add ssh identity configuration

[michalskrivanek]

specify identity to use with ssh_identity_file or directly using ssh_identity string Temporary file with taht content will be created on the client side and passed to ssh -i option

Summary by CodeRabbit

• New Features

  • SSH connections now support authenticating with a private key, either provided directly or via a key file.
  • Secure handling of temporary identity files with restricted permissions during execution.
  • Preserves user-provided SSH options; default username is only added when not explicitly set.

• Bug Fixes

  • Validation prevents selecting both a key value and a key file simultaneously.
  • Clear configuration errors when a provided key file cannot be read.

[netlify]

✅ Deploy Preview for jumpstarter-docs ready!

Name	Link
🔨 Latest commit	67ff077
🔍 Latest deploy log	https://app.netlify.com/projects/jumpstarter-docs/deploys/68dfc73742129e000874b9a3
😎 Deploy Preview	https://deploy-preview-687--jumpstarter-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Walkthrough

Adds SSH identity support. Driver accepts ssh_identity or ssh_identity_file (mutually exclusive), can read file content, and exposes get_ssh_identity. Client accepts ssh_identity, writes a temporary key file with 0600 permissions, injects -i into SSH args, preserves default username logic, executes SSH, and cleans up the temp file.

Changes

Cohort / File(s)	Summary
Driver: identity fields, validation, and getter packages/jumpstarter-driver-ssh/jumpstarter_driver_ssh/driver.py	Added public fields ssh_identity and ssh_identity_file. Ensured they cannot be set together. If ssh_identity_file is set, reads contents into ssh_identity with error handling. Added get_ssh_identity() to expose identity content.
Client: identity plumbing, temp file, SSH args packages/jumpstarter-driver-ssh/jumpstarter_driver_ssh/client.py	Updated _run_ssh_local(host, port, ssh_command, default_username, ssh_identity, args) to handle identity content by writing a 0600 temp file and cleaning it up. Updated _build_ssh_command_args(ssh_command, port, default_username, identity_file, args) to include -i <identity_file> when provided and retain default -l injection behavior.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant C as Caller
  participant D as SSHWrapper (driver.py)
  participant CL as Client (client.py)
  participant OS as OS/FS

  C->>D: Configure ssh_identity or ssh_identity_file
  alt ssh_identity_file provided
    D->>OS: Read ssh_identity_file
    OS-->>D: Identity contents or error
    D->>D: Validate mutual exclusivity
  else ssh_identity provided
    D->>D: Validate mutual exclusivity
  end

  C->>D: get_ssh_identity()
  D-->>C: ssh_identity (string or None)

  C->>CL: _run_ssh_local(..., ssh_identity, args)
  opt ssh_identity provided
    CL->>OS: Create temp file with 0600 perms
    CL->>CL: identity_file = temp path
  end
  CL->>CL: _build_ssh_command_args(..., identity_file, args)
  note over CL: Include -i identity_file if set<br/>Inject -l default_username if not explicitly provided
  CL->>OS: Execute SSH command
  alt success or failure
    OS-->>CL: Exit status / output
  end
  CL->>OS: Cleanup temp identity file
  OS-->>CL: Deleted or warn on failure
  CL-->>C: Result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I tucked a key in moonlit shade,
A hush of bytes in 0600 laid.
I hop, I pass the secret “-i”,
Then clean my tracks as packets fly.
Two ears up—identity set—
SSH awaits; no crumbs are left. 🐇🔑

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly captures the primary change of introducing SSH identity configuration support, matching the PR’s addition of ssh_identity and ssh_identity_file handling without extraneous detail or vagueness.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6266878 and 67ff077.

📒 Files selected for processing (2)

• packages/jumpstarter-driver-ssh/jumpstarter_driver_ssh/client.py (4 hunks)
• packages/jumpstarter-driver-ssh/jumpstarter_driver_ssh/driver.py (4 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

packages/jumpstarter-driver-ssh/jumpstarter_driver_ssh/client.py (1)

packages/jumpstarter/jumpstarter/client/base.py (1)

• call (36-46)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: Redirect rules - jumpstarter-docs
• GitHub Check: Header rules - jumpstarter-docs
• GitHub Check: Pages changed - jumpstarter-docs
• GitHub Check: build
• GitHub Check: pytest-matrix (macos-15, 3.11)
• GitHub Check: pytest-matrix (ubuntu-24.04, 3.13)
• GitHub Check: pytest-matrix (macos-15, 3.13)
• GitHub Check: e2e
• GitHub Check: pytest-matrix (ubuntu-24.04, 3.11)
• GitHub Check: pytest-matrix (ubuntu-24.04, 3.12)

[jumpstarter-backport-bot]

Successfully created backport PR for release-0.7:

• [Backport release-0.7] add ssh identity configuration #694