feat: delegate SSH config aliases to native OpenSSH

[itzhang89]

Summary

• Problem: When ssh_host is a ~/.ssh/config Host alias (e.g. target-with-jump with ProxyJump mybastion), DBHub parses the config and re-implements the jump chain via the ssh2 library. This breaks common setups because:
  • ProxyJump values that are themselves aliases (e.g. mybastion) are treated as literal hostnames
  • All hops share a single username/key, so different credentials per hop cannot work
  • Behavior diverges from the system ssh client
• Solution: Automatically spawn the system ssh client when ssh_host is a resolvable SSH config alias (no ssh_password, no explicit ssh_proxy_jump). OpenSSH handles ProxyJump, nested aliases, and per-host credentials. The existing ssh2 implementation remains for direct hosts, password auth, and explicit ssh_proxy_jump.
• Also fixes: Preserve the original --ssh-host alias in single-source CLI mode (instead of replacing it with HostName), and map proxyJump to ssh_proxy_jump.

Example

~/.ssh/config:

Host mybastion
    HostName bastion.example.com
    User ubuntu
    IdentityFile ~/.ssh/id_rsa

Host target-with-jump
    HostName 10.0.0.5
    User admin
    ProxyJump mybastion

dbhub.toml:

[[sources]]
id = "prod_pg"
dsn = "postgres://app_user:secure_password@10.0.1.100:5432/myapp_prod?sslmode=require"
ssh_host = "target-with-jump"

Equivalent to: ssh -N -L 127.0.0.1:<port>:10.0.1.100:5432 target-with-jump

Test plan

• Unit tests for tunnel mode resolver
• Unit tests for native SSH arg building
• ConnectorManager routing tests (native vs ssh2)
• Existing ssh-tunnel.test.ts still passes
• Manual: ssh_host = "target-with-jump" with nested ProxyJump mybastion in ~/.ssh/config
• Manual: direct hostname / ssh_password / ssh_proxy_jump still use ssh2

Made with Cursor

[tianzhou]

Thanks. For non-trivial changes like this, please open an issue first for discussion

[itzhang89]

Thanks for the review. Understood — we'll open an issue first to discuss this approach before submitting a PR. Closing for now.