From 5442860c148cacbea8c9740ba347c4a54a2eaffe Mon Sep 17 00:00:00 2001 From: Christopher Glass Date: Mon, 21 Aug 2017 11:09:18 +0200 Subject: [PATCH 01/13] Added a "vagrant" user to the vagrant image build, as per the vagrant community's expectations. --- .../ubuntu-cpc/hooks/042-vagrant.binary | 30 +++++++++++++++++-- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index ed45e44c..b675f58a 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -93,13 +93,36 @@ ubuntu_user_pass=$(openssl rand -hex 12) cdrom_vmdk_f="${box_d}/${prefix}-configdrive.vmdk" + +# Create and setup users inside the image. +# Vagrant users expect a "vagrant" user with a "vagrant" username, and that the +# root password is set to "vagrant" as well. +# See https://www.vagrantup.com/docs/boxes/base.html +chroot ${mount_d} useradd -m vagrant -s /bin/bash +echo "root:vagrant" | chroot ${mount_d} chpasswd +echo "vagrant:vagrant" | chroot ${mount_d} chpasswd + +# The vagrant user should have passwordless sudo. +cat << EOF > ${mount_d}/etc/sudoers.d/vagrant +vagrant ALL=(ALL) NOPASSWD:ALL +EOF + +# Add the insecure vagrant pubkey to the vagrant user, as is expected by the +# vagrant ecosystem (https://www.vagrantup.com/docs/boxes/base.html) +chroot ${mout_d} chmod 0440 /etc/sudoers.d/vagrant +chroot ${mount_d} mkdir -p /home/vagrant/.ssh +chroot ${mount_d} chown -R vagrant: /home/vagrant/.ssh +cat << EOF > ${mount_d}/home/vagrant/.ssh/authorized_keys +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key +EOF + # Create the user-data. This is totally insecure, but so is Vagrant. To # mitigate this insecurity, the vagrant instance is not accessible # except via local host. cat > ${seed_d}/user-data < ${box_d}/Vagrantfile < Date: Thu, 24 Aug 2017 19:17:17 +0200 Subject: [PATCH 02/13] Turns out the user adding should be done when the chroot is available... --- .../ubuntu-cpc/hooks/042-vagrant.binary | 45 ++++++++++--------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index b675f58a..67597a5e 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -67,6 +67,29 @@ chroot ${mount_d} apt-get update # avoid pulling into a cloud image. chroot ${mount_d} apt-get install --no-install-recommends -y virtualbox-guest-utils chroot ${mount_d} apt-get clean + +# Create and setup users inside the image. +# Vagrant users expect a "vagrant" user with a "vagrant" username, and that the +# root password is set to "vagrant" as well. +# See https://www.vagrantup.com/docs/boxes/base.html +chroot ${mount_d} useradd -m vagrant -s /bin/bash +echo "root:vagrant" | chroot ${mount_d} chpasswd +echo "vagrant:vagrant" | chroot ${mount_d} chpasswd + +# The vagrant user should have passwordless sudo. +cat << EOF > ${mount_d}/etc/sudoers.d/vagrant +vagrant ALL=(ALL) NOPASSWD:ALL +EOF + +# Add the insecure vagrant pubkey to the vagrant user, as is expected by the +# vagrant ecosystem (https://www.vagrantup.com/docs/boxes/base.html) +chroot ${mout_d} chmod 0440 /etc/sudoers.d/vagrant +chroot ${mount_d} mkdir -p /home/vagrant/.ssh +chroot ${mount_d} chown -R vagrant: /home/vagrant/.ssh +cat << EOF > ${mount_d}/home/vagrant/.ssh/authorized_keys +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key +EOF + umount_disk_image "$mount_d" rmdir "$mount_d" @@ -94,28 +117,6 @@ ubuntu_user_pass=$(openssl rand -hex 12) cdrom_vmdk_f="${box_d}/${prefix}-configdrive.vmdk" -# Create and setup users inside the image. -# Vagrant users expect a "vagrant" user with a "vagrant" username, and that the -# root password is set to "vagrant" as well. -# See https://www.vagrantup.com/docs/boxes/base.html -chroot ${mount_d} useradd -m