Compare commits
	
		
			60 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|   | d91a1af6f5 | ||
|   | 4a03da89e5 | ||
|   | 0d5a3d0e48 | ||
|   | db9be1d5f2 | ||
|   | 9a7da95c8c | ||
|   | f23dd5c681 | ||
|   | cc051b07ed | ||
|   | f9010ff7f1 | ||
|   | e1116226a0 | ||
|   | a8d82ec39b | ||
|   | f82e23f1a3 | ||
|   | ed1f3fc7c1 | ||
|   | dce9d565de | ||
|   | ea5c23a2b5 | ||
|   | c732d38392 | ||
|   | ba1d4fb0eb | ||
|   | c7671d858f | ||
|   | 1a8b3784ea | ||
|   | 29007ce6fb | ||
|   | e59c0ee97a | ||
|   | c7104ccac4 | ||
|   | 63dd9dd662 | ||
|   | 61e292b601 | ||
|   | 1d1b21ca96 | ||
|   | 9fb11fb1f5 | ||
|   | fd39ef0f18 | ||
|   | ffff33f8fe | ||
|   | 8bd4933b73 | ||
|   | bf84735fa9 | ||
|   | d09b6e0211 | ||
|   | 3ac4675689 | ||
|   | 269a4479eb | ||
|   | a2f91cbad1 | ||
|   | e2cbea5f00 | ||
|   | 5711a203b3 | ||
|   | b315fb5f98 | ||
|   | 682eb0ddda | ||
|   | 03b440e441 | ||
|   | 1cb5cd31c9 | ||
|   | c9eebc1cde | ||
|   | 6b00175bad | ||
|   | a912e225ec | ||
|   | ad6643f705 | ||
|   | 26dd2b3a38 | ||
|   | 122f35dca5 | ||
|   | 03b5d10ad6 | ||
|   | fcfb760891 | ||
|   | fd81fae289 | ||
|   | 242a8e2e57 | ||
|   | cfe9c45db6 | ||
|   | 73767290ca | ||
|   | e5c07fceef | ||
|   | d690bdebf8 | ||
|   | f478af9b34 | ||
|   | d520c19f4f | ||
|   | 0dee98b334 | ||
|   | 9085f3ea5b | ||
|   | 696aab4627 | ||
|   | a88f6f2013 | ||
|   | 6f091cd9e3 | 
							
								
								
									
										13
									
								
								.github/FUNDING.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								.github/FUNDING.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | ||||
| # These are supported funding model platforms | ||||
|  | ||||
| github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] | ||||
| patreon: # Replace with a single Patreon username | ||||
| open_collective: ssh-action | ||||
| ko_fi: # Replace with a single Ko-fi username | ||||
| tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel | ||||
| community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry | ||||
| liberapay: # Replace with a single Liberapay username | ||||
| issuehunt: # Replace with a single IssueHunt username | ||||
| otechie: # Replace with a single Otechie username | ||||
| lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry | ||||
| custom: ['https://www.paypal.me/appleboy46'] | ||||
							
								
								
									
										108
									
								
								.github/workflows/ci.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										108
									
								
								.github/workflows/ci.yml
									
									
									
									
										vendored
									
									
								
