feat: read ssh setting from .ssh/config

Author: tianzhou

CLAUDE.md

@@ -91,9 +91,12 @@ DBHub supports SSH tunnels for secure database connections through bastion hosts
 
 - Configuration via command-line options: `--ssh-host`, `--ssh-port`, `--ssh-user`, `--ssh-password`, `--ssh-key`, `--ssh-passphrase`
 - Configuration via environment variables: `SSH_HOST`, `SSH_PORT`, `SSH_USER`, `SSH_PASSWORD`, `SSH_KEY`, `SSH_PASSPHRASE`
+- SSH config file support: Automatically reads from `~/.ssh/config` when using host aliases
 - Implementation in `src/utils/ssh-tunnel.ts` using the `ssh2` library
+- SSH config parsing in `src/utils/ssh-config-parser.ts` using the `ssh-config` library
 - Automatic tunnel establishment when SSH config is detected
 - Support for both password and key-based authentication
+- Default SSH key detection (tries `~/.ssh/id_rsa`, `~/.ssh/id_ed25519`, etc.)
 - Tunnel lifecycle managed by `ConnectorManager`
 
 ## Code Style

README.md

@@ -217,6 +217,24 @@ postgres://user:password@localhost:5432/dbname
 
 DBHub supports connecting to databases through SSH tunnels, enabling secure access to databases in private networks or behind firewalls.
 
