tugboat ssh not using ssh-agent?

[rauchrob]

I am storing my SSH secret keys on a smartcard, running ssh root@<my-droplet-ip> therefore runs fine without password. However tugboat ssh <my-droplet> will fallback to asking the root password, which is not what I expected.

Did I miss something or is this a Bug?

[petems]

By default, tugboat uses the user defined in your ~/.tugboat file. If you change that to root it should work

[rauchrob]

The ssh section of my ~/.tugboat is (and has been) given by

ssh:
  ssh_user: root
  ssh_port: '22'

So this doesn't fix the issue.

[petems]

@rauchrob Can you try now with the latest release? (v1.3.0)

[petems]

Closing for now, if there's any update, feel free to re-open

[rauchrob]

I have tested again with tugboat v2.0.0, without success:

tugboat ssh do512-1
Droplet fuzzy name provided. Finding droplet ID...done, xxxxxxxx (do512-1.xxxxxxxxxxxxxxx)
Executing SSH on Droplet (do512-1.xxxxxxxxxxxxx)...
Attempting SSH: root@46.xxx.xxx.xxx
Warning: Identity file /home/rauch/.ssh/id_rsa not accessible: No such file or directory.
root@46.xxx.xxx.xxx's password: 

When doing ssh root@do512-1.xxxxxxxxxxxx, it works using ssh-agent and my smart card.

[petems]

What SSH key are you using when you SSH regularly? I see there's an error saying it can't find the SSH key:

Warning: Identity file /home/rauch/.ssh/id_rsa not accessible: No such file or directory.

You might need to change the SSH key it uses in your ~/.tugboat file

[rauchrob]

I have no file based SSH keypair at all. I have also just tried it after

• removing the ssh_key_path setting in my ~/.tugboat
• generating some random SSH key pair via ssh-keygen

without success, though.

[petems]

If you don't give ssh_key_path in the ~/.tugboat file, it defaults to using ~/.ssh/id_rsa

Can you give a verbose output of sshing into the both without tugboat (-vvvv) with all the sensitive stuff redacted (IP and the like)

[rauchrob]

OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/rauch/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 3: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to do512-1.xxxxxxxxxx [2a03:xxxx:xxxx:xxxx] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/rauch/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/rauch/.ssh/id_rsa type 1
debug1: identity file /home/rauch/.ssh/id_rsa-cert type -1
debug1: identity file /home/rauch/.ssh/id_dsa type -1
debug1: identity file /home/rauch/.ssh/id_dsa-cert type -1
debug1: identity file /home/rauch/.ssh/id_ecdsa type -1
debug1: identity file /home/rauch/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/rauch/.ssh/id_ed25519 type -1
debug1: identity file /home/rauch/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "do512-1.xxxxxxxxxxxxx" from file "/home/rauch/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/rauch/.ssh/known_hosts:13
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "do512-1.xxxxxxxxxxxx" from file "/etc/ssh/ssh_known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /etc/ssh/ssh_known_hosts:4
debug3: load_hostkeys: found key type RSA in file /etc/ssh/ssh_known_hosts:5
debug3: load_hostkeys: found key type DSA in file /etc/ssh/ssh_known_hosts:6
debug3: load_hostkeys: found key type ED25519 in file /etc/ssh/ssh_known_hosts:28
debug3: load_hostkeys: loaded 4 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss,
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 9b:61:1b:37:4e:e5:28:97:99:44:6e:a5:d1:36:1b:86
debug3: load_hostkeys: loading entries for host "do512-1.xxxxxxxxxxxxx" from file "/home/rauch/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/rauch/.ssh/known_hosts:13
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "do512-1.xxxxxxxxxxxxx" from file "/etc/ssh/ssh_known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /etc/ssh/ssh_known_hosts:4
debug3: load_hostkeys: found key type RSA in file /etc/ssh/ssh_known_hosts:5
debug3: load_hostkeys: found key type DSA in file /etc/ssh/ssh_known_hosts:6
debug3: load_hostkeys: found key type ED25519 in file /etc/ssh/ssh_known_hosts:28
debug3: load_hostkeys: loaded 4 keys
debug3: load_hostkeys: loading entries for host "2a03:xxxx:xxxx:xxxx" from file "/home/rauch/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/rauch/.ssh/known_hosts:23
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "2a03:xxxx:xxxx:xxxx" from file "/etc/ssh/ssh_known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /etc/ssh/ssh_known_hosts:4
debug3: load_hostkeys: found key type RSA in file /etc/ssh/ssh_known_hosts:5
debug3: load_hostkeys: found key type DSA in file /etc/ssh/ssh_known_hosts:6
debug3: load_hostkeys: found key type ED25519 in file /etc/ssh/ssh_known_hosts:28
debug3: load_hostkeys: loaded 4 keys
debug1: Host 'do512-1.xxxxxxxxxxxxxx' is known and matches the ECDSA host key.
debug1: Found key in /home/rauch/.ssh/known_hosts:13
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: cardno:000500002AA8 (0x7f8813393f50),
debug2: key: /home/rauch/.ssh/id_rsa (0x7f881338dd20),
debug2: key: /home/rauch/.ssh/id_dsa ((nil)),
debug2: key: /home/rauch/.ssh/id_ecdsa ((nil)),
debug2: key: /home/rauch/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: cardno:000500002AA8
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug2: input_userauth_pk_ok: fp 57:35:77:74:5e:dd:af:a3:08:e5:7b:71:d7:51:02:aa
debug3: sign_and_send_pubkey: RSA 57:35:77:74:5e:dd:af:a3:08:e5:7b:71:d7:51:02:aa
debug1: Authentication succeeded (publickey).
Authenticated to do512-1.xxxxxxxxxxxxxx ([xxxxxxxxxxxxxxx]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IPV6_TCLASS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env XDG_VTNR
debug3: Ignored env NVM_RC_VERSION
debug3: Ignored env GREP_COLOR
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env rvm_bin_path
debug3: Ignored env XDG_GREETER_DATA_DIR
debug3: Ignored env VIRTUALENVWRAPPER_SCRIPT
debug3: Ignored env SELINUX_INIT
debug3: Ignored env CLUTTER_IM_MODULE
debug3: Ignored env COMP_WORDBREAKS
debug3: Ignored env PYENV_ROOT
debug3: Ignored env GPG_AGENT_INFO
debug3: Ignored env GEM_HOME
debug3: Ignored env VTE_VERSION
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env NGINX_PATH
debug3: Ignored env VAGRANT_DEFAULT_PROVIDER
debug3: Ignored env HISTSIZE
debug3: Ignored env TMPDIR
debug3: Ignored env IRBRC
debug3: Ignored env WINDOWID
debug3: Ignored env UPSTART_SESSION
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env MY_RUBY_HOME
debug3: Ignored env GTK_MODULES
debug3: Ignored env GIT_EDITOR
debug3: Ignored env USER
debug3: Ignored env NVM_DIR
debug3: Ignored env TEMP
debug3: Ignored env _system_type
debug3: Ignored env XDG_SESSION_PATH
debug3: Ignored env BASH_IT_THEME
debug3: Ignored env rvm_path
debug3: Ignored env XDG_SEAT_PATH
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env SCM_CHECK
debug3: Ignored env PYENV_VIRTUALENV_INIT
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env AUTOFEATURE
debug3: Ignored env WORKON_HOME
debug3: Ignored env TMUX
debug3: Ignored env BASH_IT
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env PROJECT_HOME
debug3: Ignored env LSCOLORS
debug3: Ignored env rvm_prefix
debug3: Ignored env PATH
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env TEMPDIR
debug3: Ignored env QT_QPA_PLATFORMTHEME
debug3: Ignored env QT_IM_MODULE
debug3: Ignored env NVM_NODEJS_ORG_MIRROR
debug3: Ignored env PWD
debug3: Ignored env JOB
debug3: Ignored env XMODIFIERS
debug3: Ignored env EDITOR
debug1: Sending env LANG = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env GNOME_KEYRING_PID
debug3: Ignored env MANDATORY_PATH
debug3: Ignored env GDM_LANG
debug3: Ignored env _system_arch
debug3: Ignored env TMUX_PANE
debug3: Ignored env IM_CONFIG_PHASE
debug3: Ignored env _system_version
debug3: Ignored env GDMSESSION
debug3: Ignored env HISTCONTROL
debug3: Ignored env rvm_version
debug3: Ignored env SESSIONTYPE
debug3: Ignored env XDG_SEAT
debug3: Ignored env SHLVL
debug3: Ignored env PYENV_SHELL
debug3: Ignored env HOME
debug3: Ignored env LANGUAGE
debug3: Ignored env _VIRTUALENVWRAPPER_API
debug3: Ignored env GNOME_DESKTOP_SESSION_ID
debug3: Ignored env UPSTART_INSTANCE
debug3: Ignored env UPSTART_EVENTS
debug3: Ignored env TMP
debug3: Ignored env LOGNAME
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env QT4_IM_MODULE
debug3: Ignored env GEM_PATH
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env TMUX_PLUGIN_MANAGER_PATH
debug3: Ignored env TODO
debug3: Ignored env NVM_IOJS_ORG_MIRROR
debug3: Ignored env UPSTART_JOB
debug3: Ignored env TEXTDOMAIN
debug3: Ignored env INSTANCE
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env IRC_CLIENT
debug3: Ignored env DISPLAY
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env GTK_IM_MODULE
debug3: Ignored env RUBY_VERSION
debug3: Ignored env _system_name
debug3: Ignored env TEXTDOMAINDIR
debug3: Ignored env XAUTHORITY
debug3: Ignored env COLORTERM
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to Ubuntu 14.04.2 LTS (GNU/Linux 3.13.0-43-generic x86_64)
root@do512-1:~#

