fix(ssh): automatically fix SSH directory permissions during upgrade (#8635)

app/Models/PrivateKey.php

@@ -237,7 +237,7 @@ protected function ensureStorageDirectoryExists()
         $testSuccess = $disk->put($testFilename, 'test');
 
         if (! $testSuccess) {
-            throw new \Exception('SSH keys storage directory is not writable');
+            throw new \Exception('SSH keys storage directory is not writable. Run on the host: sudo chown -R 9999 /data/coolify/ssh && sudo chmod -R 700 /data/coolify/ssh && docker restart coolify');
         }
 
         // Clean up test file

scripts/upgrade.sh

@@ -141,6 +141,15 @@ else
     log "Network 'coolify' already exists"
 fi
 
+# Fix SSH directory ownership if not owned by container user UID 9999 (fixes #6621)
+# Only changes owner — preserves existing group to respect custom setups
+SSH_OWNER=$(stat -c '%u' /data/coolify/ssh 2>/dev/null || echo "unknown")
+if [ "$SSH_OWNER" != "9999" ]; then
+    log "Fixing SSH directory ownership (was owned by UID $SSH_OWNER)"
+    chown -R 9999 /data/coolify/ssh
+    chmod -R 700 /data/coolify/ssh
+fi
+
 # Check if Docker config file exists
 DOCKER_CONFIG_MOUNT=""
 if [ -f /root/.docker/config.json ]; then

tests/Unit/PrivateKeyStorageTest.php

@@ -112,7 +112,7 @@ public function it_throws_exception_when_storage_directory_is_not_writable()
             );
 
         $this->expectException(\Exception::class);
-        $this->expectExceptionMessage('SSH keys storage directory is not writable');
+        $this->expectExceptionMessage('SSH keys storage directory is not writable. Run on the host: sudo chown -R 9999 /data/coolify/ssh && sudo chmod -R 700 /data/coolify/ssh && docker restart coolify');
 
         PrivateKey::createAndStore([
             'name' => 'Test Key',