+#### Using SSH Config File (Recommended)
+
+DBHub can read SSH connection settings from your `~/.ssh/config` file. Simply use the host alias from your SSH config:
+
+```bash
+# If you have this in ~/.ssh/config:
+# Host mybastion
+#   HostName bastion.example.com
+#   User ubuntu
+#   IdentityFile ~/.ssh/id_rsa
+
+npx @bytebase/dbhub \
+  --dsn "postgres://dbuser:dbpass@database.internal:5432/mydb" \
+  --ssh-host mybastion
+```
+
+DBHub will automatically use the settings from your SSH config, including hostname, user, port, and identity file. If no identity file is specified in the config, DBHub will try common default locations (`~/.ssh/id_rsa`, `~/.ssh/id_ed25519`, etc.).
+
 #### SSH with Password Authentication
 
 ```bash

package.json

@@ -36,6 +36,7 @@
     "mssql": "^11.0.1",
     "mysql2": "^3.13.0",
     "pg": "^8.13.3",
+    "ssh-config": "^5.0.3",
     "ssh2": "^1.16.0",
     "zod": "^3.24.2"
   },

pnpm-lock.yaml

@@ -0,0 +1,133 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+import { resolveSSHConfig } from '../env.js';
+import * as sshConfigParser from '../../utils/ssh-config-parser.js';
+
+// Mock the ssh-config-parser module
+vi.mock('../../utils/ssh-config-parser.js', () => ({
+  parseSSHConfig: vi.fn(),
+  looksLikeSSHAlias: vi.fn()
+}));
+
+describe('SSH Config Integration', () => {
+  let originalArgs: string[];
+  
+  beforeEach(() => {
+    // Save original values
+    originalArgs = process.argv;
+    
+    // Clear mocks
+    vi.clearAllMocks();
+  });
+  
+  afterEach(() => {
+    // Restore original values
+    process.argv = originalArgs;
+    
+    // Clear any environment variables
+    delete process.env.SSH_HOST;
+    delete process.env.SSH_USER;
+    delete process.env.SSH_PORT;
+    delete process.env.SSH_KEY;
+    delete process.env.SSH_PASSWORD;
+  });
+  
+  it('should resolve SSH config from host alias', () => {
+    // Mock the SSH config parser
+    vi.mocked(sshConfigParser.looksLikeSSHAlias).mockReturnValue(true);
+    vi.mocked(sshConfigParser.parseSSHConfig).mockReturnValue({
+      host: 'bastion.example.com',
+      username: 'ubuntu',
+      port: 2222,
+      privateKey: '/home/user/.ssh/id_rsa'
+    });
+    
+    // Simulate command line args
+    process.argv = ['node', 'index.js', '--ssh-host=mybastion'];
+    
+    const result = resolveSSHConfig();
+    
+    expect(result).not.toBeNull();
+    expect(result?.config).toMatchObject({
+      host: 'bastion.example.com',
+      username: 'ubuntu',
+      port: 2222,
+      privateKey: '/home/user/.ssh/id_rsa'
+    });
+    expect(result?.source).toContain('SSH config for host \'mybastion\'');
+  });
+  
+  it('should allow command line to override SSH config values', () => {
+    // Mock the SSH config parser
+    vi.mocked(sshConfigParser.looksLikeSSHAlias).mockReturnValue(true);
+    vi.mocked(sshConfigParser.parseSSHConfig).mockReturnValue({
+      host: 'bastion.example.com',
+      username: 'ubuntu',
+      port: 2222,
+      privateKey: '/home/user/.ssh/id_rsa'
+    });
+    
+    // Simulate command line args with override
+    process.argv = ['node', 'index.js', '--ssh-host=mybastion', '--ssh-user=override-user'];
+    
+    const result = resolveSSHConfig();
+    
+    expect(result).not.toBeNull();
+    expect(result?.config).toMatchObject({
+      host: 'bastion.example.com',
+      username: 'override-user', // Command line overrides config
+      port: 2222,
+      privateKey: '/home/user/.ssh/id_rsa'
+    });
+  });
+  
+  it('should work with environment variables', () => {
+    // Mock the SSH config parser
+    vi.mocked(sshConfigParser.looksLikeSSHAlias).mockReturnValue(true);
+    vi.mocked(sshConfigParser.parseSSHConfig).mockReturnValue({
+      host: 'bastion.example.com',
+      username: 'ubuntu',
+      port: 2222,
+      privateKey: '/home/user/.ssh/id_rsa'
+    });
+    
+    process.env.SSH_HOST = 'mybastion';
+    
+    const result = resolveSSHConfig();
+    
+    expect(result).not.toBeNull();
+    expect(result?.config).toMatchObject({
+      host: 'bastion.example.com',
+      username: 'ubuntu',
+      port: 2222,
+      privateKey: '/home/user/.ssh/id_rsa'
+    });
+  });
+  
+  it('should not use SSH config for direct hostnames', () => {
+    // Mock the SSH config parser
+    vi.mocked(sshConfigParser.looksLikeSSHAlias).mockReturnValue(false);
+    
