Github Actions SSH Keys
Jump to navigation
Jump to search
- https://zellwk.com/blog/github-actions-deploy/
- https://stackoverflow.com/questions/60477061/github-actions-how-to-deploy-to-remote-server-using-ssh
Genereate new keys ssh-keygen -t rsa -b 4096 -C "user@host" -q -N "" Update your host's authorized_keys ssh-copy-id -i ~/.ssh/id_rsa.pub user@host Enter the server & run ssh-keyscan host Copy the output to github secret (lets call it SSH_KNOWN_HOSTS) Copy the private key to a github secret (lets call it SSH_PRIVATE_KEY) In your workflow.yml file #workflow.yaml ... jobs: build: runs-on: ubuntu-latest steps: - name: Create SSH key run: | mkdir -p ~/.ssh/ echo "$SSH_PRIVATE_KEY" > ../private.key sudo chmod 600 ../private.key echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts shell: bash env: SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}} SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}} SSH_KEY_PATH: ${{ github.workspace }}/../private.key Then you can use ssh with ssh -i $SSH_KEY_PATH user@host Hope this will save few hours to someone :] Edit Answer to comments (how to update github secrets) In order add github secrets you have 2 options: Via GitHub ui, https://github.com/{user}/{repo}/settings/secrets/ Via GitHub API, I'm using github-secret-dotenv lib to sync my secrets with my local .env file (pre action trigger)
# Notes & Examples example_prep_ssh(){ echo "$SSH_ID" > id eval "$(ssh-agent -s)" chmod 600 id ssh-add id ssh_opts="-o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null \ -o ConnectionAttempts=10" ssh_cmd="ssh -p 22 ${ssh_opts}" alias ssh="${ssh_cmd}" alias scp="scp ${ssh_opts}" alias rsync="rsync -avz --rsync-path=\"sudo rsync\" -e \"${ssh_cmd}\"" }