Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSHFS mount fails, too many keys in agent #88

Open
00willo opened this issue Jan 29, 2018 · 13 comments
Open

SSHFS mount fails, too many keys in agent #88

00willo opened this issue Jan 29, 2018 · 13 comments

Comments

@00willo
Copy link

00willo commented Jan 29, 2018

Steps to reproduce:

$ mkdir centos-vagrant; cd centos-vagrant
$ vagrant init centos/7

Edit the Vagrantfile to add config.vm.synced_folder "./", "/home/vagrant", type: "sshfs"

$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'centos/7'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'centos/7' is up to date...
==> default: Setting the name of the VM: centos-vagrant_default_1517198952942_168
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: 
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default: 
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
    default: No guest additions were detected on the base box for this VM! Guest
    default: additions are required for forwarded ports, shared folders, host only
    default: networking, and more. If SSH fails on this machine, please install
    default: the guest additions and repackage the box to continue.
    default: 
    default: This is not an error message; everything may continue to work properly,
    default: in which case you may ignore this message.
==> default: Rsyncing folder: /home/willo/centos-vagrant/ => /vagrant
==> default: Installing SSHFS client...
==> default: Mounting SSHFS shared folder...
==> default: Mounting folder via SSHFS: /home/willo/centos-vagrant => /home/vagrant
==> default: Checking Mount..
==> default: Checking Mount..
==> default: Checking Mount..
==> default: Checking Mount..
==> default: Checking Mount..
==> default: Checking Mount..
==> default: Checking Mount..
Mounting SSHFS shared folder via slave SSHFS mount failed. Please
look at the below STDERR output from the processes that were run.

SSH command:

Warning: Permanently added '[127.0.0.1]:2222' (RSA) to the list of known hosts.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).


SFTP command:

Various package details from my macOS High Sierra (10.13.2).

$ brew cask info vagrant
vagrant: 2.0.1
https://www.vagrantup.com/
/usr/local/Caskroom/vagrant/2.0.1 (3 files, 70.4MB)
From: https://github.com/caskroom/homebrew-cask/blob/master/Casks/vagrant.rb
==> Name
Vagrant
==> Artifacts
vagrant.pkg (Pkg)

$ brew cask info virtualbox
virtualbox: 5.2.6-120293
https://www.virtualbox.org/
/usr/local/Caskroom/virtualbox/5.2.6-120293 (3 files, 91MB)
From: https://github.com/caskroom/homebrew-cask/blob/master/Casks/virtualbox.rb
==> Name
Oracle VirtualBox
==> Artifacts
VirtualBox.pkg (Pkg)
==> Caveats
To install and/or use virtualbox you may need to enable their kernel extension in

  System Preferences → Security & Privacy → General

For more information refer to vendor documentation or the Apple Technical Note:

  https://developer.apple.com/library/content/technotes/tn2459/_index.html

$ vagrant plugin list
vagrant-share (1.1.9, system)
vagrant-sshfs (1.3.0)

I was able to reproduce on CentOS 6.9 with the same procedure, where'd I'd never used vagrant or VirtualBox in the past.

$ rpm -qa |grep VirtualBox
VirtualBox-5.2-5.2.6_120293_el6-1.x86_64

$ vagrant --version
Vagrant 2.0.1

$ vagrant plugin list
vagrant-share (1.1.9, system)
vagrant-sshfs (1.3.0)
@00willo
Copy link
Author

00willo commented Jan 29, 2018

I saw issue #26 and I appear to be getting similar results.

Further to this, I also get the same error and outcome using fedora/27-cloud-base as well.

@00willo
Copy link
Author

00willo commented Jan 29, 2018

OK, this may not really be an issue. So, as it turns out you shouldn't attempt to setup a synced folder over the top of the vagrant user's home directory. (facepalm). One guess what's no longer available..... If you said the .ssh folder containing the authorized_keys file, you get to Advance to Go (collect $200). :)

To help those out on how to debug something like this. You can do this:

  • enabled the GUI in the virtualbox provider and vagrant reload
  • log in to the machine via the virtualbox GUI interface
  • stop sshd
  • start sshd on console in debug mode.
  • do a vagrant ssh in your other terminal as usual.
  • it showed Could not open authorized keys '/home/vagrant/.ssh/authorized_keys': No such file or directory

I noticed that ls -la in the home directory itself (which showed a .ssh folder) gave different results to ls -la /home/vagrant (this did not have a .ssh folder). I was confused for a while, and it had me stumped how they were different. It then clicked that I was seeing the synced folder when specifying the full path.

So, now, let me retest, if after resolving that part of, well, let's call it my issue for now (hahah), to see if there's anything remaining here.

@00willo
Copy link
Author

00willo commented Jan 29, 2018

Alright, I've confirmed that I'm only getting this problem on the Mac running virtualbox. I copied the exact Vagrantfile between the two and the CentOS mounts the sshfs no problem. In both cases I removed all boxes and destroyed all existing vagrant machines.

It appears to be specific to vagrant-sshfs on Mac as I can vagrant ssh immediately without a problem.

