NixiN/ssh-agent-action
2
0
Fork 0
mirror of https://github.com/webfactory/ssh-agent.git synced 2024-10-16 08:17:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Write down what this Action cannot do

Browse source 
A few notes on what has been raised as issues recently.
This commit is contained in:
Matthias Pigulla 2019-11-28 17:52:10 +01:00 committed by GitHub
parent 1a9af8e8e0
commit ea39f521c5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
README.md
View file

@ -52,6 +52,24 @@ If the private key is not in the `PEM` format, you will see an `Error loading ke
Use `ssh-keygen -p -f path/to/your/key -m pem` to convert your key file to `PEM`, but be sure to make a backup of the file first 😉.
## What this Action *cannot* do for you
The following items are not issues, but beyond what this Action is supposed to do.
### Work on remote machines
When using `ssh` to connect from the GitHub Action worker node to another machine, you *can* forward the SSH Agent socket and use your private key on the other (remote) machine. However, this Action will not configure `known_hosts` or other SSH settings on the remote machine for you.
### Provide the SSH key as a file
This Action is designed to pass the SSH directly into `ssh-agent`; that is, the key is available in memory on the GitHub Action worker node, but never written to disk. As a consequence, you _cannot_ pass the key as a build argument or a mounted file into Docker containers that you build or run on the worker node. You _can_, however, mount the `ssh-agent` Unix socket into a Docker container that you _run_, set up the `SSH_AUTH_SOCK` env var and then use SSH from within the container (see #11).
### Run `ssh-keyscan` to add host keys for additional hosts
If you want to use `ssh-keyscan` to add additional hosts (that you own/know) to the `known_hosts` file, you can do so with a single shell line in your Action definition. You don't really need this Action to do this for you.
As a side note, using `ssh-keyscan` without proper key verification is susceptible to man-in-the-middle attacks. You might prefer putting your _known_ SSH host key in your own Action files to add it to the `known_hosts` file. The SSH host key is not secret and can safely be committed into the repo.
## Creating SSH keys
In order to create a new SSH key, run `ssh-keygen -t rsa -b 4096 -m pem -f path/to/keyfile`. This will prompt you for a key passphrase and save the key in `path/to/keyfile`.