I’m using vagrant to provision existing machines in AWS with tknerr/vagrant-managed-servers. We setup our instances to use the Vault OTP SSH Helper, so this is the machine’s sshd_config:
ChallengeResponseAuthentication yes PasswordAuthentication no UsePAM yes
The problem is, I want vagrant to use an OTP from vault to perform the SSH step, however since PasswordAuthentication is “no”, vagrant doesn’t even attempt to use the password auth. Here’s the vagrant box config I’m using:
config.vm.provider :managed do |managed, override| managed.server = ENV['MANAGED_IP'] override.vm.box = 'tknerr/managed-server-dummy' override.ssh.username = "ubuntu" override.ssh.password = ENV['OTP'] override.ssh.insert_key = false end
It never even attempts to use the OTP though because of the PasswordAuthentication no config on the managed instance.
Is there a way to get around this such that I can use the Vault OTP with the Vagrant SSH step?