==> default: Installing SSHFS client...
==> default: Mounting SSHFS shared folder...
==> default: Mounting folder via SSHFS: /Users/willo/centos-vagrant => /home/vagrant/data
==> default: Checking Mount..
==> default: Checking Mount..
==> default: Checking Mount..
==> default: Checking Mount..
==> default: Checking Mount..
==> default: Checking Mount..
==> default: Checking Mount..
Mounting SSHFS shared folder via slave SSHFS mount failed. Please
look at the below STDERR output from the processes that were run.

SSH command:


Warning: Permanently added '[127.0.0.1]:2201' (ECDSA) to the list of known hosts.
Received disconnect from 127.0.0.1 port 2201:2: Too many authentication failures
Disconnected from 127.0.0.1 port 2201



SFTP command:


willo-MBP:centos-vagrant willo$ vagrant ssh
Last login: Mon Jan 29 07:22:06 2018 from 10.0.2.2
[vagrant@localhost ~]$ ls

It doesn't appear to be box related either, as the same SSHFS mount fails in fedora/27-cloud-base for me as well.

I'm relatively new to Vagrant, anything else that'd be useful to further fault find?

@dustymabe
Copy link
Owner

do you use an ssh-agent and do you have a lot of keys currently in the agent?

@00willo
Copy link
Author

00willo commented Jan 29, 2018

Yes, and I have a few keys in my agent, and more than I first thought actually. I need to clean some of them up, but I'll still have about 4 or 5 left after I finish.

@dustymabe
Copy link
Owner

If you remove some keys from the agent does it work?

@00willo
Copy link
Author

00willo commented Jan 29, 2018

I removed all my keys and it works. Due to my config, it didn't click with me that I was adding a new key to the agent everytime I created a new vagrant machine.

Added the following to my ssh client config to stop that behaviour for using Vagrant

Host 127.0.0.1
  AddKeysToAgent no

I can submit a pull request to update the README FAQ with some information in the next day or two if you'd like.

@dustymabe dustymabe changed the title SSHFS mount fails with CentOS 7 Vagrant box SSHFS mount fails, too many keys in agent Feb 11, 2018
dustymabe added a commit that referenced this issue Feb 12, 2018
If a user has set AddKeysToAgent=yes in their ssh config then the
temporary SSH key that vagrant creates could get added to their agent
each time an SSHFS mount is performed for a different machine. Let's
disable that.

Fixes #88
@nphilipp
Copy link

nphilipp commented Apr 2, 2019

I think I'm running into the same or a similar problem (on current git master of both vagrant & -sshfs).

With this Vagrantfile...:

Vagrant.configure(2) do |config|
  config.vm.box = "fedora/29-cloud-base"
  config.vm.synced_folder ".", "/home/vagrant/test", type: "sshfs"

  config.vm.define "test" do |test|
    test.vm.host_name = "test-dev.example.com"

    test.vm.provider :libvirt do |domain|
        # Season to taste
        domain.cpus = 8
        domain.cpu_mode = "host-passthrough"
        domain.graphics_type = "spice"
    end
  end
end

...I have to run it like SSH_AUTH_SOCK= vagrant up for the SSHFS mount to work.

@dustymabe
Copy link
Owner

yeah it just means that you have too many keys in your agent most likely added by you) and the remote SSH daemon kicks you out early. You can try adding sshfs_opts_append: "-o IdentityAgent=none" in your Vagrant config to work around this. It's essentially the equivalent of running SSH_AUTH_SOCK= vagrant up.

Let me know if it works!

@bexelbie
Copy link

bexelbie commented Jun 9, 2019

I just hit this. I also have a lot of SSH keys and they are actually served by GPG. the sshfs_opts_append didn't work, but SSH_AUTH_SOCK= did ...

F30 host, 20190604 F31/rawhide-cloud-base guest

@lhirlimann
Copy link

ditto AUTH work while the option doesn't.

@lxhg
Copy link

lxhg commented Apr 20, 2022

Got same problem with bunch of keys in agent. Given workaround with SSH_AUTH_SOCK= does work.

yeah it just means that you have too many keys in your agent most likely added by you) and the remote SSH daemon kicks you out early. You can try adding sshfs_opts_append: "-o IdentityAgent=none" in your Vagrant config to work around this. It's essentially the equivalent of running SSH_AUTH_SOCK= vagrant up.

Let me know if it works!

This works but you need to give this option to other ssh ssh_opts_append: "-o IdentityAgent=none". Maybe this option should be default? Not sure if there is downsides to this solution.

@waipeng
Copy link

waipeng commented Apr 20, 2022

I have a Yubikey and found out that it did not work with the Yubikey plugged in. Using SSH_AUTH_SOCK= vagrant up works, but not sshfs_opts_append: "-o IdentityAgent=none"

I was a bit confused at first because I thought agent keys were not being used by Vagrant by default, with the config-ssh-keys_only option.

Then I realised that sshfs is a separate plugin. Does it not respect config-ssh-keys_only?

Also, did it not work because in my ssh-add -l, the Yubikey is listed as the first key?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants