Streamline the SSH command

cmd/ignite/cmd/vmcmd/ssh.go

@@ -42,4 +42,5 @@ func NewCmdSSH(out io.Writer) *cobra.Command {
 
 func addSSHFlags(fs *pflag.FlagSet, sf *run.SSHFlags) {
 	fs.StringVarP(&sf.IdentityFile, "identity", "i", "", "Override the vm's default identity file")
+	fs.Uint32VarP(&sf.Timeout, "timeout", "t", 10, "Timeout waiting for connection in seconds")
 }

cmd/ignite/run/ssh.go

@@ -4,12 +4,15 @@ import (
 	"fmt"
 	"path"
 
+	log "github.com/sirupsen/logrus"
+
 	"github.com/weaveworks/ignite/pkg/constants"
 	"github.com/weaveworks/ignite/pkg/metadata/vmmd"
 	"github.com/weaveworks/ignite/pkg/util"
 )
 
 type SSHFlags struct {
+	Timeout      uint32
 	IdentityFile string
 }
 
@@ -35,13 +38,24 @@ func SSH(so *sshOptions) error {
 		return fmt.Errorf("VM %q has no usable IP addresses", so.vm.GetUID())
 	}
 
-	// Auto-accept the "The authenticity of host **** can't be established" warning with
-	// -o StrictHostKeyChecking=no, we're dealing with local VMs in a local subnet which is trusted.
-	sshArgs := append(make([]string, 0, 3),
-		fmt.Sprintf("root@%s", ipAddrs[0]),
-		"-o",
-		"StrictHostKeyChecking=no",
-		"-i")
+	// We're dealing with local VMs in a trusted (internal) subnet, disable some warnings for convenience
+	// TODO: For security, track the known_hosts internally, do something about the IP collisions (if needed)
+	sshOpts := []string{
+		"LogLevel=ERROR", // Warning: Permanently added '<ip>' (ECDSA) to the list of known hosts.
+		// We get this if the VM happens to get an address that another container has used:
+		"UserKnownHostsFile=/dev/null", // WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
+		"StrictHostKeyChecking=no",     // The authenticity of host ***** can't be established
+		fmt.Sprintf("ConnectTimeout=%d", so.Timeout),
+	}
+
+	sshArgs := append(make([]string, 0, len(sshOpts)*2+3),
+		fmt.Sprintf("root@%s", ipAddrs[0]))
+
+	for _, opt := range sshOpts {
+		sshArgs = append(sshArgs, "-o", opt)
+	}
+
+	sshArgs = append(sshArgs, "-i")
 
 	// If an external identity file is specified, use it instead of the internal one
 	if len(so.IdentityFile) > 0 {
@@ -55,9 +69,16 @@ func SSH(so *sshOptions) error {
 		sshArgs = append(sshArgs, privKeyFile)
 	}
 
-	// SSH into the vm
-	if _, err := util.ExecForeground("ssh", sshArgs...); err != nil {
-		return fmt.Errorf("SSH into VM %q failed: %v", so.vm.GetUID(), err)
+	// SSH into the VM
+	if code, err := util.ExecForeground("ssh", sshArgs...); err != nil {
+		if code != 255 {
+			return fmt.Errorf("SSH into VM %q failed: %v", so.vm.GetUID(), err)
+		}
+
+		// Code 255 is used for signaling a connection error, be it caused by
+		// a failed connection attempt or disconnection by VM reboot.
+		log.Warnf("SSH command terminated")
 	}
+
 	return nil
 }

docs/cli/ignite_ssh.md

@@ -20,6 +20,7 @@ ignite ssh <vm> [flags]
 ```
   -h, --help              help for ssh
   -i, --identity string   Override the vm's default identity file
+  -t, --timeout uint32    Timeout waiting for connection in seconds (default 10)
 ```
 
 ### Options inherited from parent commands

docs/cli/ignite_vm_ssh.md

@@ -20,6 +20,7 @@ ignite vm ssh <vm> [flags]
 ```
   -h, --help              help for ssh
   -i, --identity string   Override the vm's default identity file
+  -t, --timeout uint32    Timeout waiting for connection in seconds (default 10)
 ```
 
 ### Options inherited from parent commands