fix(node-agent): skip SSH config file in rsync to avoid UID ownership errors

When ~/.ssh is mounted from the host oskar user into a container that runs as root, OpenSSH rejects ~/.ssh/config with 'Bad owner or permissions' because the file UID doesn't match the running process. Add -F /dev/null to the rsync SSH command to skip the config file entirely. Also add UserKnownHostsFile=/dev/null so no known_hosts write is attempted into a potentially read-only mounted .ssh dir. The key itself (/root/.ssh/id_rsa) is still read as an implicit default identity and is not affected by -F. Reproduces on chelsty-infra (has ~/.ssh/config); safe for all nodes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-27 14:12:19 +02:00 · 2026-05-27 14:12:19 +02:00 · a5a3e223dc
parent 2349de518b
commit a5a3e223dc
1 changed files with 10 additions and 1 deletions
--- a/services/node-agent/src/node_agent.py
+++ b/services/node-agent/src/node_agent.py
@ -472,7 +472,16 @@ class NodeAgent:
                      f"{VPS_EVENTS_PATH}/{self.node_name}/")
        cmd = [
            "rsync", "-az", "--remove-source-files",
-            "-e", "ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 -o BatchMode=yes",
+            # -F /dev/null: skip ~/.ssh/config entirely.  The .ssh dir is
+            # mounted from the host oskar user into the container which runs
+            # as root; OpenSSH rejects config files owned by a different UID.
+            # UserKnownHostsFile=/dev/null pairs with StrictHostKeyChecking=no
+            # so we never try to write a known_hosts inside a read-only mount.
+            "-e", ("ssh -F /dev/null"
+                   " -o StrictHostKeyChecking=no"
+                   " -o UserKnownHostsFile=/dev/null"
+                   " -o ConnectTimeout=10"
+                   " -o BatchMode=yes"),
            local_dir,
            remote_dir,
        ]