fix(shell): sync authorized_keys with active SSH public key#156
Merged
skulidropek merged 4 commits intoProverCoderAI:mainfrom Mar 18, 2026
Merged
fix(shell): sync authorized_keys with active SSH public key#156skulidropek merged 4 commits intoProverCoderAI:mainfrom
skulidropek merged 4 commits intoProverCoderAI:mainfrom
Conversation
Adding .gitkeep for PR creation (default mode). This file will be removed when the task is complete. Issue: ProverCoderAI#155
…t Permission denied When the managed authorized_keys file already exists but contains a stale key, SSH connections fail with "Permission denied (publickey)". This change detects the active SSH private key, finds its matching .pub file, and appends the current public key to authorized_keys if it is missing. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
konard
changed the title
…nt rule Extract appendKeyIfMissing and resolveAuthorizedKeysSource into separate functions so that ensureAuthorizedKeys stays within the 50-line limit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This reverts commit ace0ce4.
Contributor
Author
🤖 Solution Draft LogThis log file contains the complete execution trace of the AI solution draft process. 💰 Cost estimation:
🤖 Models used:
Now working session is ended, feel free to review and add any feedback on the solution draft. |
Contributor
Author
✅ Ready to mergeThis pull request is now ready to be merged:
Monitored by hive-mind with --auto-restart-until-mergeable flag |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Permission denied (publickey)caused by staleauthorized_keysnot matching the active SSH key on the host machineauthorized_keysfile already exists, the fix now detects the active SSH private key, finds its matching.pubfile, and appends the current public key if it is missingauthorized_keysgets the current public key appendedRoot cause
The
ensureAuthorizedKeysfunction previously skipped any update when the targetauthorized_keysfile already existed (state === "exists"→ early return). If the file contained a key from a different machine or an old key, the container'ssshdwould reject connections because the mountedauthorized_keysdid not include the host's current public key.Changes
packages/lib/src/usecases/actions/prepare-files.ts: ModifiedensureAuthorizedKeysto:findSshPrivateKeyand check for its.pubcounterpartfindAuthorizedKeysSourcefallbackpackages/lib/tests/usecases/prepare-files.test.ts: Added test"appends the active public key to the managed authorized_keys file"that sets up a stale key, a fresh SSH keypair, and verifies both keys appear in the resultTest plan
pnpm --filter ./packages/lib typecheckpassespnpm --filter ./packages/lib testpasses (81 tests, including the new one)pnpm run checkpassesCloses #155
🤖 Generated with Claude Code