[petems]

Can you try:

ssh root@droplet_ipaddress -i /home/rauch/.ssh/id_rsa
ssh root@droplet_ipaddress -i /home/rauch/.ssh/id_dsa
ssh root@droplet_ipaddress -i /home/rauch/.ssh/id_ecdsa
ssh root@droplet_ipaddress -i /home/rauch/.ssh/id_ed25519

And tell me which one works? And when you find out which one works, try changing the ssh_key_path in your ~/tugboat file to point to that file, should work after that.

[rauchrob]

None of them will work. As mentioned above, I have no file based SSH Key pairs at all, since my SSH Keypair is located on a Smart card:

rauch@wsntbk13:~$ ls ~/.ssh
authorized_keys  config  known_hosts
rauch@wsntbk13:~$ ssh-add -l
4096 57:35:77:74:5e:dd:af:a3:08:e5:7b:71:d7:51:02:aa cardno:000500002AA8 (RSA)

SSH will connect to my running ssh-agent by interpreting the environment variable SSH_AUTH_SOCK.

[petems]

Ooooooh, now I understand, I missed that detail before. I've not heard of these before, they look pretty neat, I've been using a Yubikey for my machine, having SSH keys on secure hardware makes sense! 😄

So, I'm not really sure how to fix this, as I'm not super familiar with how smart cards interact with SSH.

Basically, Tugboat does ssh by doing:

 options = [
          "-o", "IdentitiesOnly=yes",
          "-o", "LogLevel=ERROR",
          "-o", "StrictHostKeyChecking=no",
          "-o", "UserKnownHostsFile=/dev/null",
          "-i", File.expand_path(env["config"].ssh_key_path.to_s)]

...

Kernel.exec("ssh", *options)` 

So it runs SSH from the terminal with the -i flag pointing to a key from your config file.

How does the standard command line know to use the smart card key?

[rauchrob]

ssh looks at the environment variable $SSH_ATUH_SOCK. The code for for calling ssh from tugboat seems promising, though. From man ssh_config:

     IdentitiesOnly
             Specifies that ssh(1) should only use the authentication identity
             files configured in the ssh_config files, even if ssh-agent(1) or
             a PKCS11Provider offers more identities.  The argument to this
             keyword must be “yes” or “no”.  This option is intended for situ‐
             ations where ssh-agent offers many different identities.  The
             default is “no”.

Therefore I think you should remove the options "-o", "IdentitiesOnly=yes".

[rauchrob]

By the way, I have tested removing this line from lib/tugboat/middleware/ssh_droplet.rb and it works! I can provide a PR, if you like.

[rauchrob]

Maybe the option -o IdentitiesOnly should only be used in conjunction with the -i option, namely when an ssh_key_path has been specified in the users tugboat configuration file.

[petems]

@rauchrob Can you test this is all working in tugboat 2.1.0? You'll need to remove the ssh_key_path from your config.

[rauchrob]

@petems I can confirm it works now, nice work! I get some noisy debugging output, which could be stripped in future releases though:

SShing with options: -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=no -p 22 root@xxx.xxx.xxx.xxx

[petems]

Yeah, I'm planning on refactoring the logging from #202, and changing levels of logging and such 👍