coolify

rosslh/coolify

Fork 0

Commit graph

Author	SHA1	Message	Date
pannous	2f96a759df	test: add behavioral ssh key stale-file regression	2026-03-16 10:40:22 +01:00
pannous	4bf94fac2d	fix: prevent sporadic SSH permission denied by validating key content The root cause of sporadic "Permission denied (publickey)" errors was that validateSshKey() only checked if the key file existed on disk, never verifying its content matched the database. When keys were rotated or updated, the stale file persisted and SSH used the wrong key. Changes: - validateSshKey() now refreshes key from DB and compares file content - Server saved event detects private_key_id changes to invalidate mux - PrivateKey storeInFileSystem() uses file locking to prevent races - PrivateKey saved event auto-resyncs file on key content changes - Enforces 0600 permissions on key files Fixes coollabsio/coolify#7724	2026-03-15 03:06:21 +01:00

Author

SHA1

Message

Date

pannous

2f96a759df

test: add behavioral ssh key stale-file regression

2026-03-16 10:40:22 +01:00

pannous

4bf94fac2d

fix: prevent sporadic SSH permission denied by validating key content

The root cause of sporadic "Permission denied (publickey)" errors was
that validateSshKey() only checked if the key file existed on disk,
never verifying its content matched the database. When keys were rotated
or updated, the stale file persisted and SSH used the wrong key.

Changes:
- validateSshKey() now refreshes key from DB and compares file content
- Server saved event detects private_key_id changes to invalidate mux
- PrivateKey storeInFileSystem() uses file locking to prevent races
- PrivateKey saved event auto-resyncs file on key content changes
- Enforces 0600 permissions on key files

Fixes coollabsio/coolify#7724

2026-03-15 03:06:21 +01:00

2 commits