							| @@ -1,13 +1,21 @@ | ||||
| name: remote ssh command | ||||
| on: [push] | ||||
|  | ||||
| env: | ||||
|   FOO: "BAR" | ||||
|   BAR: "FOO" | ||||
|  | ||||
| jobs: | ||||
|  | ||||
|   build: | ||||
|     name: Build | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|     - name: checkout | ||||
|       uses: actions/checkout@v1 | ||||
|  | ||||
|     - name: executing remote ssh commands using password | ||||
|       uses: appleboy/ssh-action@master | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
| @@ -16,7 +24,7 @@ jobs: | ||||
|         script: whoami | ||||
|  | ||||
|     - name: executing remote ssh commands using ssh key | ||||
|       uses: appleboy/ssh-action@master | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
| @@ -25,7 +33,7 @@ jobs: | ||||
|         script: whoami | ||||
|  | ||||
|     - name: multiple command | ||||
|       uses: appleboy/ssh-action@master | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
| @@ -36,17 +44,20 @@ jobs: | ||||
|           ls -al | ||||
|  | ||||
|     # - name: stop script if command error | ||||
|     #   uses: appleboy/ssh-action@master | ||||
|     #   if: always() | ||||
|     #   uses: ./ | ||||
|     #   with: | ||||
|     #     host: ${{ secrets.HOST }} | ||||
|     #     username: ${{ secrets.USERNAME }} | ||||
|     #     key: ${{ secrets.KEY }} | ||||
|     #     port: ${{ secrets.PORT }} | ||||
|     #     script_stop: true | ||||
|     #     script: "mkdir abc/def,ls -al" | ||||
|     #     script: | | ||||
|     #       mkdir abc/def | ||||
|     #       ls -al | ||||
|  | ||||
|     - name: pass environment | ||||
|       uses: appleboy/ssh-action@master | ||||
|       uses: ./ | ||||
|       env: | ||||
|         FOO: "BAR" | ||||
|       with: | ||||
| @@ -56,5 +67,86 @@ jobs: | ||||
|         port: ${{ secrets.PORT }} | ||||
|         envs: FOO | ||||
|         script: | | ||||
|           echo "I am $FOO" | ||||
|           echo "I am $BAR" | ||||
|           echo "I am $FOO, thanks" | ||||
|           echo "I am $BAR, thanks" | ||||
|  | ||||
|     - name: pass multiple environment | ||||
|       uses: ./ | ||||
|       env: | ||||
|         FOO: "BAR" | ||||
|         BAR: "FOO" | ||||
|         SHA: ${{ github.sha }} | ||||
|         PORT: ${{ secrets.PORT }} | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         key: ${{ secrets.KEY }} | ||||
|         port: ${{ secrets.PORT }} | ||||
|         envs: FOO,BAR,SHA,PORT | ||||
|         script: | | ||||
|           echo "I am $FOO, thanks" | ||||
|           echo "I am $BAR, thanks" | ||||
|           echo "sha: $SHA" | ||||
|           echo "port: $PORT" | ||||
|           sh test.sh | ||||
|  | ||||
|     - name: ssh key passphrase | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         key: ${{ secrets.SSH2 }} | ||||
|         port: ${{ secrets.PORT }} | ||||
|         passphrase: ${{ secrets.PASSPHRASE }} | ||||
|         script: | | ||||
|           whoami | ||||
|           ls -al | ||||
|  | ||||
|     - name: use insecure cipher | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         password: ${{ secrets.PASSWORD }} | ||||
|         port: ${{ secrets.PORT }} | ||||
|         script: | | ||||
|             ls \ | ||||
|               -lah | ||||
|         use_insecure_cipher: true | ||||
|  | ||||
|     # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 | ||||
|     - name: Multiline SSH commands interpreted as single lines | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         password: ${{ secrets.PASSWORD }} | ||||
|         port: ${{ secrets.PORT }} | ||||
|         script_stop: true | ||||
|         script: | | ||||
|             ls \ | ||||
|               -lah | ||||
|         use_insecure_cipher: true | ||||
|  | ||||
|     # https://github.com/appleboy/ssh-action/issues/85 | ||||
|     - name: Deployment to multiple hosts with different ports | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: "${{ secrets.HOST }}:${{ secrets.PORT }}" | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         password: ${{ secrets.PASSWORD }} | ||||
|         port: 1024 | ||||
|         script_stop: true | ||||
|         script: | | ||||
|             ls \ | ||||
|               -lah | ||||
|         use_insecure_cipher: true | ||||
|  | ||||
|     # - name: SSH ED25519 Private Key | ||||
|     #   uses: ./ | ||||
|     #   with: | ||||
|     #     host: ${{ secrets.TUNNEL_HOST }} | ||||
|     #     username: ${{ secrets.TUNNEL_USERNAME }} | ||||
|     #     key: ${{ secrets.ID_ED25519 }} | ||||
|     #     port: ${{ secrets.TUNNEL_PORT }} | ||||
|     #     script: whoami | ||||
|   | ||||
| @@ -1,5 +1,5 @@ | ||||
| FROM appleboy/drone-ssh:1.5.2-linux-amd64 | ||||
| FROM appleboy/drone-ssh:1.6.8-linux-amd64 | ||||
|  | ||||
| ADD entrypoint.sh /entrypoint.sh | ||||
| COPY entrypoint.sh /entrypoint.sh | ||||
| RUN chmod +x /entrypoint.sh | ||||
| ENTRYPOINT ["/entrypoint.sh"] | ||||
|   | ||||
							
