Skip to content

rainstormy/ssh-key

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
.github
.github
 
 
.idea
.idea
 
 
install
install
 
 
.editorconfig
.editorconfig
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

Install SSH Key

This reusable GitHub Action installs a private SSH key onto an Ubuntu runner.

Caution

As this action processes sensitive information, please review the action steps in install/action.yml prior to using the action.

Usage

# .github/workflows/example.yml
jobs:
  example:
    runs-on: ubuntu-22.04
    timeout-minutes: 1
    steps:
      - name: Install an SSH key
        uses: rainstormy/ssh-key/install@v1
        with:
          known-hosts: ${{ secrets.KNOWN_HOSTS }}
          __private-key__: ${{ secrets.PRIVATE_SSH_KEY }}
          # key-name: "id_ed25519"

Options

known-hosts

A newline-separated list of trusted remote host keys to be stored in .ssh/known_hosts.

__private-key__

The private SSH key to be stored in .ssh/<key-name> and added to the SSH agent on the GitHub Actions runner.

key-name (optional)

The name of the file in the .ssh directory that stores the value of __private-key__.

Default value: id_ed25519

Generate an SSH key

Use 1Password or ssh-keygen (OpenSSH) to generate a public-private SSH key pair.

Example

  1. Generate a public-private SSH key pair with the Ed25519 algorithm:

    ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519

  2. Copy the contents of the private SSH key, ~/.ssh/id_ed25519, in a secure manner.

  3. Define a secret (e.g. named PRIVATE_SSH_KEY) in GitHub Actions to contain the private SSH key:

    -----BEGIN OPENSSH PRIVATE KEY-----
(...)
-----END OPENSSH PRIVATE KEY-----

  4. Access the secret in the workflow:

    with:
  __private-key__: ${{ secrets.PRIVATE_SSH_KEY }}

Obtain trusted remote host keys

Use ssh-keyscan (OpenSSH) to gather public SSH keys from remote servers.

Example

  1. Gather the public SSH keys for github.com:

    ssh-keyscan -t ed25519 github.com
ssh-keyscan -t ecdsa github.com
ssh-keyscan -t rsa github.com

  2. Verify the authenticity of github.com by comparing the result to the public SSH keys published by GitHub.

  3. Define a secret (e.g. named KNOWN_HOSTS) in GitHub Actions to contain a newline separated list of the public SSH keys:

    github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=

  4. Access the secret in the workflow:

    with:
  known-hosts: ${{ secrets.KNOWN_HOSTS }}

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

1.0.0 Latest
May 12, 2024

Packages

No packages published

Contributors 2

  •  
  •