fix(ssh): derive relay host/port from RAILWAY_ENV instead of hardcoding prod#936
Closed
codyde wants to merge 1 commit into
Closed
fix(ssh): derive relay host/port from RAILWAY_ENV instead of hardcoding prod#936codyde wants to merge 1 commit into
codyde wants to merge 1 commit into
Conversation
…ng prod The SSH relay was a compile-time constant (ssh.railway.com) while backboard URLs follow RAILWAY_ENV — so a dev-mode CLI registered keys and created sandboxes against the develop backboard but dialed the production relay, which rejected the (correctly registered) key with 'Permission denied (publickey)'. Mirror backboard's controllers/ssh mapping: dev → ssh.railway-develop.com -p 2222; staging falls through to the prod relay exactly like backboard's IS_DEV-only branch (probes show ssh.railway-staging.com does not serve the SSH relay). Applies to native ssh, tmux sessions, the generated ~/.ssh/config block (Port line when non-default), and volume SFTP. Production behavior is byte-identical: (ssh.railway.com, None) produces the same target string, zero extra args, and the same config block — existing config-block tests pass unmodified. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Collaborator
Author
|
Folding this into #933 — the fix originated on that branch and will ship with the sandbox release. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The SSH relay host was a compile-time constant (
ssh.railway.com) while backboard URLs followRAILWAY_ENV. A dev-mode CLI therefore registers SSH keys and creates sandboxes against the develop backboard but dials the production relay — which has never seen the key or the target — yielding a confusingPermission denied (publickey)for a key the CLI just said was registered.Reported by Pierre in raildev:
Manual workaround that proved the diagnosis:
ssh -p 2222 sbx:…@ssh.railway-develop.comconnects fine.Fix
Configs::get_ssh_relay()mirrors backboard'scontrollers/sshmapping:ssh.railway.com(port 22)ssh.railway.com— falls through like backboard'sIS_DEV-only branch (ssh.railway-staging.comdoes not serve the SSH relay; probes accept TCP then close)ssh.railway-develop.com-p 2222Applied everywhere the constant was used: native ssh (
railway ssh,railway sandbox ssh), tmux install/session, the generated~/.ssh/configblock (gains aPortline only when non-default), and volume SFTP (russh connect tuple).Risk
Production behavior is byte-identical by construction:
("ssh.railway.com", None)produces the same target string, adds zero ssh args, the same(host, 22)sftp tuple, and the same config block — the existing config-block tests asserting the literal prod output pass unmodified. The only behavioral change is dev mode, which previously failed 100% of the time.Testing
sandbox create→sandbox ssh -- echo→destroy, all cleanrailway sandbox sshshould now connect exactly where his manual-p 2222command did🤖 Generated with Claude Code