fix(ssh): remove unreachable code in connectOrDie, wrap last error (#655)

ArangoGutierrez · web-flow · commit 39dc65407827 · 2026-02-13T18:52:12.000+01:00
After the retry loop, connectionFailed is always true, making the final return statement unreachable. Simplify to unconditionally return the error after the loop. Also wrap the last dial error with %w so callers see the root cause (e.g. 'connection refused'). Audit findings #5 (HIGH), #6 (HIGH), #27 (LOW). Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
diff --git a/cmd/cli/dryrun/dryrun.go b/cmd/cli/dryrun/dryrun.go
@@ -147,22 +147,16 @@ func connectOrDie(keyPath, userName, hostUrl string) error {
 		HostKeyCallback: sshutil.TOFUHostKeyCallback(),
 	}
 
-	connectionFailed := false
+	var lastErr error
 	for range 20 {
 		client, err := ssh.Dial("tcp", hostUrl+":22", sshConfig)
 		if err == nil {
-			client.Close() // nolint:errcheck, gosec
-			return nil     // Connection succeeded,
+			_ = client.Close()
+			return nil
 		}
-		connectionFailed = true
-		// Sleep for a brief moment before retrying.
-		// You can adjust the duration based on your requirements.
+		lastErr = err
 		time.Sleep(1 * time.Second)
 	}
 
-	if connectionFailed {
-		return fmt.Errorf("failed to connect to %s", hostUrl)
-	}
-
-	return nil
+	return fmt.Errorf("failed to connect to %s after 20 retries: %w", hostUrl, lastErr)
 }
diff --git a/pkg/provisioner/provisioner.go b/pkg/provisioner/provisioner.go
@@ -464,20 +464,13 @@ func connectOrDie(keyPath, userName, hostUrl string) (*ssh.Client, error) {
 		HostKeyCallback: sshutil.TOFUHostKeyCallback(),
 	}
 
-	connectionFailed := false
 	for range sshMaxRetries {
 		client, err = ssh.Dial("tcp", hostUrl+":22", sshConfig)
 		if err == nil {
-			return client, nil // Connection succeeded, return the client.
+			return client, nil
 		}
-		connectionFailed = true
-		// Brief delay before retrying.
 		time.Sleep(sshRetryDelay)
 	}
 
-	if connectionFailed {
-		return nil, fmt.Errorf("failed to connect to %s after %d retries, giving up", hostUrl, sshMaxRetries)
-	}
-
-	return client, nil
+	return nil, fmt.Errorf("failed to connect to %s after %d retries: %w", hostUrl, sshMaxRetries, err)
 }

Original file line number	Diff line number	Diff line change
`@@ -464,20 +464,13 @@ func connectOrDie(keyPath, userName, hostUrl string) (*ssh.Client, error) {`
`464`	`464`	`HostKeyCallback: sshutil.TOFUHostKeyCallback(),`
`465`	`465`	`}`
`466`	`466`
`467`		`- connectionFailed := false`
`468`	`467`	`for range sshMaxRetries {`
`469`	`468`	`client, err = ssh.Dial("tcp", hostUrl+":22", sshConfig)`
`470`	`469`	`if err == nil {`
`471`		`- return client, nil // Connection succeeded, return the client.`
	`470`	`+ return client, nil`
`472`	`471`	`}`
`473`		`- connectionFailed = true`
`474`		`- // Brief delay before retrying.`
`475`	`472`	`time.Sleep(sshRetryDelay)`
`476`	`473`	`}`
`477`	`474`
`478`		`- if connectionFailed {`
`479`		`- return nil, fmt.Errorf("failed to connect to %s after %d retries, giving up", hostUrl, sshMaxRetries)`
`480`		`- }`
`481`		`-`
`482`		`- return client, nil`
	`475`	`+ return nil, fmt.Errorf("failed to connect to %s after %d retries: %w", hostUrl, sshMaxRetries, err)`
`483`	`476`	`}`