Difference between revisions of "Github Actions SSH Keys"

From UVOO Tech Wiki
Jump to navigation Jump to search
(Created page with "https://zellwk.com/blog/github-actions-deploy/")
 
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
https://zellwk.com/blog/github-actions-deploy/
+
- https://zellwk.com/blog/github-actions-deploy/
 +
- https://stackoverflow.com/questions/60477061/github-actions-how-to-deploy-to-remote-server-using-ssh
 +
 
 +
 
 +
```
 +
Genereate new keys
 +
ssh-keygen -t rsa -b 4096 -C "user@host" -q -N ""
 +
 
 +
Update your host's authorized_keys
 +
 
 +
ssh-copy-id -i ~/.ssh/id_rsa.pub user@host
 +
 
 +
Enter the server & run
 +
 
 +
ssh-keyscan host
 +
 
 +
Copy the output to github secret (lets call it SSH_KNOWN_HOSTS)
 +
Copy the private key to a github secret (lets call it SSH_PRIVATE_KEY)
 +
In your workflow.yml file
 +
 
 +
#workflow.yaml
 +
...
 +
jobs:
 +
  build:
 +
    runs-on: ubuntu-latest
 +
    steps:
 +
      - name: Create SSH key
 +
        run: |
 +
          mkdir -p ~/.ssh/
 +
          echo "$SSH_PRIVATE_KEY" > ../private.key
 +
          sudo chmod 600 ../private.key
 +
          echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
 +
        shell: bash
 +
        env:
 +
          SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}}
 +
          SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}}
 +
          SSH_KEY_PATH: ${{ github.workspace }}/../private.key
 +
 +
Then you can use ssh with ssh -i $SSH_KEY_PATH user@host
 +
 
 +
Hope this will save few hours to someone :]
 +
 
 +
Edit
 +
Answer to comments (how to update github secrets)
 +
In order add github secrets you have 2 options:
 +
 
 +
Via GitHub ui, https://github.com/{user}/{repo}/settings/secrets/
 +
Via GitHub API, I'm using github-secret-dotenv lib to sync my secrets with my local .env file (pre action trigger)
 +
```
 +
 
 +
 
 +
```
 +
# Notes & Examples
 +
 
 +
example_prep_ssh(){
 +
  echo "$SSH_ID" > id
 +
  eval "$(ssh-agent -s)"
 +
  chmod 600 id
 +
  ssh-add id
 +
 
 +
  ssh_opts="-o StrictHostKeyChecking=no \
 +
    -o UserKnownHostsFile=/dev/null \
 +
    -o ConnectionAttempts=10"
 +
  ssh_cmd="ssh -p 22 ${ssh_opts}"
 +
  alias ssh="${ssh_cmd}"
 +
  alias scp="scp ${ssh_opts}"
 +
  alias rsync="rsync -avz --rsync-path=\"sudo rsync\" -e \"${ssh_cmd}\""
 +
}
 +
```

Latest revision as of 18:34, 25 August 2021

Genereate new keys
ssh-keygen -t rsa -b 4096 -C "user@host" -q -N ""

Update your host's authorized_keys

ssh-copy-id -i ~/.ssh/id_rsa.pub user@host

Enter the server & run

ssh-keyscan host

Copy the output to github secret (lets call it SSH_KNOWN_HOSTS)
Copy the private key to a github secret (lets call it SSH_PRIVATE_KEY)
In your workflow.yml file

#workflow.yaml
...
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Create SSH key
        run: |
          mkdir -p ~/.ssh/
          echo "$SSH_PRIVATE_KEY" > ../private.key
          sudo chmod 600 ../private.key
          echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
        shell: bash
        env:
          SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}}
          SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}}
          SSH_KEY_PATH: ${{ github.workspace }}/../private.key

Then you can use ssh with ssh -i $SSH_KEY_PATH user@host

Hope this will save few hours to someone :]

Edit
Answer to comments (how to update github secrets)
In order add github secrets you have 2 options:

Via GitHub ui, https://github.com/{user}/{repo}/settings/secrets/
Via GitHub API, I'm using github-secret-dotenv lib to sync my secrets with my local .env file (pre action trigger)

# Notes & Examples

example_prep_ssh(){
  echo "$SSH_ID" > id
  eval "$(ssh-agent -s)"
  chmod 600 id
  ssh-add id

  ssh_opts="-o StrictHostKeyChecking=no \
    -o UserKnownHostsFile=/dev/null \
    -o ConnectionAttempts=10"
  ssh_cmd="ssh -p 22 ${ssh_opts}"
  alias ssh="${ssh_cmd}"
  alias scp="scp ${ssh_opts}"
  alias rsync="rsync -avz --rsync-path=\"sudo rsync\" -e \"${ssh_cmd}\""
}
Retrieved from "https://tech.uvoo.io/index.php?title=Github_Actions_SSH_Keys&oldid=2177"