								
								
									
										396
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										396
									
								
								README.md
									
									
									
									
									
								
							| @@ -6,6 +6,44 @@ | ||||
|  | ||||
| [](https://github.com/appleboy/ssh-action/actions) | ||||
|  | ||||
| **Important**: Only support **Linux** [docker](https://www.docker.com/) container. | ||||
|  | ||||
| ## Input variables | ||||
|  | ||||
| See [action.yml](./action.yml) for more detailed information. | ||||
|  | ||||
| * `host` - ssh host | ||||
| * `port` - ssh port, default is `22` | ||||
| * `username` - ssh username | ||||
| * `password` - ssh password | ||||
| * `passphrase` - the passphrase is usually to encrypt the private key | ||||
| * `sync` - synchronous execution if multiple hosts, default is false | ||||
| * `timeout` - timeout for ssh to remote host, default is `30s` | ||||
| * `command_timeout` - timeout for ssh command, default is `10m` | ||||
| * `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, remember include the BEGIN and END lines  | ||||
| * `key_path` - path of ssh private key | ||||
| * `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification | ||||
| * `script` - execute commands | ||||
| * `script_stop` - stop script after first failure | ||||
| * `envs` - pass environment variable to shell script | ||||
| * `debug` - enable debug mode | ||||
| * `use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) | ||||
| * `cipher` - the allowed cipher algorithms. If unspecified then a sensible | ||||
|  | ||||
| SSH Proxy Setting: | ||||
|  | ||||
| * `proxy_host` - proxy host | ||||
| * `proxy_port` - proxy port, default is `22` | ||||
| * `proxy_username` - proxy username | ||||
| * `proxy_password` - proxy password | ||||
| * `proxy_passphrase` - the passphrase is usually to encrypt the private key | ||||
| * `proxy_timeout` - timeout for ssh to proxy host, default is `30s` | ||||
| * `proxy_key` - content of ssh proxy private key. | ||||
| * `proxy_key_path` - path of ssh proxy private key | ||||
| * `proxy_fingerprint` - fingerprint SHA256 of the proxy host public key, default is to skip verification | ||||
| * `proxy_use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) | ||||
| * `proxy_cipher` - the allowed cipher algorithms. If unspecified then a sensible | ||||
|  | ||||
| ## Usage | ||||
|  | ||||
| Executing remote ssh commands. | ||||
| @@ -20,7 +58,7 @@ jobs: | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|     - name: executing remote ssh commands using password | ||||
|       uses: appleboy/ssh-action@master | ||||
|       uses: appleboy/ssh-action@v0.1.6 | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
| @@ -36,35 +74,123 @@ output: | ||||
| whoami | ||||
| ======END====== | ||||
| out: *** | ||||
| ========================================== | ||||
| Successfully executed commands to all host. | ||||
| ========================================== | ||||
| ============================================== | ||||
| ✅ Successfully executed commands to all host. | ||||
| ============================================== | ||||
| ``` | ||||
|  | ||||
| ## Input variables | ||||
| ### Setting up a SSH Key | ||||
|  | ||||
| see the [action.yml](./action.yml) file for more detail imformation. | ||||
| Make sure to follow the below steps while creating SSH Keys and using them. | ||||
| The best practice is create the SSH Keys on local machine not remote machine. | ||||
| Login with username specified in Github Secrets. Generate a RSA Key-Pair: | ||||
|  | ||||
| * host - scp remote host | ||||
| * port - scp remote port, default is `22` | ||||
| * username - scp username | ||||
| * password - scp password | ||||
| * timeout - timeout for ssh to remote host, default is `30s` | ||||
| * command_timeout - timeout for scp command, default is `1m` | ||||
