From 4268a5cfb7046bf713feac4b862539d20769d944 Mon Sep 17 00:00:00 2001
From: Lauri Tirkkonen <lauri@hacktheplanet.fi>
Date: Tue, 5 May 2026 01:24:52 +0900
Subject: [PATCH] [client] Use atomic write/rename pattern for ssh config

---
 client/ssh/config/manager.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/client/ssh/config/manager.go b/client/ssh/config/manager.go
index 6e584b2c3..5d69fd35c 100644
--- a/client/ssh/config/manager.go
+++ b/client/ssh/config/manager.go
@@ -224,15 +224,20 @@ func (m *Manager) buildHostPatterns(peer PeerSSHInfo) []string {
 
 func (m *Manager) writeSSHConfig(sshConfig string) error {
 	sshConfigPath := filepath.Join(m.sshConfigDir, m.sshConfigFile)
+	sshConfigPathTmp := sshConfigPath + ".tmp"
 
 	if err := os.MkdirAll(m.sshConfigDir, 0755); err != nil {
 		return fmt.Errorf("create SSH config directory %s: %w", m.sshConfigDir, err)
 	}
 
-	if err := writeFileWithTimeout(sshConfigPath, []byte(sshConfig), 0644); err != nil {
+	if err := writeFileWithTimeout(sshConfigPathTmp, []byte(sshConfig), 0644); err != nil {
 		return fmt.Errorf("write SSH config file %s: %w", sshConfigPath, err)
 	}
 
+	if err := os.Rename(sshConfigPathTmp, sshConfigPath); err != nil {
+		return fmt.Errorf("rename ssh config %s -> %s: %w", sshConfigPathTmp, sshConfigPath, err)
+	}
+
 	log.Infof("Created NetBird SSH client config: %s", sshConfigPath)
 	return nil
 }