Vagrant ssh 'Authentication failure. Retrying…' repeated error - keys mismatch, cant find fix

Kareem picture Kareem · Jul 29, 2016 · Viewed 12.2k times · Source

I've been experiencing an irritating issue that I cant get around.

I am trying to vagrant up a centos7 system in this environment:

  • Windows 10
  • Hyper-V (not anniversary update version)
  • Docker image "serveit/centos-7" or "bluefedora/hyperv-alpha-centos7"
  • OpenSSH installed, private key configured

The contents of my Vagrantfile:

Vagrant.configure("2") do |config|
  #config.vm.box = "serveit/centos-7"
  config.vm.box = "bluefedora/hyperv-alpha-centos7"
  config.ssh.private_key_path = "~/.vagrant.d/insecure_private_key"
  config.ssh.forward_agent = true
end

I am getting this error when doing a vagrant up:

PS C:\Programs\vagrant_stuff\centos7> vagrant up
Bringing machine 'default' up with 'hyperv' provider...
==> default: Verifying Hyper-V is enabled...
==> default: Importing a Hyper-V instance
    default: Cloning virtual hard drive...
    default: Creating and registering the VM...
    default: Successfully imported a VM with name: vagrantbox
==> default: Starting the machine...
==> default: Waiting for the machine to report its IP address...
    default: Timeout: 120 seconds
    default: IP: 192.168.137.6
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 192.168.137.6:22
    default: SSH username: vagrant
    default: SSH auth method: private key
    default:
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default:
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
Timed out while waiting for the machine to boot. This means that
Vagrant was unable to communicate with the guest machine within
the configured ("config.vm.boot_timeout" value) time period.

If you look above, you should be able to see the error(s) that
Vagrant had when attempting to connect to the machine. These errors
are usually good hints as to what may be wrong.

If you're using a custom box, make sure that networking is properly
working and you're able to connect to the machine. It is a common
problem that networking isn't setup properly in these boxes.
Verify that authentication configurations are also setup properly,
as well.

If the box appears to be booting properly, you may want to increase
the timeout ("config.vm.boot_timeout") value.

I can do an vagrant ssh-config:

Host default
  HostName 192.168.137.6
  User vagrant
  Port 22
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  PasswordAuthentication no
  IdentityFile C:/Users/Kareem/.vagrant.d/insecure_private_key
  IdentitiesOnly yes
  LogLevel FATAL
  ForwardAgent yes

I saw elsewhere that I should try vagrant halt and vagrant up to fix the issue. This didn't work.

I also deleted the .vagrant.d/insecure_private_key file and saw it was recreated. No problem, that's also expected.

Also vagrant ssh works with password:

PS C:\Programs\vagrant_stuff\centos7> vagrant ssh
[email protected]'s password:
[vagrant@localhost ~]$

So because I could SSH, I decided to check the .ssh/authorized_keys file:

[vagrant@localhost ~]$ cat .ssh/authorized_keys

[vagrant@localhost ~]$ cat /home/vagrant/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIRcYs0HBn/BOjiKg9fGnoraVxRnnZk+6sM3waFFE1+U3aO8GQjRKxQsYgJNoyRmNVymzpP13kOoLodDsz
UKhdcO6dL+zAtmhsFTgmADMXxVzM3mfRWfPG2HdsU13Pof77A68Ln6z6X4jVG4cnsclYvz67Gudl7lZ9VI2TOdDn1V+7ZANlkGnqejIwA2RVWtYLgLQHU9p4
47nvRqId71XaG8BZpbONRzzrL49wWyjfc4h6SdaHVJZJB6kY+vkr31xw6TPIIlo2UHH7Ihlk6KADNo4wFJYF+ozIA7C792omzjN1zu1SayvCYNG21yZy/cCd
n2Hr158Jy83A9CslQPbT vagrant

Dafuq is this key?!?! I'm quite sure this is not the public key that corresponds to Vagrant. This is also not my system public key. When I check the Vagrant Public key I get this:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9H
ZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHi
lFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRd
K8jlqm8tehUc9c9WhQ== vagrant insecure public key

Furthermore, if I update my Vagrantfile to use my system private key:

  #config.ssh.private_key_path = "~/.vagrant.d/insecure_private_key"
  config.ssh.private_key_path = "~/.ssh/id_rsa"

I get a different public key in the VM, which is the Vagrant Public key:

[vagrant@localhost ~]$ cat /home/vagrant/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9H
ZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHi
lFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRd
K8jlqm8tehUc9c9WhQ== vagrant insecure public key

I also see that the provisioning process does not insert a new key. This all seems backwards, I thought that the key should only be updated if I use my private key, and that it should use my own.

HELP!

Can anyone help me find out why this is happening?

Answer

Kareem picture Kareem · Aug 1, 2016

Turns out, there is a known bug in Vagrant 1.8.5 (Will be fixed in 1.8.6):

Details here

If you are using 1.8.5, you can download the updated version from PR #7611 using PowerShell:

[IO.File]::WriteAllLines("C:\HashiCorp\Vagrant\embedded\gems\gems\vagrant-1.8.5\plugins\guests\linux\cap\public_key.rb", (Invoke-WebRequest -Uri https://raw.githubusercontent.com/Poohblah/vagrant/41063204ca540c44f9555bd11ba9e76c7307bec5/plugins/guests/linux/cap/public_key.rb).Content)