Description
Wave Terminal's Go SSH client fails to find host keys in ~/.ssh/known_hosts for connections on non-standard ports, even when the key is correctly present in [host]:port format. Additionally, ProxyCommand and StrictHostKeyChecking directives from ~/.ssh/config are not supported, making it very difficult to connect to HPC/SLURM compute nodes.
Environment
- OS: macOS (Darwin arm64)
- Wave: Latest stable (Electron 41.1.0, wavesrv arm64)
- Connection: SSH tunnel to HPC compute node via
ssh -L 127.0.0.1:22222:<node>:<port> bastion
Bug 1: knownhosts: key is unknown despite key being present
Steps to reproduce
- Set up an SSH tunnel:
ssh -N -L 127.0.0.1:22222:<remote>:<port> bastion
- Add host key:
ssh-keyscan -p 22222 127.0.0.1 >> ~/.ssh/known_hosts
- Verify key is found:
ssh-keygen -F "[127.0.0.1]:22222" → found, line 66
- Verify system SSH works:
ssh -p 22222 user@127.0.0.1 → connects successfully
- Configure
connections.json:
{
"user@127.0.0.1:22222": {
"conn:wshenabled": false,
"ssh:identityfile": ["~/.ssh/id_rsa"]
}
}
- Connect in Wave → fails
Expected behavior
Wave should find the key in ~/.ssh/known_hosts in the standard [127.0.0.1]:22222 ssh-ed25519 AAAA... format.
Actual behavior
error: Connecting to user@127.0.0.1:22222, Error: ssh: handshake failed: knownhosts: key is unknown
From waveapp.log:
[conn:user@127.0.0.1:22222] ERROR [auth-failed] Connecting to user@127.0.0.1:22222, Error: ssh: handshake failed: knownhosts: key is unknown
Wave never shows a prompt to accept the key — it just fails immediately.
Bug 2: ProxyCommand not supported
Related to #1868. SSH config entries using ProxyCommand (common for HPC/SLURM dynamic compute nodes) are silently ignored. Wave shows these hosts in the connection dropdown but never establishes an SSH session — the blockcontroller immediately reports ShellProcStatus:"done" with no SSH-NEWSESSION event.
The workaround of using a local port-forward tunnel + connections.json with explicit ssh:hostname/ssh:port is blocked by Bug 1 above.
Bug 3: StrictHostKeyChecking not respected
Related to #1880. Wave ignores StrictHostKeyChecking no and UserKnownHostsFile /dev/null from ~/.ssh/config. For environments with dynamic hosts (SLURM compute nodes, cloud instances), this makes Wave's SSH connection system unusable since host keys change frequently.
Impact
These three issues together make it impossible to use Wave's SSH connection system with HPC clusters that use dynamic compute node allocation (SLURM, PBS, etc.). The only workaround is typing ssh <host> in a local Wave terminal, which loses all wsh remote features.
Workaround attempted
- Local SSH tunnel +
connections.json with ssh:hostname: 127.0.0.1, ssh:port: 22222 → blocked by Bug 1
StrictHostKeyChecking no in SSH config → ignored (Bug 3)conn:ignoresshconfig: true with all settings in connections.json → still fails on knownhosts- Pre-populating
~/.ssh/known_hosts with ssh-keyscan → still fails (Bug 1)
Description
Wave Terminal's Go SSH client fails to find host keys in
~/.ssh/known_hostsfor connections on non-standard ports, even when the key is correctly present in[host]:portformat. Additionally,ProxyCommandandStrictHostKeyCheckingdirectives from~/.ssh/configare not supported, making it very difficult to connect to HPC/SLURM compute nodes.Environment
ssh -L 127.0.0.1:22222:<node>:<port> bastionBug 1:
knownhosts: key is unknowndespite key being presentSteps to reproduce
ssh -N -L 127.0.0.1:22222:<remote>:<port> bastionssh-keyscan -p 22222 127.0.0.1 >> ~/.ssh/known_hostsssh-keygen -F "[127.0.0.1]:22222"→ found, line 66ssh -p 22222 user@127.0.0.1→ connects successfullyconnections.json:{ "user@127.0.0.1:22222": { "conn:wshenabled": false, "ssh:identityfile": ["~/.ssh/id_rsa"] } }Expected behavior
Wave should find the key in
~/.ssh/known_hostsin the standard[127.0.0.1]:22222 ssh-ed25519 AAAA...format.Actual behavior
From
waveapp.log:Wave never shows a prompt to accept the key — it just fails immediately.
Bug 2: ProxyCommand not supported
Related to #1868. SSH config entries using
ProxyCommand(common for HPC/SLURM dynamic compute nodes) are silently ignored. Wave shows these hosts in the connection dropdown but never establishes an SSH session — the blockcontroller immediately reportsShellProcStatus:"done"with noSSH-NEWSESSIONevent.The workaround of using a local port-forward tunnel +
connections.jsonwith explicitssh:hostname/ssh:portis blocked by Bug 1 above.Bug 3:
StrictHostKeyCheckingnot respectedRelated to #1880. Wave ignores
StrictHostKeyChecking noandUserKnownHostsFile /dev/nullfrom~/.ssh/config. For environments with dynamic hosts (SLURM compute nodes, cloud instances), this makes Wave's SSH connection system unusable since host keys change frequently.Impact
These three issues together make it impossible to use Wave's SSH connection system with HPC clusters that use dynamic compute node allocation (SLURM, PBS, etc.). The only workaround is typing
ssh <host>in a local Wave terminal, which loses all wsh remote features.Workaround attempted
connections.jsonwithssh:hostname: 127.0.0.1,ssh:port: 22222→ blocked by Bug 1StrictHostKeyChecking noin SSH config → ignored (Bug 3)conn:ignoresshconfig: truewith all settings inconnections.json→ still fails on knownhosts~/.ssh/known_hostswithssh-keyscan→ still fails (Bug 1)