From a5a3e223dc3b6387c65ad42221dbd0fe0f11a391 Mon Sep 17 00:00:00 2001 From: Oskar Kapala Date: Wed, 27 May 2026 14:12:19 +0200 Subject: [PATCH] fix(node-agent): skip SSH config file in rsync to avoid UID ownership errors When ~/.ssh is mounted from the host oskar user into a container that runs as root, OpenSSH rejects ~/.ssh/config with 'Bad owner or permissions' because the file UID doesn't match the running process. Add -F /dev/null to the rsync SSH command to skip the config file entirely. Also add UserKnownHostsFile=/dev/null so no known_hosts write is attempted into a potentially read-only mounted .ssh dir. The key itself (/root/.ssh/id_rsa) is still read as an implicit default identity and is not affected by -F. Reproduces on chelsty-infra (has ~/.ssh/config); safe for all nodes. Co-Authored-By: Claude Sonnet 4.6 --- services/node-agent/src/node_agent.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/services/node-agent/src/node_agent.py b/services/node-agent/src/node_agent.py index 75cb2e5..dbb9b61 100644 --- a/services/node-agent/src/node_agent.py +++ b/services/node-agent/src/node_agent.py @@ -472,7 +472,16 @@ class NodeAgent: f"{VPS_EVENTS_PATH}/{self.node_name}/") cmd = [ "rsync", "-az", "--remove-source-files", - "-e", "ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 -o BatchMode=yes", + # -F /dev/null: skip ~/.ssh/config entirely. The .ssh dir is + # mounted from the host oskar user into the container which runs + # as root; OpenSSH rejects config files owned by a different UID. + # UserKnownHostsFile=/dev/null pairs with StrictHostKeyChecking=no + # so we never try to write a known_hosts inside a read-only mount. + "-e", ("ssh -F /dev/null" + " -o StrictHostKeyChecking=no" + " -o UserKnownHostsFile=/dev/null" + " -o ConnectTimeout=10" + " -o BatchMode=yes"), local_dir, remote_dir, ]