+    process.argv = ['node', 'index.js', '--ssh-host=direct.example.com', '--ssh-user=myuser', '--ssh-password=mypass'];
+    
+    const result = resolveSSHConfig();
+    
+    expect(result).not.toBeNull();
+    expect(result?.config).toMatchObject({
+      host: 'direct.example.com',
+      username: 'myuser',
+      password: 'mypass'
+    });
+    expect(result?.source).not.toContain('SSH config');
+    expect(sshConfigParser.parseSSHConfig).not.toHaveBeenCalled();
+  });
+  
+  it('should require SSH user when only host is provided', () => {
+    // Mock the SSH config parser to return null (no config found)
+    vi.mocked(sshConfigParser.looksLikeSSHAlias).mockReturnValue(true);
+    vi.mocked(sshConfigParser.parseSSHConfig).mockReturnValue(null);
+    
+    process.argv = ['node', 'index.js', '--ssh-host=unknown-host'];
+    
+    expect(() => resolveSSHConfig()).toThrow('SSH tunnel configuration requires at least --ssh-host and --ssh-user');
+  });
+});

src/config/__tests__/ssh-config-integration.test.ts

@@ -3,6 +3,7 @@ import path from "path";
 import fs from "fs";
 import { fileURLToPath } from "url";
 import type { SSHTunnelConfig } from "../types/ssh.js";
+import { parseSSHConfig, looksLikeSSHAlias } from "../utils/ssh-config-parser.js";
 
 // Create __dirname equivalent for ES modules
 const __filename = fileURLToPath(import.meta.url);
@@ -229,18 +230,34 @@ export function resolveSSHConfig(): { config: SSHTunnelConfig; source: string }
   }
 
   // Build SSH config from command line and environment variables
-  const config: Partial<SSHTunnelConfig> = {};
+  let config: Partial<SSHTunnelConfig> = {};
   let sources: string[] = [];
+  let sshConfigHost: string | undefined;
 
   // SSH Host (required)
   if (args["ssh-host"]) {
+    sshConfigHost = args["ssh-host"];
     config.host = args["ssh-host"];
     sources.push("ssh-host from command line");
   } else if (process.env.SSH_HOST) {
+    sshConfigHost = process.env.SSH_HOST;
     config.host = process.env.SSH_HOST;
     sources.push("SSH_HOST from environment");
   }
 
+  // Check if the host looks like an SSH config alias
+  if (sshConfigHost && looksLikeSSHAlias(sshConfigHost)) {
+    // Try to parse SSH config for this host
+    const sshConfigData = parseSSHConfig(sshConfigHost);
+    if (sshConfigData) {
+      // Use SSH config as base, but allow command line/env to override
+      config = { ...sshConfigData };
+      sources.push(`SSH config for host '${sshConfigHost}'`);
+      
+      // The host from SSH config has already been set, no need to override
+    }
+  }
+
   // SSH Port (optional, default: 22)
   if (args["ssh-port"]) {
     config.port = parseInt(args["ssh-port"], 10);

src/config/env.ts

@@ -1,10 +1,11 @@
-import { describe, it, expect, beforeAll, afterAll } from 'vitest';
+import { describe, it, expect, beforeAll, afterAll, vi } from 'vitest';
 import { PostgreSqlContainer, StartedPostgreSqlContainer } from '@testcontainers/postgresql';
 import { PostgresConnector } from '../postgres/index.js';
 import { ConnectorManager } from '../manager.js';
 import { ConnectorRegistry } from '../interface.js';
 import { SSHTunnel } from '../../utils/ssh-tunnel.js';
 import type { SSHTunnelConfig } from '../../types/ssh.js';
+import * as sshConfigParser from '../../utils/ssh-config-parser.js';
 
 describe('PostgreSQL SSH Tunnel Simple Integration Tests', () => {
   let postgresContainer: StartedPostgreSqlContainer;
@@ -104,5 +105,117 @@ describe('PostgreSQL SSH Tunnel Simple Integration Tests', () => {
         delete process.env.SSH_USER;
       }
     });
+
+    it('should handle SSH config file resolution', async () => {
+      const manager = new ConnectorManager();
+      
+      // Mock the SSH config parser functions
+      const mockParseSSHConfig = vi.spyOn(sshConfigParser, 'parseSSHConfig');
+      const mockLooksLikeSSHAlias = vi.spyOn(sshConfigParser, 'looksLikeSSHAlias');
+      
+      // Spy on the SSH tunnel establish method to verify the config values
+      const mockSSHTunnelEstablish = vi.spyOn(SSHTunnel.prototype, 'establish');
+      
+      try {
+        // Configure mocks to simulate SSH config file lookup with specific values
+        mockLooksLikeSSHAlias.mockReturnValue(true);
+        mockParseSSHConfig.mockReturnValue({
+          host: 'bastion.example.com',
+          username: 'sshuser',
+          port: 2222,
+          privateKey: '/home/user/.ssh/id_rsa'