| * key - content of ssh private key. ex raw content of ~/.ssh/id_rsa | ||||
| * key_path - path of ssh private key | ||||
| * script - execute commands | ||||
| * script_stop - stop script after first failure | ||||
| * envs - pass environment variable to shell script | ||||
| * debug - enable debug mode | ||||
| <details> | ||||
| <summary>rsa</summary> | ||||
| <p> | ||||
|  | ||||
| ```bash | ||||
| ssh-keygen -t rsa -b 4096 -C "your_email@example.com" | ||||
| ``` | ||||
|  | ||||
| </p> | ||||
| </details> | ||||
|  | ||||
| <details> | ||||
| <summary>ed25519</summary> | ||||
| <p> | ||||
|  | ||||
| ```bash | ||||
| ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" | ||||
| ``` | ||||
|  | ||||
| </p> | ||||
| </details> | ||||
|  | ||||
| Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). | ||||
|  | ||||
| <details> | ||||
| <summary>rsa</summary> | ||||
| <p> | ||||
|  | ||||
| ```bash | ||||
| cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' | ||||
| ``` | ||||
|  | ||||
| </p> | ||||
| </details> | ||||
|  | ||||
| <details> | ||||
| <summary>ed25519</summary> | ||||
| <p> | ||||
|  | ||||
| ```bash | ||||
| cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' | ||||
| ``` | ||||
|  | ||||
| </p> | ||||
| </details> | ||||
|  | ||||
| Copy Private Key content and paste in Github Secrets. | ||||
|  | ||||
| <details> | ||||
| <summary>rsa</summary> | ||||
| <p> | ||||
|  | ||||
| ```bash | ||||
| clip < ~/.ssh/id_rsa | ||||
| ``` | ||||
|  | ||||
| </p> | ||||
| </details> | ||||
|  | ||||
| <details> | ||||
| <summary>ed25519</summary> | ||||
| <p> | ||||
|  | ||||
| ```bash | ||||
| clip < ~/.ssh/id_ed25519 | ||||
| ``` | ||||
|  | ||||
| </p> | ||||
| </details> | ||||
|  | ||||
| See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html). | ||||
|  | ||||
| **A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes: | ||||
|  | ||||
| * Put the public key in `.ssh/authorized_keys2` | ||||
| * Change the permissions of `.ssh` to 700 | ||||
| * Change the permissions of `.ssh/authorized_keys2` to 640 | ||||
|  | ||||
| ### If you are using OpenSSH | ||||
|  | ||||
| If you are currently using OpenSSH and are getting the following error: | ||||
|  | ||||
| ```bash | ||||
| ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] | ||||
| ``` | ||||
|  | ||||
| Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under  | ||||
| `/etc/ssh/sshd_config.d/`): | ||||
|  | ||||
| ```bash | ||||
| CASignatureAlgorithms +ssh-rsa | ||||
| ``` | ||||
|  | ||||
| Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed: | ||||
|  | ||||
| ```bash | ||||
| ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" | ||||
| ``` | ||||
|  | ||||
| ### Example | ||||
|  | ||||
| Executing remote ssh commands using password. | ||||
| #### Executing remote ssh commands using password | ||||
|  | ||||
| ```yaml | ||||
| - name: executing remote ssh commands using password | ||||
|   uses: appleboy/ssh-action@master | ||||
|   uses: appleboy/ssh-action@v0.1.6 | ||||
|   with: | ||||
|     host: ${{ secrets.HOST }} | ||||
|     username: ${{ secrets.USERNAME }} | ||||
| @@ -73,11 +199,11 @@ Executing remote ssh commands using password. | ||||
|     script: whoami | ||||
| ``` | ||||
|  | ||||
| Using private key | ||||
| #### Using private key | ||||
|  | ||||
| ```yaml | ||||
| - name: executing remote ssh commands using ssh key | ||||
|   uses: appleboy/ssh-action@master | ||||
|   uses: appleboy/ssh-action@v0.1.6 | ||||
|   with: | ||||
|     host: ${{ secrets.HOST }} | ||||
|     username: ${{ secrets.USERNAME }} | ||||
| @@ -86,11 +212,11 @@ Using private key | ||||
|     script: whoami | ||||
| ``` | ||||
|  | ||||
| Multiple Commands | ||||
| #### Multiple Commands | ||||
|  | ||||
| ```yaml | ||||
| - name: multiple command | ||||
