From 092442b37c57dffd8c0ab2a3232eb9c9814064d0 Mon Sep 17 00:00:00 2001
From: Baobhan Sith <80159437+Heavrnl@users.noreply.github.com>
Date: Wed, 4 Jun 2025 10:25:10 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E7=A7=81=E9=92=A5?=
 =?UTF-8?q?=E5=AF=86=E7=A0=81=E4=B8=8D=E5=AF=BC=E5=87=BA=E7=9A=84=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

#66
---
 .../src/services/import-export.service.ts     | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/packages/backend/src/services/import-export.service.ts b/packages/backend/src/services/import-export.service.ts
index e694a45..6c428b6 100644
--- a/packages/backend/src/services/import-export.service.ts
+++ b/packages/backend/src/services/import-export.service.ts
@@ -231,7 +231,7 @@ export const exportConnectionsAsEncryptedZip = async (includeSshKeys: boolean =
         const allSshKeys = includeSshKeys ? await getAllDecryptedSshKeys() : [];
 
         const tagsMap = new Map(allTags.map(tag => [tag.id, tag.name]));
-        const sshKeysMap = new Map(allSshKeys.map(key => [key.id, key.name]));
+        const fullSshKeysMap = new Map(allSshKeys.map(key => [key.id, key])); // Store full key details, not just name
 
         const scriptLines: string[] = [];
 
@@ -247,14 +247,17 @@ export const exportConnectionsAsEncryptedZip = async (includeSshKeys: boolean =
                 if (conn.auth_method === 'password' && conn.password) {
                     line += ` -p ${escapeCliArgument(conn.password)}`;
                 } else if (conn.auth_method === 'key') {
-                    // PlaintextExportConnectionData now includes ssh_key_id
-                    if (conn.ssh_key_id && sshKeysMap.has(conn.ssh_key_id)) {
-                        line += ` -k ${escapeCliArgument(sshKeysMap.get(conn.ssh_key_id)!)}`;
-                        // Passphrase for named key is not directly supported in simple script line.
-                        // It's assumed the key is usable or passphrase handled by agent.
+                    if (conn.ssh_key_id && fullSshKeysMap.has(conn.ssh_key_id)) {
+                        const referencedKey = fullSshKeysMap.get(conn.ssh_key_id)!;
+                        line += ` -k ${escapeCliArgument(referencedKey.name!)}`;
+                        if (referencedKey.passphrase) {
+                            line += ` -passphrase ${escapeCliArgument(referencedKey.passphrase)}`;
+                        }
                     } else if (conn.private_key) {
-                        // This case (direct private key without a named ref) is not cleanly exportable to the simple script.
-                        console.warn(`Connection ${conn.name} uses an SSH key by content, which cannot be directly represented by '-k <keyname>' in script export.`);
+                        console.warn(`Connection ${conn.name} uses an SSH key by content (not by reference), which cannot be directly represented by '-k <keyname>' in script export.`);
+                        if (conn.passphrase) {
+                            console.warn(`The passphrase for the direct SSH key of connection ${conn.name} (from connections table) is also not exported as direct key content export is not supported.`);
+                        }
                     }
                 }
             } else if ((conn.type === 'RDP' || conn.type === 'VNC') && conn.password) {