mirror of
https://github.com/webfactory/ssh-agent.git
synced 2024-12-22 06:53:28 +00:00
Write down what this Action cannot do
A few notes on what has been raised as issues recently.
This commit is contained in:
parent
1a9af8e8e0
commit
ea39f521c5
1 changed files with 18 additions and 0 deletions
18
README.md
18
README.md
|
@ -52,6 +52,24 @@ If the private key is not in the `PEM` format, you will see an `Error loading ke
|
|||
|
||||
Use `ssh-keygen -p -f path/to/your/key -m pem` to convert your key file to `PEM`, but be sure to make a backup of the file first 😉.
|
||||
|
||||
## What this Action *cannot* do for you
|
||||
|
||||
The following items are not issues, but beyond what this Action is supposed to do.
|
||||
|
||||
### Work on remote machines
|
||||
|
||||
When using `ssh` to connect from the GitHub Action worker node to another machine, you *can* forward the SSH Agent socket and use your private key on the other (remote) machine. However, this Action will not configure `known_hosts` or other SSH settings on the remote machine for you.
|
||||
|
||||
### Provide the SSH key as a file
|
||||
|
||||
This Action is designed to pass the SSH directly into `ssh-agent`; that is, the key is available in memory on the GitHub Action worker node, but never written to disk. As a consequence, you _cannot_ pass the key as a build argument or a mounted file into Docker containers that you build or run on the worker node. You _can_, however, mount the `ssh-agent` Unix socket into a Docker container that you _run_, set up the `SSH_AUTH_SOCK` env var and then use SSH from within the container (see #11).
|
||||
|
||||
### Run `ssh-keyscan` to add host keys for additional hosts
|
||||
|
||||
If you want to use `ssh-keyscan` to add additional hosts (that you own/know) to the `known_hosts` file, you can do so with a single shell line in your Action definition. You don't really need this Action to do this for you.
|
||||
|
||||
As a side note, using `ssh-keyscan` without proper key verification is susceptible to man-in-the-middle attacks. You might prefer putting your _known_ SSH host key in your own Action files to add it to the `known_hosts` file. The SSH host key is not secret and can safely be committed into the repo.
|
||||
|
||||
## Creating SSH keys
|
||||
|
||||
In order to create a new SSH key, run `ssh-keygen -t rsa -b 4096 -m pem -f path/to/keyfile`. This will prompt you for a key passphrase and save the key in `path/to/keyfile`.
|
||||
|
|
Loading…
Reference in a new issue