Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ssh host key mismatch (again) #813

Open
ianb-mp opened this issue Dec 20, 2024 · 0 comments
Open

ssh host key mismatch (again) #813

ianb-mp opened this issue Dec 20, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@ianb-mp
Copy link

ianb-mp commented Dec 20, 2024

I'm having an issue where k0sctl and openssh seem to add conflicting entries to ~/.ssh/known_hosts for the same host.

I first connect to the hostname bne-nxt1-vr-1 using openssh. It connects OK and I see this entry appear in known_hosts:

bne-nxt1-vr-1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeZMXleTWOrjmhYAwcfPZuv/CCkT0GLpIKPtjcWu+ip

if I then run k0sctl against the same hostname (using builtin ssh not openSSH config), I get an error:

- [SSH] bne-nxt1-vr-1: retrying aborted
not connected: client connect: can't connect: ssh: handshake failed: host key mismatch: knownhosts: key mismatch 

If I remove the entry from known_hosts and try k0sctl again, it connects fine and I see this new entry in known_hosts (10.1.3.14 corresponds with the hostname):

10.1.3.14 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFAFlkzOExRFx4CF3vEs5/wWhtZx+HUoEW4fKoyBUfsbuMdS4N7Xri+J1XCI3jiOvvkzAz9gOeohmlo0cFOfJPg=

Additionally, I noticed k0sctl is adding the same entry to known_hosts repeatedly for this host (and others) e.g.

10.5.48.17 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMbTbLidJyADmGw6uPgC+x16OlQrm3O6SeT3ujFLWjkNESI89mqVtuvfn21sQ4S1L8Fj6+GeOQQq+AofXD04/SE=
10.5.48.239 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFFq7/UAvpe1P/7g/FS1lS3ZYpUWNsWuEST2glfSbj+sabppXC3J7MVctv8lOw18xwoAcPApFJj7RQDw6hLFKUg=
10.5.48.17 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMbTbLidJyADmGw6uPgC+x16OlQrm3O6SeT3ujFLWjkNESI89mqVtuvfn21sQ4S1L8Fj6+GeOQQq+AofXD04/SE=
10.5.48.239 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFFq7/UAvpe1P/7g/FS1lS3ZYpUWNsWuEST2glfSbj+sabppXC3J7MVctv8lOw18xwoAcPApFJj7RQDw6hLFKUg=
10.1.171.18 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcAH2R1wU9GVkqPz21LAHP002ouhFwVvgC9AJqpJV+SlSuCZsSd+ukgq96yHnAC+d1/KF4S7bvO0ZbqW9Z9Ecc=
10.5.48.239 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFFq7/UAvpe1P/7g/FS1lS3ZYpUWNsWuEST2glfSbj+sabppXC3J7MVctv8lOw18xwoAcPApFJj7RQDw6hLFKUg=
10.5.48.17 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMbTbLidJyADmGw6uPgC+x16OlQrm3O6SeT3ujFLWjkNESI89mqVtuvfn21sQ4S1L8Fj6+GeOQQq+AofXD04/SE=
10.1.171.18 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcAH2R1wU9GVkqPz21LAHP002ouhFwVvgC9AJqpJV+SlSuCZsSd+ukgq96yHnAC+d1/KF4S7bvO0ZbqW9Z9Ecc=
10.5.48.239 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFFq7/UAvpe1P/7g/FS1lS3ZYpUWNsWuEST2glfSbj+sabppXC3J7MVctv8lOw18xwoAcPApFJj7RQDw6hLFKUg=
10.5.48.17 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMbTbLidJyADmGw6uPgC+x16OlQrm3O6SeT3ujFLWjkNESI89mqVtuvfn21sQ4S1L8Fj6+GeOQQq+AofXD04/SE=
10.1.171.18 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcAH2R1wU9GVkqPz21LAHP002ouhFwVvgC9AJqpJV+SlSuCZsSd+ukgq96yHnAC+d1/KF4S7bvO0ZbqW9Z9Ecc=
10.5.48.239 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFFq7/UAvpe1P/7g/FS1lS3ZYpUWNsWuEST2glfSbj+sabppXC3J7MVctv8lOw18xwoAcPApFJj7RQDw6hLFKUg=
10.5.48.17 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMbTbLidJyADmGw6uPgC+x16OlQrm3O6SeT3ujFLWjkNESI89mqVtuvfn21sQ4S1L8Fj6+GeOQQq+AofXD04/SE=
10.1.171.18 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcAH2R1wU9GVkqPz21LAHP002ouhFwVvgC9AJqpJV+SlSuCZsSd+ukgq96yHnAC+d1/KF4S7bvO0ZbqW9Z9Ecc=
10.1.3.14 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFAFlkzOExRFx4CF3vEs5/wWhtZx+HUoEW4fKoyBUfsbuMdS4N7Xri+J1XCI3jiOvvkzAz9gOeohmlo0cFOfJPg=
10.5.48.239 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFFq7/UAvpe1P/7g/FS1lS3ZYpUWNsWuEST2glfSbj+sabppXC3J7MVctv8lOw18xwoAcPApFJj7RQDw6hLFKUg=
10.5.48.17 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMbTbLidJyADmGw6uPgC+x16OlQrm3O6SeT3ujFLWjkNESI89mqVtuvfn21sQ4S1L8Fj6+GeOQQq+AofXD04/SE=
10.1.3.14 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFAFlkzOExRFx4CF3vEs5/wWhtZx+HUoEW4fKoyBUfsbuMdS4N7Xri+J1XCI3jiOvvkzAz9gOeohmlo0cFOfJPg=
10.1.171.18 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcAH2R1wU9GVkqPz21LAHP002ouhFwVvgC9AJqpJV+SlSuCZsSd+ukgq96yHnAC+d1/KF4S7bvO0ZbqW9Z9Ecc=

I'm using k0sctl v0.21.0 on MacOS 15.1.1

If I use openSSH rather than ssh I don't have this issue, however it is much slower that way. It would be nice not to have to call out to openssh.

Last time I had a similar issue the problem was in the rig library. I mean no disrespect to the maintainers of rig, but I wonder if it's not yet mature enough for use in k0sctl?

@kke kke added the bug Something isn't working label Dec 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants