Fix SSH key symlink creating nested .ssh directory

[dfederm]

Fixes #1066

When the init-user script runs, it creates a symlink from ~/.ssh to /data/.ssh (the persistent storage location). However, if ~/.ssh already exists as a real directory (not a symlink), the ln -sn command places the symlink inside that directory, resulting in ~/.ssh/.ssh -> /data/.ssh instead of the intended ~/.ssh -> /data/.ssh. The -n flag only prevents following an existing symlink at the target; it does not prevent ln from placing the new link inside an existing real directory.

This causes SSH authentication to fail because ssh looks for keys in ~/.ssh/ (the real directory) rather than in /data/.ssh/ where the keys actually reside. Users had to manually run ssh-add or copy keys from ~/.ssh/.ssh/ back into ~/.ssh/ as a workaround.

The fix removes ~/.ssh if it exists as a real directory (not a symlink) before creating the symlink. This ensures the symlink is always created correctly as ~/.ssh -> /data/.ssh regardless of prior state.

Summary by CodeRabbit

• Bug Fixes
  • Fixed SSH initialization to prevent failures when existing SSH configuration conflicts with the expected setup.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

Walkthrough

Adds a pre-flight check to remove an existing non-symlink ~/.ssh directory before attempting to create a symlink to the persistent SSH folder. This prevents conflicts during initialization when a directory already occupies the target symlink location. The change is isolated to the initialization script with no behavioral modifications elsewhere.

Changes

Cohort / File(s)	Summary
SSH Directory Initialization vscode/rootfs/etc/s6-overlay/s6-rc.d/init-user/run	Adds guard condition to remove non-symlink ~/.ssh directory before creating symlink to persistent SSH path, preventing initialization conflicts.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• init-user: Safeguarded linking directories and files #922 — Modifies the same init-user script to handle ~/.ssh symlinking with alternative approaches using ln -n and softer error handling.
• Add back symbolic link to /homeassistant for customized workspaces #874 — Updates the same init-user/run script to manage user SSH persistence and directory linking infrastructure.

Suggested labels

bugfix

Suggested reviewers

• frenck

Poem

🐰 A symlink blocked by a folder bold,
So we sweep it away, both fierce and cold!
Now SSH keys shall flow with grace,
Through persistent paths to their rightful place.
Git authentication restored once more! 🔐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main fix: preventing nested .ssh directory creation when symlinking persistent SSH storage.
Linked Issues check	✅ Passed	The code change directly addresses issue #1066 by removing existing ~/.ssh directories before symlinking, ensuring SSH keys in /data/.ssh are accessible without manual workarounds.
Out of Scope Changes check	✅ Passed	The change is narrowly scoped to fixing the SSH symlink issue; it only adds a guard to remove conflicting directories before creating the symlink, with no unrelated modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dfederm]

Gently paging @frenck

[dfederm]

@frenck ?

[dfederm]

This is a small change that fixes a bug which makes the add-on borderline unusable.

@frenck?

[EdeVriesCVE]

this pr is currently failing a check. it needs a label added, such as "breaking-change, bugfix, documentation, enhancement, refactor, performance, new-feature, maintenance, ci, dependencies, translations"

[dfederm]

@EdeVriesCVE I don't have permissions to add a label to the PR as I'm not a maintainer of the repo.