vagrant -s /bin/bash -echo "root:vagrant" | chroot ${mount_d} chpasswd -echo "vagrant:vagrant" | chroot ${mount_d} chpasswd - -# The vagrant user should have passwordless sudo. -cat << EOF > ${mount_d}/etc/sudoers.d/vagrant -vagrant ALL=(ALL) NOPASSWD:ALL -EOF - -# Add the insecure vagrant pubkey to the vagrant user, as is expected by the -# vagrant ecosystem (https://www.vagrantup.com/docs/boxes/base.html) -chroot ${mout_d} chmod 0440 /etc/sudoers.d/vagrant -chroot ${mount_d} mkdir -p /home/vagrant/.ssh -chroot ${mount_d} chown -R vagrant: /home/vagrant/.ssh -cat << EOF > ${mount_d}/home/vagrant/.ssh/authorized_keys -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key -EOF - # Create the user-data. This is totally insecure, but so is Vagrant. To # mitigate this insecurity, the vagrant instance is not accessible # except via local host. From c0730ef6f61653e7420a023cac2e6910eaa9c916 Mon Sep 17 00:00:00 2001 From: Christopher Glass Date: Thu, 24 Aug 2017 21:19:30 +0200 Subject: [PATCH 03/13] Fix typo in variable name. --- live-build/ubuntu-cpc/hooks/042-vagrant.binary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index 67597a5e..1c8b8fbd 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -83,7 +83,7 @@ EOF # Add the insecure vagrant pubkey to the vagrant user, as is expected by the # vagrant ecosystem (https://www.vagrantup.com/docs/boxes/base.html) -chroot ${mout_d} chmod 0440 /etc/sudoers.d/vagrant +chroot ${mount_d} chmod 0440 /etc/sudoers.d/vagrant chroot ${mount_d} mkdir -p /home/vagrant/.ssh chroot ${mount_d} chown -R vagrant: /home/vagrant/.ssh cat << EOF > ${mount_d}/home/vagrant/.ssh/authorized_keys From b9363e97fba9d3d801a2d1a8b205a95892c6dd5b Mon Sep 17 00:00:00 2001 From: Christopher Glass Date: Fri, 25 Aug 2017 08:37:18 +0200 Subject: [PATCH 04/13] Explicitely permit passworded root login over SSH. --- live-build/ubuntu-cpc/hooks/042-vagrant.binary | 3 +++ 1 file changed, 3 insertions(+) diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index 1c8b8fbd..09edf199 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -81,6 +81,9 @@ cat << EOF > ${mount_d}/etc/sudoers.d/vagrant vagrant ALL=(ALL) NOPASSWD:ALL EOF +# We should permit root login with password :( +sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/g' ${mount_d}/etc/ssh/sshd_config + # Add the insecure vagrant pubkey to the vagrant user, as is expected by the # vagrant ecosystem (https://www.vagrantup.com/docs/boxes/base.html) chroot ${mount_d} chmod 0440 /etc/sudoers.d/vagrant From 1cc6041cd691d11b4d18c7d2ec8bf4cdf42d9931 Mon Sep 17 00:00:00 2001 From: Christopher Glass Date: Fri, 25 Aug 2017 12:05:29 +0200 Subject: [PATCH 05/13] Remove root login. Ubuntu user keeps generated password. --- live-build/ubuntu-cpc/hooks/042-vagrant.binary | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index 09edf199..1f9e5de5 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -69,11 +69,9 @@ chroot ${mount_d} apt-get install --no-install-recommends -y virtualbox-guest-ut chroot ${mount_d} apt-get clean # Create and setup users inside the image. -# Vagrant users expect a "vagrant" user with a "vagrant" username, and that the -# root password is set to "vagrant" as well. +# Vagrant users expect a "vagrant" user with a "vagrant" username. # See https://www.vagrantup.com/docs/boxes/base.html chroot ${mount_d} useradd -m vagrant -s /bin/bash -echo "root:vagrant" | chroot ${mount_d} chpasswd echo "vagrant:vagrant" | chroot ${mount_d} chpasswd # The vagrant user should have passwordless sudo. @@ -82,7 +80,7 @@ vagrant ALL=(ALL) NOPASSWD:ALL EOF # We should permit root login with