+        });
+        
+        // Mock SSH tunnel establish to capture the config and prevent actual connection
+        mockSSHTunnelEstablish.mockRejectedValue(new Error('SSH connection failed (expected in test)'));
+        
+        // Set SSH host alias (would normally come from command line)
+        process.env.SSH_HOST = 'mybastion';
+        
+        const dsn = postgresContainer.getConnectionUri();
+        
+        // This should fail during SSH connection (expected), but we can verify the config parsing
+        await expect(manager.connectWithDSN(dsn)).rejects.toThrow();
+        
+        // Verify that SSH config parsing functions were called correctly
+        expect(mockLooksLikeSSHAlias).toHaveBeenCalledWith('mybastion');
+        expect(mockParseSSHConfig).toHaveBeenCalledWith('mybastion');
+        
+        // Verify that SSH tunnel was attempted with the correct config values from SSH config
+        expect(mockSSHTunnelEstablish).toHaveBeenCalledTimes(1);
+        const sshTunnelCall = mockSSHTunnelEstablish.mock.calls[0];
+        const [sshConfig, tunnelOptions] = sshTunnelCall;
+        
+        // Debug: Log the actual values being passed (for verification)
+        // SSH Config should contain the values from our mocked SSH config file
+        // Tunnel Options should contain database connection details from the container DSN
+        
+        // Verify SSH config values were properly resolved from the SSH config file
+        expect(sshConfig).toMatchObject({
+          host: 'bastion.example.com',    // Should use HostName from SSH config
+          username: 'sshuser',           // Should use User from SSH config  
+          port: 2222,                    // Should use Port from SSH config
+          privateKey: '/home/user/.ssh/id_rsa' // Should use IdentityFile from SSH config
+        });
+        
+        // Verify tunnel options are correctly set up for the database connection
+        expect(tunnelOptions).toMatchObject({
+          targetHost: expect.any(String), // Database host from DSN
+          targetPort: expect.any(Number)  // Database port from DSN
+        });
+        
+        // The localPort might be undefined for dynamic allocation, so check separately if it exists
+        if (tunnelOptions.localPort !== undefined) {
+          expect(typeof tunnelOptions.localPort).toBe('number');
+        }
+        
+        // Verify that the target database details from the DSN are preserved
+        const originalDsnUrl = new URL(dsn);
+        expect(tunnelOptions.targetHost).toBe(originalDsnUrl.hostname);
+        expect(tunnelOptions.targetPort).toBe(parseInt(originalDsnUrl.port));
+        
+      } finally {
+        // Clean up
+        delete process.env.SSH_HOST;
+        mockParseSSHConfig.mockRestore();
+        mockLooksLikeSSHAlias.mockRestore();
+        mockSSHTunnelEstablish.mockRestore();
+      }
+    });
+
+    it('should skip SSH config lookup for direct hostnames', async () => {
+      const manager = new ConnectorManager();
+      
+      // Mock the SSH config parser functions
+      const mockParseSSHConfig = vi.spyOn(sshConfigParser, 'parseSSHConfig');
+      const mockLooksLikeSSHAlias = vi.spyOn(sshConfigParser, 'looksLikeSSHAlias');
+      
+      try {
+        // Configure mocks - direct hostname should not trigger SSH config lookup
+        mockLooksLikeSSHAlias.mockReturnValue(false);
+        
+        // Set a direct hostname with required SSH credentials
+        process.env.SSH_HOST = 'ssh.example.com';
+        process.env.SSH_USER = 'sshuser';
+        process.env.SSH_PASSWORD = 'sshpass';
+        
+        const dsn = postgresContainer.getConnectionUri();
+        
+        // This should fail during actual SSH connection, but we can verify the parsing behavior
+        await expect(manager.connectWithDSN(dsn)).rejects.toThrow();
+        
+        // Verify that SSH config parsing was checked but not executed
+        expect(mockLooksLikeSSHAlias).toHaveBeenCalledWith('ssh.example.com');
+        expect(mockParseSSHConfig).not.toHaveBeenCalled();
+        
+      } finally {
+        // Clean up
+        delete process.env.SSH_HOST;
+        delete process.env.SSH_USER;
+        delete process.env.SSH_PASSWORD;
+        mockParseSSHConfig.mockRestore();
+        mockLooksLikeSSHAlias.mockRestore();
+      }
+    });
   });
 });