Fix vagrant SSH strict host key checking failure#6275
Merged
swissspidy merged 4 commits intomainfrom Mar 16, 2026
Merged
Conversation
github-actions
bot
added
bug
command:cli
When ssh: vagrant is configured and vagrant ssh-config is parsed, add -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null to the SSH command to match what vagrant itself sets. This prevents failures when the vagrant VM has been recreated and has a different host key than what is stored in ~/.ssh/known_hosts. Adds a Behat test scenario to verify the fix. Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] [BUG-123] Fix SSH vagrant fails due to strict host checking
Fix vagrant SSH strict host key checking failure
Mar 15, 2026
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes WP-CLI’s ssh: vagrant alias behavior by mirroring Vagrant’s SSH config that disables strict host key checking, preventing failures when the VM is recreated and the host key changes.
Changes:
- Track when SSH connection details were derived from
vagrant ssh-configand, in that case, add-o StrictHostKeyChecking=noand-o UserKnownHostsFile=/dev/nullto the generated SSH command. - Add a Behat scenario asserting the strict host checking options appear in the generated command for
ssh: vagrant.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
php/WP_CLI/Runner.php |
Adds a vagrant-derived flag and injects vagrant-like SSH options into the generated SSH command. |
features/aliases.feature |
Adds a scenario covering the vagrant strict host key checking behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
swissspidy
reviewed
Mar 16, 2026
swissspidy
approved these changes
Mar 16, 2026
swissspidy
added a commit
to apermo/wp-cli
that referenced
this pull request
Mar 16, 2026
* Initial plan * Fix vagrant SSH strict host key checking failure When ssh: vagrant is configured and vagrant ssh-config is parsed, add -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null to the SSH command to match what vagrant itself sets. This prevents failures when the vagrant VM has been recreated and has a different host key than what is stored in ~/.ssh/known_hosts. Adds a Behat test scenario to verify the fix. Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Apply suggestion from @swissspidy --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com> Co-authored-by: Pascal Birchler <pascalb@google.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
swissspidy
added a commit
that referenced
this pull request
Mar 16, 2026
…6270) * fix(context): resolve admin user dynamically Replace hardcoded user ID 1 fallback in Admin context with smart user resolution. On multisite, queries get_super_admins() to find a valid super admin. On single site, queries for the first user with the administrator role. Emits a clear error if no suitable user is found. Fixes #6269 * fix(context): optimize query and add test cases Use get_users() with login__in for single DB query instead of looping get_user_by(). Add single-site error case test. Replace wp super-admin commands with direct option manipulation in tests. * fix(context): fix linting issues Use single quotes for strings per PHPCS rules. Fix gherkin use-and lint violations by replacing consecutive When steps with And. * fix(context): address review feedback Revert multisite super admin lookup from get_users() back to foreach + get_user_by('login') loop because get_users() only fetches users on the current site but a super admin might not be a member of any site. Add debug logging after resolving admin user ID. * fix(context): use instanceof for type safety * Fix autoloader priority: locally installed packages now fully override phar-bundled versions (#6218) Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Pascal Birchler <pascalb@google.com> * Add environment variable configuration support to wp-cli.yml (#6169) Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Pascal Birchler <pascalb@google.com> * Autocomplete `--url` (#5704) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Pascal Birchler <pascalb@google.com> Co-authored-by: Pascal Birchler <pascal.birchler@gmail.com> * Add WP-CLI handbook link to `wp help` output (#6273) * Initial plan * Add WP-CLI handbook URL reference to wp help output Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com> * Update file(s) from wp-cli/.github * Update file(s) from wp-cli/.github * Fix SSH alias path not forwarded to remote when defined as a separate config key (#6274) * Initial plan * Fix SSH alias path not forwarded to remote when path is a separate config key Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com> * Fix: forward active alias to runcommand subprocess (#6272) Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix vagrant SSH strict host key checking failure (#6275) * Initial plan * Fix vagrant SSH strict host key checking failure When ssh: vagrant is configured and vagrant ssh-config is parsed, add -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null to the SSH command to match what vagrant itself sets. This prevents failures when the vagrant VM has been recreated and has a different host key than what is stored in ~/.ssh/known_hosts. Adds a Behat test scenario to verify the fix. Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Apply suggestion from @swissspidy --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com> Co-authored-by: Pascal Birchler <pascalb@google.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Add optional `$newline` parameter to `WP_CLI::log()` and `WP_CLI::line()` (#6276) * Initial plan * Add optional $newline parameter to WP_CLI::log(), WP_CLI::line(), and logger info() methods Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com> * Undo Base class change --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com> Co-authored-by: Pascal Birchler <pascalb@google.com> * Refactor: remove unused imports (#6277) * Harden some tests on macOS * Update tests --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: Pascal Birchler <pascalb@google.com> Co-authored-by: Ian Dunn <ian@iandunn.name> Co-authored-by: Pascal Birchler <pascal.birchler@gmail.com> Co-authored-by: swissspidy <swissspidy@users.noreply.github.com> Co-authored-by: Sören Wünsch <soerenwrede@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When
ssh: vagrantis configured, WP-CLI parsesvagrant ssh-configand builds a direct SSH command to the resolved host (typically127.0.0.1:2222). This breaks when the VM has been recreated or a different VM previously occupied the same loopback address, triggering SSH's "REMOTE HOST IDENTIFICATION HAS CHANGED!" error.Vagrant itself sets
StrictHostKeyChecking noandUserKnownHostsFile /dev/nullin itsssh-configoutput, but WP-CLI only consumed a subset of those values (HostName, Port, User, IdentityFile).Changes
php/WP_CLI/Runner.php: Introduces an$is_vagrant_sshflag, set when SSH connection details are derived fromvagrant ssh-config. Adds-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/nullto the SSH command args in that case, mirroring what vagrant itself specifies. Regular (non-vagrant) SSH connections are unaffected.features/aliases.feature: Adds a scenario asserting the strict host checking options appear in the generated command whenssh: vagrantis used.Generated command example (with
ssh: vagrantin wp-cli.yml):Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
example.com/usr/bin/php php vendor/bin/phpunit --color=always --bootstrap ./vendor/wp-cli/wp-cli-tests/tests/bootstrap.php(dns block)nosuchhost_asdf_asdf_asdf.com/usr/bin/php php vendor/bin/phpunit --color=always --bootstrap ./vendor/wp-cli/wp-cli-tests/tests/bootstrap.php(dns block)If you need me to access, download, or install something from one of these locations, you can either:
Original prompt
📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.