k0sproject/k0sctl

ssh host key mismatch

ianb-mp opened this issue · 1 comments

ianb-mp commented

I'm seeing this error in a situation where the host ssh keys have not been regenerated:

ssh: handshake failed: host key mismatch: knownhosts: key mismatch

To reproduce, I do this:

  • run k0sctl (it connects to 3 hosts)
  • observe the following 3 entries in my ~/.ssh/known_hosts file
[0.0.0.0]:0 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIKe3vjjLl5e2mYeTSd6n7K52+5FhHVm/4MdhKUbJsoqXlMXFeJuP6zf52+pBxU1uUglO9zvUcY+Ab5VoBb7ySg=
[0.0.0.0]:0 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPPB1YQH/bNy6qWXeX7buJdWOQze8pmQ8nIPCgLpCPY6epRhcQz4EISGp+L25RL41f6LZGF1tRb+kXvrQlbGKHE=
[0.0.0.0]:0 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL8Dyt7f3UtsNuxhwPV+qVaQCMjVqjvMbWJ1UGflusQsEeUPSOAkFcnNhegVY1FPC8OhRFZwoivy57oGJVfO/F4=

(these look odd - never seen entries starting with [0.0.0.0]:0!?)

  • SSH to one of these hosts from cli (outside of k0sctl)
  • observe this additional entry in my known_hosts file
172.31.37.26 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcMA7kFqYomvZXCCJisVLDRkz0XlFAR0M/6TrhLmDt9
  • run k0sctl again and observe the key mismatch error
- [SSH] 172.31.37.26: retrying aborted
not connected: client connect: can't connect: bastion client connect: ssh: handshake failed: host key mismatch: knownhosts: key mismatch
  • I also observe additional entries in known_hosts for the other 2 hosts:
[0.0.0.0]:0 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL8Dyt7f3UtsNuxhwPV+qVaQCMjVqjvMbWJ1UGflusQsEeUPSOAkFcnNhegVY1FPC8OhRFZwoivy57oGJVfO/F4=
[0.0.0.0]:0 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIKe3vjjLl5e2mYeTSd6n7K52+5FhHVm/4MdhKUbJsoqXlMXFeJuP6zf52+pBxU1uUglO9zvUcY+Ab5VoBb7ySg=

Additional context:

I'm using a bastionhost to connect through to reach the hosts i.e.

ssh:
      address: 172.31.37.26
      user: admin
      port: 22
      bastion:
        address: 10.2.5.20
        user: admin
        keyPath: ~/Documents/Linux/ssh/ianb-aws

cli: ssh -i ~/Documents/Linux/ssh/ianb-aws -J admin@10.2.5.20 admin@172.31.37.26

k0sctl version

$ k0sctl version
version: v0.17.8
commit: b061291

Environment
Localhost: MacOS 14.4.1
Bastion: Rocky Linux 9.3
Remote: Debian 12

kke commented

It seems like using bastion must somehow break host key handling, need to investigate.