debug: add SSH auth diagnostic logging

Logs key format, length, auth method selection, and ssh2 debug
output for auth/key events to diagnose why key auth is rejected.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/src/terminal/ssh-connection.service.ts

@@ -75,6 +75,11 @@ export class SshConnectionService {
         host: host.hostname,
         port: host.port,
         username: cred?.username || 'root',
+        debug: (msg: string) => {
+          if (msg.includes('auth') || msg.includes('Auth') || msg.includes('key') || msg.includes('Key')) {
+            this.logger.log(`[SSH-DEBUG] ${msg}`);
+          }
+        },
         hostVerifier: (key: Buffer, verify: (accept: boolean) => void) => {
           const fingerprint = createHash('sha256').update(key).digest('base64');
           const fp = `SHA256:${fingerprint}`;
@@ -104,8 +109,14 @@ export class SshConnectionService {
         if (cred.sshKey.passphrase) {
           connectConfig.passphrase = cred.sshKey.passphrase;
         }
+        this.logger.log(`[SSH] Using key auth for ${connectConfig.username}@${connectConfig.host}:${connectConfig.port}`);
+        this.logger.log(`[SSH] Key starts with: ${cred.sshKey.privateKey.substring(0, 40)}...`);
+        this.logger.log(`[SSH] Key length: ${cred.sshKey.privateKey.length}, has passphrase: ${!!cred.sshKey.passphrase}`);
       } else if (cred?.password) {
         connectConfig.password = cred.password;
+        this.logger.log(`[SSH] Using password auth for ${connectConfig.username}@${connectConfig.host}:${connectConfig.port}`);
+      } else {
+        this.logger.warn(`[SSH] No auth method available for host ${hostId}`);
       }
 
       client.connect(connectConfig);