password :( -sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/g' ${mount_d}/etc/ssh/sshd_config +#sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/g' ${mount_d}/etc/ssh/sshd_config # Add the insecure vagrant pubkey to the vagrant user, as is expected by the # vagrant ecosystem (https://www.vagrantup.com/docs/boxes/base.html) @@ -125,7 +123,7 @@ cdrom_vmdk_f="${box_d}/${prefix}-configdrive.vmdk" # except via local host. cat > ${seed_d}/user-data < Date: Fri, 25 Aug 2017 12:59:53 +0200 Subject: [PATCH 06/13] Reset the default SSH user to being vagrant. Using "vagrant ssh" is confusing otherwise. --- live-build/ubuntu-cpc/hooks/042-vagrant.binary | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index 1f9e5de5..01895872 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -167,8 +167,8 @@ load include_vagrantfile if File.exist?(include_vagrantfile) ## We also have an "ubuntu" user with pass "${ubuntu_user_pass}" Vagrant.configure("2") do |config| config.vm.base_mac = "${macaddr}" - config.ssh.username = "ubuntu" - config.ssh.password = "${ubuntu_user_pass}" + config.ssh.username = "vagrant" + config.ssh.password = "vagrant" config.vm.provider "virtualbox" do |vb| vb.customize [ "modifyvm", :id, "--uart1", "0x3F8", "4" ] From 72dbb4c75dd21fc78c1f8358bf9d24136ad8835a Mon Sep 17 00:00:00 2001 From: Christopher Glass Date: Fri, 25 Aug 2017 13:19:21 +0200 Subject: [PATCH 07/13] Added comments. --- live-build/ubuntu-cpc/hooks/042-vagrant.binary | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index 01895872..518c7d43 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -71,6 +71,7 @@ chroot ${mount_d} apt-get clean # Create and setup users inside the image. # Vagrant users expect a "vagrant" user with a "vagrant" username. # See https://www.vagrantup.com/docs/boxes/base.html +# Note: We decided NOT to allow root login with a default password. chroot ${mount_d} useradd -m vagrant -s /bin/bash echo "vagrant:vagrant" | chroot ${mount_d} chpasswd @@ -79,9 +80,6 @@ cat << EOF > ${mount_d}/etc/sudoers.d/vagrant vagrant ALL=(ALL) NOPASSWD:ALL EOF -# We should permit root login with password :( -#sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/g' ${mount_d}/etc/ssh/sshd_config - # Add the insecure vagrant pubkey to the vagrant user, as is expected by the # vagrant ecosystem (https://www.vagrantup.com/docs/boxes/base.html) chroot ${mount_d} chmod 0440 /etc/sudoers.d/vagrant From 97c8996c2978a89d0edd02437d3fd02337a7d18d Mon Sep 17 00:00:00 2001 From: Christopher Glass Date: Fri, 25 Aug 2017 16:57:36 +0200 Subject: [PATCH 08/13] Remove the useless user and password from default config. --- live-build/ubuntu-cpc/hooks/042-vagrant.binary | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index 518c7d43..87cdd4a2 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -121,7 +121,7 @@ cdrom_vmdk_f="${box_d}/${prefix}-configdrive.vmdk" # except via local host. cat > ${seed_d}/user-data < Date: Fri, 25 Aug 2017 17:02:52 +0200 Subject: [PATCH 09/13] Remove useless diff. --- live-build/ubuntu-cpc/hooks/042-vagrant.binary | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index 87cdd4a2..43f69734 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -115,14 +115,13 @@ ubuntu_user_pass=$(openssl rand -hex 12) cdrom_vmdk_f="${box_d}/${prefix}-configdrive.vmdk" - # Create the user-data. This is totally insecure, but so is Vagrant. To # mitigate this insecurity, the vagrant instance is not accessible # except via local host. cat > ${seed_d}/user-data < Date: Tue, 29 Aug 2017 09:23:33 +0200 Subject: [PATCH 10/13] Remove ubuntu user customisations. Let's just