/claim #7724

Summary

This patch hardens validateSshKey() so Coolify re-syncs the key file when it is missing, stale, or corrupted on the executing node.

Instead of raw-content assumptions, it compares public key fingerprints:

• expected fingerprint from DB key (PrivateKey::fingerprint fallback to computed)
• fingerprint from on-disk key content

If mismatch is detected:

1. Re-store key from DB to disk
2. Invalidate current server mux session so subsequent SSH uses the refreshed key

Why this approach

Issue #7724 reports sporadic Permission denied (publickey,password) symptoms consistent with stale per-node key files. This patch addresses that path directly while keeping scope small.

Compared to prior attempts, this version:

• avoids broad server iteration for mux invalidation
• refreshes only the current server context
• uses fingerprint comparison rather than plain content equality checks

Changes

• app/Helpers/SshMultiplexingHelper.php
  • validateSshKey(PrivateKey $privateKey, ?Server $server = null)
  • fingerprint-based stale file detection
  • targeted mux reset for current server when sync occurs
• tests/Unit/SshKeyFileSyncTest.php
  • missing key file is recreated
  • corrupted key file is repaired

Notes

I could not execute PHP tests in this environment because php is unavailable (php: command not found), but I added focused unit coverage for CI validation.