SSH v2 feature is not compatible with non-interactive mode and requires a valid login instead of token #3431
Description
Describe the bug
For reference:
- SSH v1 docs: https://infisical.com/docs/documentation/platform/ssh-old
- SSH v2 docs: https://infisical.com/docs/documentation/platform/ssh
I tried to migrate our environments (local, CI, staging and production) to use the new SSH v2 workflow. The infisical ssh connect works when using infisical login and an interactive, e.g. bash session. But we had used the SSH v1 feature heavily in non-interactive mode in e.g. CI. It appears that the infisical ssh connect command does not support INFISICAL_TOKEN (or --token argument):
$ INFISICAL_TOKEN=$(infisical login --method=universal-auth --silent --plain [...]) infisical ssh connect
You must be logged in to run this command. To login, run [infisical login]The infisical ssh connect command expects an interactive shell session (as described in https://infisical.com/docs/documentation/platform/ssh#user-guide-for-sshing-to-a-host) which makes the command not usable within our CI.
Additionally, the infisical ssh issue-credentials is no longer working as the new SSH v2 feature does not expose any information about the for example --certificateTemplateId parameter.
Expected behavior
The infisical ssh connect mechanism respects the INFISICAL_TOKEN (or --token parameter) so it can be used without infisical login. This is necessary so our CI machine identity can connect to a remote host. Also, the infisical ssh connect needs to be configurable via parameters to bypass the interactive mode.
Additional context
Already posted via #3347 (comment) but instead of keeping track within a merged pull request, I create a new issue.