|   uses: appleboy/ssh-action@master | ||||
|   uses: appleboy/ssh-action@v0.1.6 | ||||
|   with: | ||||
|     host: ${{ secrets.HOST }} | ||||
|     username: ${{ secrets.USERNAME }} | ||||
| @@ -103,48 +229,200 @@ Multiple Commands | ||||
|  | ||||
|  | ||||
|  | ||||
| Multiple Hosts | ||||
| #### Multiple Hosts | ||||
|  | ||||
| ```diff | ||||
|   uses: appleboy/ssh-action@master | ||||
|   with: | ||||
| -   host: "foo.com" | ||||
| +   host: "foo.com,bar.com" | ||||
|     username: ${{ secrets.USERNAME }} | ||||
|     key: ${{ secrets.KEY }} | ||||
|     port: ${{ secrets.PORT }} | ||||
|     script: | | ||||
|       whoami | ||||
|       ls -al | ||||
|   - name: multiple host | ||||
|     uses: appleboy/ssh-action@v0.1.6 | ||||
|     with: | ||||
| -     host: "foo.com" | ||||
| +     host: "foo.com,bar.com" | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       port: ${{ secrets.PORT }} | ||||
|       script: | | ||||
|         whoami | ||||
|         ls -al | ||||
| ``` | ||||
|  | ||||
| Pass environment variable to shell script | ||||
| #### Multiple hosts with different port | ||||
|  | ||||
| ```diff | ||||
|   uses: appleboy/ssh-action@master | ||||
| + env: | ||||
| +   FOO: "BAR" | ||||
|   with: | ||||
|     host: ${{ secrets.HOST }} | ||||
|     username: ${{ secrets.USERNAME }} | ||||
|     key: ${{ secrets.KEY }} | ||||
|     port: ${{ secrets.PORT }} | ||||
| +   envs: FOO | ||||
|     script: | | ||||
|       echo "I am $FOO" | ||||
|       echo "I am $BAR" | ||||
|   - name: multiple host | ||||
|     uses: appleboy/ssh-action@v0.1.6 | ||||
|     with: | ||||
| -     host: "foo.com" | ||||
| +     host: "foo.com:1234,bar.com:5678" | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       script: | | ||||
|         whoami | ||||
|         ls -al | ||||
| ``` | ||||
|  | ||||
| Stop script after first failure. ex: missing `abc` folder | ||||
| #### Synchronous execution on multiple hosts | ||||
|  | ||||
| ```yaml | ||||
| - name: stop script if command error | ||||
|   uses: appleboy/ssh-action@master | ||||
|   with: | ||||
|     host: ${{ secrets.HOST }} | ||||
|     username: ${{ secrets.USERNAME }} | ||||
|     key: ${{ secrets.KEY }} | ||||
|     port: ${{ secrets.PORT }} | ||||
|     script_stop: true | ||||
|     script: "mkdir abc/def,ls -al" | ||||
| ```diff | ||||
|   - name: multiple host | ||||
|     uses: appleboy/ssh-action@v0.1.6 | ||||
|     with: | ||||
|       host: "foo.com,bar.com" | ||||
| +     sync: true | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       port: ${{ secrets.PORT }} | ||||
|       script: | | ||||
|         whoami | ||||
|         ls -al | ||||
| ``` | ||||
|  | ||||
| #### Pass environment variable to shell script | ||||
|  | ||||
| ```diff | ||||
|   - name: pass environment | ||||
|     uses: appleboy/ssh-action@v0.1.6 | ||||
| +   env: | ||||
| +     FOO: "BAR" | ||||
| +     BAR: "FOO" | ||||
| +     SHA: ${{ github.sha }} | ||||
|     with: | ||||
|       host: ${{ secrets.HOST }} | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       port: ${{ secrets.PORT }} | ||||
| +     envs: FOO,BAR,SHA | ||||
|       script: | | ||||
|         echo "I am $FOO" | ||||
|         echo "I am $BAR" | ||||
|         echo "sha: $SHA" | ||||
| ``` | ||||
|  | ||||
| _Inside `env` object, you need to pass every environment variable as a string, passing `Integer` data type or any other may output unexpected results._ | ||||
|  | ||||
| #### Stop script after first failure | ||||
|  | ||||
| > ex: missing `abc` folder | ||||
|  | ||||
| ```diff | ||||
|   - name: stop script if command error | ||||
|     uses: appleboy/ssh-action@v0.1.6 | ||||
|     with: | ||||
|       host: ${{ secrets.HOST }} | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       port: ${{ secrets.PORT }} | ||||
| +     script_stop: true | ||||
