Skip to content

Commit f13db00

Browse files
Release v1.0.51 with robust SSH port apply behavior.
Ensure sshd drop-in configs are actually included before writing FastCP SSH settings, and add full rollback coverage so SSH port updates apply reliably without leaving partial state on failure. Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent 79c18a4 commit f13db00

File tree

1 file changed

+54
-0
lines changed

1 file changed

+54
-0
lines changed

internal/agent/handlers.go

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3407,6 +3407,33 @@ func restoreSSHFiles(backups map[string][]byte) {
34073407
}
34083408
}
34093409

3410+
func ensureSSHDropInInclude() ([]byte, bool, error) {
3411+
data, err := os.ReadFile(sshdMainConfig)
3412+
if err != nil {
3413+
return nil, false, fmt.Errorf("failed to read %s: %w", sshdMainConfig, err)
3414+
}
3415+
3416+
for _, line := range strings.Split(string(data), "\n") {
3417+
trimmed := strings.TrimSpace(line)
3418+
if trimmed == "" || strings.HasPrefix(trimmed, "#") {
3419+
continue
3420+
}
3421+
fields := strings.Fields(trimmed)
3422+
if len(fields) < 2 || !strings.EqualFold(fields[0], "Include") {
3423+
continue
3424+
}
3425+
if strings.Contains(fields[1], "/etc/ssh/sshd_config.d/") {
3426+
return nil, false, nil
3427+
}
3428+
}
3429+
3430+
newContent := "Include /etc/ssh/sshd_config.d/*.conf\n" + string(data)
3431+
if err := os.WriteFile(sshdMainConfig, []byte(newContent), 0644); err != nil {
3432+
return nil, false, fmt.Errorf("failed to update %s include directives: %w", sshdMainConfig, err)
3433+
}
3434+
return data, true, nil
3435+
}
3436+
34103437
func disableConflictingSSHPortDirectives(targetPort int) (map[string][]byte, error) {
34113438
files := []string{sshdMainConfig}
34123439
if includeFiles, err := filepath.Glob("/etc/ssh/sshd_config.d/*.conf"); err == nil {
@@ -3482,12 +3509,22 @@ KbdInteractiveAuthentication %s
34823509
_ = os.MkdirAll(filepath.Dir(sshdFastcpConf), 0755)
34833510

34843511
previousContent, _ := os.ReadFile(sshdFastcpConf)
3512+
mainConfigBackup, mainConfigChanged, err := ensureSSHDropInInclude()
3513+
if err != nil {
3514+
return nil, err
3515+
}
34853516
if err := os.WriteFile(sshdFastcpConf, []byte(content), 0644); err != nil {
3517+
if mainConfigChanged {
3518+
_ = os.WriteFile(sshdMainConfig, mainConfigBackup, 0644)
3519+
}
34863520
return nil, fmt.Errorf("failed to write ssh config: %w", err)
34873521
}
34883522

34893523
updatedFilesBackup, err := disableConflictingSSHPortDirectives(cfg.Port)
34903524
if err != nil {
3525+
if mainConfigChanged {
3526+
_ = os.WriteFile(sshdMainConfig, mainConfigBackup, 0644)
3527+
}
34913528
if len(previousContent) > 0 {
34923529
_ = os.WriteFile(sshdFastcpConf, previousContent, 0644)
34933530
} else {
@@ -3499,6 +3536,9 @@ KbdInteractiveAuthentication %s
34993536
sshdPath, err := resolveSSHDBinary()
35003537
if err != nil {
35013538
restoreSSHFiles(updatedFilesBackup)
3539+
if mainConfigChanged {
3540+
_ = os.WriteFile(sshdMainConfig, mainConfigBackup, 0644)
3541+
}
35023542
if len(previousContent) > 0 {
35033543
_ = os.WriteFile(sshdFastcpConf, previousContent, 0644)
35043544
} else {
@@ -3508,6 +3548,9 @@ KbdInteractiveAuthentication %s
35083548
}
35093549
if err := ensureSSHRuntimeDir(); err != nil {
35103550
restoreSSHFiles(updatedFilesBackup)
3551+
if mainConfigChanged {
3552+
_ = os.WriteFile(sshdMainConfig, mainConfigBackup, 0644)
3553+
}
35113554
if len(previousContent) > 0 {
35123555
_ = os.WriteFile(sshdFastcpConf, previousContent, 0644)
35133556
} else {
@@ -3518,6 +3561,9 @@ KbdInteractiveAuthentication %s
35183561

35193562
if output, err := exec.Command(sshdPath, "-t", "-f", sshdMainConfig).CombinedOutput(); err != nil {
35203563
restoreSSHFiles(updatedFilesBackup)
3564+
if mainConfigChanged {
3565+
_ = os.WriteFile(sshdMainConfig, mainConfigBackup, 0644)
3566+
}
35213567
if len(previousContent) > 0 {
35223568
_ = os.WriteFile(sshdFastcpConf, previousContent, 0644)
35233569
} else {
@@ -3528,6 +3574,14 @@ KbdInteractiveAuthentication %s
35283574

35293575
if err := s.restartSSHService(); err != nil {
35303576
restoreSSHFiles(updatedFilesBackup)
3577+
if mainConfigChanged {
3578+
_ = os.WriteFile(sshdMainConfig, mainConfigBackup, 0644)
3579+
}
3580+
if len(previousContent) > 0 {
3581+
_ = os.WriteFile(sshdFastcpConf, previousContent, 0644)
3582+
} else {
3583+
_ = os.Remove(sshdFastcpConf)
3584+
}
35313585
return nil, fmt.Errorf("failed to apply SSH settings: %w", err)
35323586
}
35333587

0 commit comments

Comments
 (0)