Have a way to utilize the system's SSH executable

[zakkg3]

i want to just specify the host on the k0sconfig.yaml and leave the ssh config where it belongs ~/.ssh/config
so not use any ssh wrapper but the native ssh on my machine.

[twz123]

What makes you think that the user's SSH config file isn't picked up by k0sctl? It certainly picks it up on my machine.

[zakkg3]

the only thing it pick up is the Identityfile line...

[twz123]

It appears there might be a potential discrepancy between the request for additional SSH config keyword support and the use of the system's SSH executable.

1. Would it suffice for your use case if k0sctl were to support additional SSH configuration keywords? Currently, to my knowledge, it supports IdentityFile, StrictHostkeyChecking, UserKnownHostsFile, and HashKnownHosts. Which specific keywords are missing for your use case? (Perhaps 'Hostname' is one of them?)

2. If there's a need to utilize the system's SSH executable, could you please describe your use case in more detail? Adding support for this would likely be a more substantial task.

Thank you!

[kke]

I agree you should just be able to do something like:

spec:
  hosts:
    - ssh:
        address: host01
      role: controller
    - address: host02
      role: worker
      ssh:
        address: host02

and all the other ssh details (user, address, port, keypath) would come from ssh config.

I did something like this in k0sproject/rig#88 but it started getting so messy that I put it aside and started a big revamp of the whole thing in k0sproject/rig#92 but I haven't touched it in a while.

Using the system's ssh client would have its pros and cons. Maybe it could be added as a new protocol, so you would have:

spec:
  hosts:
    - sshClient:
        address: host01
      role: controller
    - address: host02
      role: worker
      ssh:
        address: host02

It could be a pretty simple addition at least as long as it wouldn't be expected to work on windows.

[zakkg3]

my use case is we have lots of k8s clusters with tons of hosts and dynamic ssh certificates with 2FA and what not... those hosts have different ssh config for almost all clusters, we use pretty much all ssh config parameters possible :)

The problem is managing complexity:
We all maintain a ~/.ssh/config file already but now that we use K0s we also need to replicate this config on the k0sconfig.yaml file.... we also use Ansible and other contextualisation / provisioning automation tools and we have to render the ssh config there to make k0s happy.

Ssh does an excelent job picking the config from this file. just leave ssh do his job :)
thanks!

[kke]

Each connection (there can sometimes be multiple per host) will eat up some 5-10mb of memory for each ssh binary and pty though, so having a lot of hosts may become a problem.

[kke]

I think I'm going to experiment with adding a secondary ssh protocol handler that uses the system ssh, it should be pretty simple, and if it's "marked" experimental, it's not a big issue to throw it out if it ends up causing more problems than it solves.

[kke]

Did you try it out yet?

[zakkg3]

yeah!! reinstalled dev cluster (~15 nodes) with this. We could reduce ansible lines by 200+.
Updated e2e test with new ssh rendering all passing, going to reproduce on prod soon.
Thanks @kke !!

[pvdputte]

Just want to add that switching from ssh: + bastion to openSSH: + bastion config in ~/.ssh/config fixed my connection problems on a new Debian 12-based cluster. Although my k0sctl.yaml template worked for Debian 11 before.

Very valuable addition! Thanks!