Skip to content

🧪 Narrow SSH command in test helpers to one key #782

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 21, 2025
Merged

🧪 Narrow SSH command in test helpers to one key #782

merged 2 commits into from
Oct 21, 2025

Conversation

@webknjaz
Copy link
Member

@webknjaz webknjaz commented Oct 21, 2025

Previously, ssh invocations would pick up $SSH_AUTH_SOCK and might hang if the agent (like Bitwarden) is awaiting for user input.

This patch improves the sshd probe helper responsiveness by disallowing the use of SSH agent, passwords, setting no config and setting a one-second timeout. The command is now narrowly scoped to only use the identity file passed via commandline explicitly.

ISSUE TYPE
  • Maintenance Pull Request
ADDITIONAL INFORMATION

N/A

@webknjaz
🧪 Narrow SSH command in test helpers to one key
8920440 
Previously, `ssh` invocations would pick up `$SSH_AUTH_SOCK` and
might hang if the agent (like Bitwarden) is awaiting for user input.

This patch improves the sshd probe helper responsiveness by
disallowing the use of SSH agent, passwords, setting no config and
setting a one-second timeout. The command is now narrowly scoped to
only use the identity file passed via commandline explicitly.
@webknjaz webknjaz self-assigned this Oct 21, 2025
Copilot AI review requested due to automatic review settings October 21, 2025 16:22
Copilot AI reviewed Oct 21, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR improves SSH command configuration in test helpers to prevent hanging when SSH agents await user input. The changes narrow the SSH connection scope to use only the explicitly provided identity file while disabling agent authentication and adding a connection timeout.

Key Changes

  • Added strict SSH configuration to disable agent, passwords, and external config files
  • Implemented a 1-second connection timeout for faster test failure detection
  • Converted short-form SSH flags to explicit -o option format for clarity

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@psf-chronographer psf-chronographer bot added the bot:chronographer:provided There is a change note present in this PR label Oct 21, 2025
@packit-as-a-service
Copy link

packit-as-a-service bot commented Oct 21, 2025

Congratulations! One of the builds has completed. 🍾

You can install the built RPMs by following these steps:

  • sudo yum install -y dnf-plugins-core on RHEL 8
  • sudo dnf install -y dnf-plugins-core on Fedora
  • dnf copr enable packit/ansible-pylibssh-782
  • And now you can install the packages.

Please note that the RPMs should be used only in a testing environment.

@webknjaz webknjaz merged commit 27ce4de into ansible:devel Oct 21, 2025
55 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@webknjaz webknjaz

Labels

bot:chronographer:provided There is a change note present in this PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@webknjaz