3fb.wmbZYGi0
    groups:
      - docker

命令结果:

devops@devops-server:~/workspace/coreos-vagrant$ vagrant up
Bringing machine 'core-01' up with 'virtualbox' provider...
==> core-01: Importing base box 'coreos-alpha'...
==> core-01: Matching MAC address for NAT networking...
==> core-01: Setting the name of the VM: coreos-vagrant_core-01_1405929178704_22375
==> core-01: Clearing any previously set network interfaces...
==> core-01: Preparing network interfaces based on configuration...
    core-01: Adapter 1: nat
    core-01: Adapter 2: hostonly
==> core-01: Forwarding ports...
    core-01: 22 => 2222 (adapter 1)
==> core-01: Running 'pre-boot' VM customizations...
==> core-01: Booting VM...
==> core-01: Waiting for machine to boot. This may take a few minutes...
    core-01: SSH address: 127.0.0.1:2222
    core-01: SSH username: vagrant
    core-01: SSH auth method: private key
    core-01: Warning: Connection timeout. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
    core-01: Warning: Authentication failure. Retrying...
Timed out while waiting for the machine to boot. This means that
Vagrant was unable to communicate with the guest machine within
the configured ("config.vm.boot_timeout" value) time period.

If you look above, you should be able to see the error(s) that
Vagrant had when attempting to connect to the machine. These errors
are usually good hints as to what may be wrong.

If you're using a custom box, make sure that networking is properly
working and you're able to connect to the machine. It is a common
problem that networking isn't setup properly in these boxes.
Verify that authentication configurations are also setup properly,
as well.

二级参考: https://github.com/coreos/coreos-vagrant.git


11463
2017-07-21 14:21


起源



答案:


你为Vagrant添加了ssh密钥吗?

$ ssh-add ~/.vagrant.d/insecure_private_key
Identity added: /Users/core/.vagrant.d/insecure_private_key (/Users/core/.vagrant.d/insecure_private_key)
$ vagrant ssh core-01 -- -A

参考: http://coreos.com/docs/quickstart/


5
2017-07-22 09:32



谢谢@doppioslash,你的回答是关键,但出于某种原因,我需要在你的建议之前执行2命令:(1) eval "ssh-agent" (2) echo $SSH_AUTH_SOCK 然后我准备执行(3) ssh-add ~/.vagrant.d/insecure_private_key - kikicarbonell
注意:在这个问题之后,我提出了其他并发症,继续使用Vagrant和CoreOS,你可以在[下一个问题] [1]上看到。当我将我的CoreOS盒更新到版本367.1.0时,解决了我的所有问题(当前问题和下一个问题)。 [1]: stackoverflow.com/questions/24891209/... - kikicarbonell


答案:


你为Vagrant添加了ssh密钥吗?

$ ssh-add ~/.vagrant.d/insecure_private_key
Identity added: /Users/core/.vagrant.d/insecure_private_key (/Users/core/.vagrant.d/insecure_private_key)
$ vagrant ssh core-01 -- -A

参考: http://coreos.com/docs/quickstart/


5
2017-07-22 09:32



谢谢@doppioslash,你的回答是关键,但出于某种原因,我需要在你的建议之前执行2命令:(1) eval "ssh-agent" (2) echo $SSH_AUTH_SOCK 然后我准备执行(3) ssh-add ~/.vagrant.d/insecure_private_key - kikicarbonell
注意:在这个问题之后,我提出了其他并发症,继续使用Vagrant和CoreOS,你可以在[下一个问题] [1]上看到。当我将我的CoreOS盒更新到版本367.1.0时,解决了我的所有问题(当前问题和下一个问题)。 [1]: stackoverflow.com/questions/24891209/... - kikicarbonell


Vagrant具有在启动时替换不安全私钥的功能:

core-01: 
core-01: Vagrant insecure key detected. Vagrant will automatically replace
core-01: this with a newly generated keypair for better security.
core-01: 
core-01: Inserting generated public key within guest...
core-01: Removing insecure key from the guest if its present...
core-01: Key inserted! Disconnecting and reconnecting using new SSH key...

然而,在CoreOS上以某种方式,被替换的私钥会丢失 vagrant reload,那么有助于删除机器私钥,e.i。

rm .vagrant/machines/core-01/virtualbox/private_key

5
2017-11-13 12:34



我放了 config.ssh.insert_key = false 在里面 Vagrantfile 而不是在每次启动VM之前删除密钥。 - Seybsen
这个简单的解决方案适合我! - gigi2


对我来说,这是通过改变vagrant home directort中的.ssh文件夹的权限来解决的(即“~vagrant / .ssh”)。当我为我的应用程序设置ssh密钥时,我想我搞砸了权限。

似乎'authorized_keys'文件必须仅为'vagrant'用户'rw',所以“chmod 600 authorized_keys”;目录本身及其父目录也是如此:

所以:

chmod 600 authorized_keys
chmod 700 .
chmod 700 ..

这是在我之后 所有 这些权限恢复了,vagrant ssh再次开始工作。

我认为这与ssh安全性有关。它拒绝识别证书,如果它们在当前用户之外可以访问,那么流浪者尝试登录就会被拒绝。


0
2018-01-26 16:27