Improvements for ssh file sources

[bernt-matthias]

• disable keepalive messages (why should we keep the connection alive)
  • while testing on my instance I had sometimes keepalive messages paramiko.transport DEBUG 2026-01-21 17:29:52,800 [pN:main.1,p:3872036,tN:Thread-8] Sending global request "keepalive@lag.net" every 10s for 2h. I could not reliably reproduce it, but I guess we do not need to keep connections alive, or?
• make user mandatory: the default is the current user (which should be the Galaxy user)
• allow to use them in templates

How to test the changes?

(Select all options that apply)

• I've included appropriate automated tests.
• This is a refactoring of components with existing test coverage.
• Instructions for manual testing are as follows:
  1. [add testing steps and prerequisites here if you didn't write automated tests covering all your changes]

License

• I agree to license these and all my past contributions to the core galaxy codebase under the MIT license.

[jmchilton]

Why are you making the user mandatory here? You mention the default in your PR description but you don't let it be set to None?

xref https://github.com/althonos/fs.sshfs/blob/master/fs/sshfs/sshfs.py#L36

[bernt-matthias]

Can't get it working yet. When creating a file source from the template, the I get the error that the path is empty. Any idea @davelopez?

[davelopez]

Can't get it working yet. When creating a file source from the template, the I get the error that the path is empty. Any idea @davelopez?

The path is required according to the template config here, and the file source config here. I'm not sure if you have set a value when filling out the template form or if the length validation here is not working properly; in any case, I'm working on some fixes around template validation in #21704 to get validation results more accurately in the UI, so I'm not sure if any of this could be affecting too.

I will also try this locally and see if I can see the underlying issue.

[davelopez]

I tested this locally, and I could make it work. Basically I changed this:

diff --git a/lib/galaxy/files/templates/examples/ssh.yml b/lib/galaxy/files/templates/examples/ssh.yml
index 6174c926f5..2d1f0af4d7 100644
--- a/lib/galaxy/files/templates/examples/ssh.yml
+++ b/lib/galaxy/files/templates/examples/ssh.yml
@@ -17,10 +17,6 @@
       label: SSH Host
       type: string
       help: Host of SSH Server to connect to.
-      validators:
-        - type: length
-          min: 1
-          message: "SSH host must not be empty"
     user:
       label: SSH User
       type: string
@@ -31,13 +27,10 @@
       type: string
       help: |
         A path that is readable / writable by the user
-      validators:
-        - type: length
-          min: 1
-          message: "Path must not be empty"
     writable:
       label: Writable?
       type: boolean
+      default: false
       help: Allow Galaxy to write data to this file source. Requires that user is allowed to write to this path on the host.
     port:
       label: SSH Port

I removed the length validators; they are not going to be needed after #21704. They will be properly required values after that, and the length validator is currently broken and fixed in that PR too.

The other change I had to do in my local test was this:

diff --git a/lib/galaxy/files/sources/ssh.py b/lib/galaxy/files/sources/ssh.py
index 0291208491..8480cc91f0 100644
--- a/lib/galaxy/files/sources/ssh.py
+++ b/lib/galaxy/files/sources/ssh.py
@@ -58,7 +58,7 @@ class SshFilesSource(PyFilesystem2FilesSource[SshFileSourceTemplateConfiguration
             host=config.host,
             user=config.user,
             passwd=config.passwd,
-            pkey=config.pkey,
+            pkey=config.pkey if config.pkey else None,
             port=config.port,
             timeout=config.timeout,
             compress=config.compress,

The secrets must be strings, even if they are not provided, they will be passed to the config as empty strings after templating, and the underlying SSH library expects pkey to be None if you are not using it. Passing pkey="" was causing issues on my tests, but I'm not sure that was related to your issue, and I'm also not very familiar with SSH, so if you still have issues, I suggest checking the exact error message and post it here so we can figure it out.

I didn't get any issues related to the "path" config value in my tests.

[bernt-matthias]

Thanks a lot @davelopez this helped a lot. I could test successfully.

[bernt-matthias]

Why are you making the user mandatory here? You mention the default in your PR description but you don't let it be set to None?

xref https://github.com/althonos/fs.sshfs/blob/master/fs/sshfs/sshfs.py#L36

In the Galaxy context I found it not user friendly (and a bit "dangerous") to use the default implemented in sshfs: which is the account of the user running the Galaxy webserver. I can't see a scenario where this is useful for a Galaxy user - so I thought it's better to require users to set a username explicitly.

Edit: Guess my formulation was misleading: With "Galaxy user" I did not mean the user, but the user running the Galaxy server.