Secure your vagrant boxes – replace ssh host keys
Vagrant is a cool piece of software that allows automatic deployment of development machines. It is even usefull to bring the result of development to production. In all cases, security should be a concern. Ready to use box templates often come with a default user (vagrant, password vagrant) and a well-known, insecure private ssh key for that user. This raises a security issue - everyone with network access to the machine can login using the credentials or the ssh key. While this issue is well known and addressed in many discussions (and solved with Vagrant 1.7 which by default replaces the keys), another similar issue still exists.