Summary

The coder config-ssh command generates SSH configuration with incorrect quote handling on Windows, causing SSH connection failures due to malformed syntax.

This does not happen on Mac/Linux since the executable is not wrapped

Environment

• OS: Windows
• Coder Version: 1.22, 1.23 (confirmed, likely affects other versions)
• Installation Method: WinGet (via C:\Users\[USER]\AppData\Local\Microsoft\WinGet\Links\coder.exe)

Problem Description

When running coder config-ssh, the generated SSH configuration contains nested double quotes that are invalid in SSH config syntax, causing SSH to fail with parsing errors.

Generated Configuration (Incorrect)

Host *.coder
        ConnectTimeout=0
        StrictHostKeyChecking=no
        UserKnownHostsFile=/dev/null
        LogLevel ERROR

Match host *.coder !exec ""C:\Users\[USER]\AppData\Local\Microsoft\WinGet\Links\coder.exe" connect exists %h"
        ProxyCommand "C:\Users\[USER]\AppData\Local\Microsoft\WinGet\Links\coder.exe" --global-config "C:\Users\[USER]\AppData\Roaming\coderv2" ssh --stdio --hostname-suffix coder %h
# ------------END-CODER------------

Error Output

C:\Users\[USER]\.ssh>ssh coder.magenta-chipmunk-80.main
Missing Match criteria for exec
C:\\Users\\[USER]/.ssh/config line 29: Bad Match condition
C:\\Users\\[USER]/.ssh/config: terminating, 1 bad configuration options

Root Cause

The issue is related to improper quote handling where nested double quotes are not properly escaped or alternated with single quotes
. In the Match directive, the !exec command contains double quotes within an already double-quoted parameter, creating invalid syntax.

Expected Behavior

The generated SSH configuration should use proper quote alternation to avoid nested quote conflicts.

Correct Configuration (Should Generate)

Host *.coder
        ConnectTimeout=0
        StrictHostKeyChecking=no
        UserKnownHostsFile=/dev/null
        LogLevel ERROR

Match host *.coder !exec "'C:\Users\[USER]\AppData\Local\Microsoft\WinGet\Links\coder.exe' connect exists %h"
        ProxyCommand "C:\Users\[USER]\AppData\Local\Microsoft\WinGet\Links\coder.exe" --global-config "C:\Users\[USER]\AppData\Roaming\coderv2" ssh --stdio --hostname-suffix coder %h
# ------------END-CODER------------

Current Workaround

Manually edit the .ssh/config file and replace the inner double quotes with single quotes:

Change from:

Match host *.coder !exec ""C:\Users\[USER]\AppData\Local\Microsoft\WinGet\Links\coder.exe" connect exists %h"

Change to:

Match host *.coder !exec "'C:\Users\[USER]\AppData\Local\Microsoft\WinGet\Links\coder.exe' connect exists %h"

Impact

This bug prevents users from connecting to Coder workspaces via SSH on Windows systems, requiring manual configuration file editing after each coder config-ssh run.

Suggested Fix

The CLI should implement proper quote handling logic for Windows paths:

1. Use single quotes for inner quotes when the outer context uses double quotes
2. Detect Windows paths (containing :\ or spaces) and apply appropriate quoting strategy
3. Consider using single quotes for the entire command when no variable expansion is needed

Related Information

• The --coder-binary-path option allows specifying the absolute path to the coder binary used in ProxyCommand

• SSH ProxyCommand parameter configuration is a common source of quoting issues

• Similar quote handling issues have been reported in other SSH tooling

Additional Context

This issue specifically affects Windows installations where the coder binary path contains spaces (common with WinGet installations in AppData\Local\Microsoft\WinGet\Links\). The SSH configuration parser strictly requires proper quote nesting, and the current implementation generates syntactically invalid configurations.