do the absolute minimum here, the default is what people expect. --- live-build/ubuntu-cpc/hooks/042-vagrant.binary | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index 43f69734..79d8c201 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -102,12 +102,6 @@ prefix="${distro}-${suite}-${version}-cloudimg" vmdk_f="${box_d}/${prefix}.vmdk" create_vmdk ${derivative_img} ${vmdk_f} -# Vagrant needs a base user. We either inject the well-known SSH key -# or use password authentication. Both are ugly. So we'll use a password -# and make it random. This obviously is insecure...but at least its -# better than the alternatives. -ubuntu_user_pass=$(openssl rand -hex 12) - #################################### # Create the ConfigDrive # This is a cloud-init piece that instructs cloud-init to configure @@ -120,9 +114,6 @@ cdrom_vmdk_f="${box_d}/${prefix}-configdrive.vmdk" # except via local host. cat > ${seed_d}/user-data < ${box_d}/Vagrantfile < Date: Tue, 29 Aug 2017 16:27:03 +0200 Subject: [PATCH 11/13] Fix file permission problem - the authorized_keys file was still owned by root since the chown call came before its creation. --- live-build/ubuntu-cpc/hooks/042-vagrant.binary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index 79d8c201..dfd62f06 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -84,10 +84,10 @@ EOF # vagrant ecosystem (https://www.vagrantup.com/docs/boxes/base.html) chroot ${mount_d} chmod 0440 /etc/sudoers.d/vagrant chroot ${mount_d} mkdir -p /home/vagrant/.ssh -chroot ${mount_d} chown -R vagrant: /home/vagrant/.ssh cat << EOF > ${mount_d}/home/vagrant/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key EOF +chroot ${mount_d} chown -R vagrant: /home/vagrant/.ssh umount_disk_image "$mount_d" rmdir "$mount_d" From e79827691091c9c2161f12e34fc94946a0b1d660 Mon Sep 17 00:00:00 2001 From: Christopher Glass Date: Fri, 1 Sep 2017 18:21:53 +0200 Subject: [PATCH 12/13] Fixed review comments by Adam. - use adduser instead of useradd. --- live-build/ubuntu-cpc/hooks/042-vagrant.binary | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index dfd62f06..5851100c 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -72,7 +72,7 @@ chroot ${mount_d} apt-get clean # Vagrant users expect a "vagrant" user with a "vagrant" username. # See https://www.vagrantup.com/docs/boxes/base.html # Note: We decided NOT to allow root login with a default password. -chroot ${mount_d} useradd -m vagrant -s /bin/bash +chroot ${mount_d} adduser vagrant echo "vagrant:vagrant" | chroot ${mount_d} chpasswd # The vagrant user should have passwordless sudo. @@ -87,7 +87,7 @@ chroot ${mount_d} mkdir -p /home/vagrant/.ssh cat << EOF > ${mount_d}/home/vagrant/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key EOF -chroot ${mount_d} chown -R vagrant: /home/vagrant/.ssh +chroot ${mount_d} chown -R vagrant:vagrant /home/vagrant/.ssh umount_disk_image "$mount_d" rmdir "$mount_d" From f10cd80ebbd7056d1ed1974b0d6f2350c20865f6 Mon Sep 17 00:00:00 2001 From: Christopher Glass Date: Fri, 1 Sep 2017 18:25:41 +0200 Subject: [PATCH 13/13] Make sure the .ssh directory has the right permissions. --- live-build/ubuntu-cpc/hooks/042-vagrant.binary | 1 + 1 file changed, 1 insertion(+) diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index 5851100c..d763ff18 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -88,6 +88,7 @@ cat << EOF > ${mount_d}/home/vagrant/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key EOF chroot ${mount_d} chown -R vagrant:vagrant /home/vagrant/.ssh +chroot ${mount_d} chmod 700 /home/vagrant/.ssh umount_disk_image "$mount_d" rmdir "$mount_d"