|       script: | | ||||
|         mkdir abc/def | ||||
|         ls -al | ||||
| ``` | ||||
|  | ||||
| output: | ||||
|  | ||||
| ```sh | ||||
| ======CMD====== | ||||
| mkdir abc/def | ||||
| ls -al | ||||
|  | ||||
| ======END====== | ||||
| 2019/11/21 01:16:21 Process exited with status 1 | ||||
| err: mkdir: cannot create directory ‘abc/def’: No such file or directory | ||||
| ##[error]Docker run failed with exit code 1 | ||||
| ``` | ||||
|  | ||||
| #### How to connect remote server using `ProxyCommand`? | ||||
|  | ||||
| ```bash | ||||
| +--------+       +----------+      +-----------+ | ||||
| | Laptop | <-->  | Jumphost | <--> | FooServer | | ||||
| +--------+       +----------+      +-----------+ | ||||
| ``` | ||||
|  | ||||
| in your `~/.ssh/config`, you will see the following. | ||||
|  | ||||
| ```bash | ||||
| Host Jumphost | ||||
|   HostName Jumphost | ||||
|   User ubuntu | ||||
|   Port 22 | ||||
|   IdentityFile ~/.ssh/keys/jump_host.pem | ||||
|  | ||||
| Host FooServer | ||||
|   HostName FooServer | ||||
|   User ubuntu | ||||
|   Port 22 | ||||
|   ProxyCommand ssh -q -W %h:%p Jumphost | ||||
| ``` | ||||
|  | ||||
| #### How to convert to YAML format of GitHubActions | ||||
|  | ||||
| ```diff | ||||
|   - name: ssh proxy command | ||||
|     uses: appleboy/ssh-action@v0.1.6 | ||||
|     with: | ||||
|       host: ${{ secrets.HOST }} | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       port: ${{ secrets.PORT }} | ||||
| +     proxy_host: ${{ secrets.PROXY_HOST }} | ||||
| +     proxy_username: ${{ secrets.PROXY_USERNAME }} | ||||
| +     proxy_key: ${{ secrets.PROXY_KEY }} | ||||
| +     proxy_port: ${{ secrets.PROXY_PORT }} | ||||
|       script: | | ||||
|         mkdir abc/def | ||||
|         ls -al | ||||
| ``` | ||||
|  | ||||
| #### Protecting a Private Key | ||||
|  | ||||
| The purpose of the passphrase is usually to encrypt the private key. | ||||
| This makes the key file by itself useless to an attacker. | ||||
| It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems. | ||||
|  | ||||
| ```diff | ||||
|   - name: ssh key passphrase | ||||
|     uses: appleboy/ssh-action@v0.1.6 | ||||
|     with: | ||||
|       host: ${{ secrets.HOST }} | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       port: ${{ secrets.PORT }} | ||||
| +     passphrase: ${{ secrets.PASSPHRASE }} | ||||
|       script: | | ||||
|         whoami | ||||
|         ls -al | ||||
| ``` | ||||
|  | ||||
| #### Using host fingerprint verification | ||||
|  | ||||
| Setting up SSH host fingerprint verification can help to prevent Person-in-the-Middle attacks. Before setting this up, run the command below to get your SSH host fingerprint. Remember to replace `ed25519` with your appropriate key type (`rsa`, `dsa`, etc.) that your server is using and `example.com` with your host. | ||||
|  | ||||
| In modern OpenSSH releases, the _default_ key types to be fetched are `rsa` (since version 5.1), `ecdsa` (since version 6.0), and `ed25519` (since version 6.7). | ||||
|  | ||||
| ```sh | ||||
| ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 | ||||
| ``` | ||||
|  | ||||
| Now you can adjust you config: | ||||
|  | ||||
| ```diff | ||||
|   - name: ssh key passphrase | ||||
|     uses: appleboy/ssh-action@v0.1.6 | ||||
|     with: | ||||
|       host: ${{ secrets.HOST }} | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       port: ${{ secrets.PORT }} | ||||
| +     fingerprint: ${{ secrets.FINGERPRINT }} | ||||
|       script: | | ||||
|         whoami | ||||
|         ls -al | ||||
| ``` | ||||
|  | ||||
| ## Contributing | ||||
|  | ||||
| We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! | ||||
|  | ||||
| ## License | ||||
|  | ||||
| The scripts and documentation in this project are released under the [MIT License](LICENSE) | ||||
|   | ||||
							
