spawn

vrr/spawn

Fork 0

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-19 08:01:17 +00:00

History

Ahmed Abushagur c098cf1c04 Some checks failed CLI Release / Build and release CLI (push) Has been cancelled Details Lint / ShellCheck (push) Has been cancelled Details Lint / Biome Lint (push) Has been cancelled Details Lint / macOS Compatibility (push) Has been cancelled Details fix(ssh): use spawn-owned key + IdentitiesOnly to fix MaxAuthTries flood (#3401 ) When a user has multiple SSH keys loaded in ssh-agent, OpenSSH offers them all before the -i keys we pass. With sshd's default MaxAuthTries=6, the auth flood causes "Permission denied (publickey)" before our key is even tried — observed by Chris on hermes/digitalocean. Two changes: 1. Add IdentitiesOnly=yes to SSH_BASE_OPTS and SSH_INTERACTIVE_OPTS so ssh ignores agent-loaded identities and only tries the explicit -i keys. 2. Refactor ssh-keys.ts to a spawn-owned key (~/.ssh/spawn_ed25519): - getSpawnKey() ensures it exists, generated on first use - new VMs are provisioned with ONLY the spawn key (DO/Hetzner/AWS/GCP) - the user's personal keys never get registered with cloud providers (a privacy win — fixes Alex's dad scenario where personal keys were uploaded to a fresh DO account on first run) - ensureSshKeys() returns [spawnKey, ...legacy] capped at 3 — pre-existing id_ed25519/id_rsa/id_ecdsa stay as -i fallbacks so droplets provisioned by older Spawn versions remain SSH-reachable Reconnect hints across all clouds now print `ssh -i ~/.ssh/spawn_ed25519` since the custom filename isn't auto-tried by bare `ssh root@<ip>`. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-10 11:40:48 -07:00
..
cli	fix(ssh): use spawn-owned key + IdentitiesOnly to fix MaxAuthTries flood (#3401 )	2026-05-10 11:40:48 -07:00
shared	fix: rethrow normalized Error in tryCatchIf/asyncTryCatchIf (#2930 )	2026-03-23 19:33:05 -07:00

Ahmed Abushagur c098cf1c04

CLI Release / Build and release CLI (push) Has been cancelled

Details

Lint / ShellCheck (push) Has been cancelled

Details

Lint / Biome Lint (push) Has been cancelled

Details

Lint / macOS Compatibility (push) Has been cancelled

Details

fix(ssh): use spawn-owned key + IdentitiesOnly to fix MaxAuthTries flood (#3401 )

When a user has multiple SSH keys loaded in ssh-agent, OpenSSH offers them
all before the -i keys we pass. With sshd's default MaxAuthTries=6, the
auth flood causes "Permission denied (publickey)" before our key is even
tried — observed by Chris on hermes/digitalocean.

Two changes:

1. Add IdentitiesOnly=yes to SSH_BASE_OPTS and SSH_INTERACTIVE_OPTS so ssh
   ignores agent-loaded identities and only tries the explicit -i keys.

2. Refactor ssh-keys.ts to a spawn-owned key (~/.ssh/spawn_ed25519):
   - getSpawnKey() ensures it exists, generated on first use
   - new VMs are provisioned with ONLY the spawn key (DO/Hetzner/AWS/GCP)
   - the user's personal keys never get registered with cloud providers
     (a privacy win — fixes Alex's dad scenario where personal keys were
     uploaded to a fresh DO account on first run)
   - ensureSshKeys() returns [spawnKey, ...legacy] capped at 3 — pre-existing
     id_ed25519/id_rsa/id_ecdsa stay as -i fallbacks so droplets provisioned
     by older Spawn versions remain SSH-reachable

Reconnect hints across all clouds now print `ssh -i ~/.ssh/spawn_ed25519`
since the custom filename isn't auto-tried by bare `ssh root@<ip>`.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-10 11:40:48 -07:00

cli

fix(ssh): use spawn-owned key + IdentitiesOnly to fix MaxAuthTries flood (#3401 )

2026-05-10 11:40:48 -07:00

shared

fix: rethrow normalized Error in tryCatchIf/asyncTryCatchIf (#2930 )

2026-03-23 19:33:05 -07:00