								
								
									
										45
									
								
								action.yml
									
									
									
									
									
								
							
							
						
						
									
										45
									
								
								action.yml
									
									
									
									
									
								
							| @@ -3,24 +3,61 @@ description: 'Executing remote ssh commands' | ||||
| author: 'Bo-Yi Wu' | ||||
| inputs: | ||||
|   host: | ||||
|     description: 'ssh remote host' | ||||
|     description: 'ssh host' | ||||
|   port: | ||||
|     description: 'ssh remote port' | ||||
|     description: 'ssh port' | ||||
|     default: 22 | ||||
|   passphrase: | ||||
|     description: 'ssh key passphrase' | ||||
|   username: | ||||
|     description: 'ssh username' | ||||
|   password: | ||||
|     description: 'ssh password' | ||||
|   sync: | ||||
|     description: 'synchronous execution if multiple hosts' | ||||
|     default: false | ||||
|   use_insecure_cipher: | ||||
|     description: 'include more ciphers with use_insecure_cipher' | ||||
|     default: false | ||||
|   cipher: | ||||
|     description: 'the allowed cipher algorithms. If unspecified then a sensible' | ||||
|   timeout: | ||||
|     description: 'timeout for ssh to remote host' | ||||
|     description: 'timeout for ssh to host' | ||||
|     default: "30s" | ||||
|   command_timeout: | ||||
|     description: 'timeout for ssh command' | ||||
|     default: "1m" | ||||
|     default: "10m" | ||||
|   key: | ||||
|     description: 'content of ssh private key. ex raw content of ~/.ssh/id_rsa' | ||||
|   key_path: | ||||
|     description: 'path of ssh private key' | ||||
|   fingerprint: | ||||
|     description: 'sha256 fingerprint of the host public key' | ||||
|   proxy_host: | ||||
|     description: 'ssh proxy host' | ||||
|   proxy_port: | ||||
|     description: 'ssh proxy port' | ||||
|     default: 22 | ||||
|   proxy_username: | ||||
|     description: 'ssh proxy username' | ||||
|   proxy_password: | ||||
|     description: 'ssh proxy password' | ||||
|   proxy_passphrase: | ||||
|     description: 'ssh proxy key passphrase' | ||||
|   proxy_timeout: | ||||
|     description: 'timeout for ssh to proxy host' | ||||
|     default: "30s" | ||||
|   proxy_key: | ||||
|     description: 'content of ssh proxy private key. ex raw content of ~/.ssh/id_rsa' | ||||
|   proxy_key_path: | ||||
|     description: 'path of ssh proxy private key' | ||||
|   proxy_fingerprint: | ||||
|     description: 'sha256 fingerprint of the proxy host public key' | ||||
|   proxy_cipher: | ||||
|     description: 'the allowed cipher algorithms. If unspecified then a sensible' | ||||
|   proxy_use_insecure_cipher: | ||||
|     description: 'include more ciphers with use_insecure_cipher' | ||||
|     default: false | ||||
|   script: | ||||
|     description: 'execute commands' | ||||
|   script_stop: | ||||
|   | ||||
		Reference in New Issue
	
	Block a user