Difference between revisions of "Github Actions SSH Keys"

• https://zellwk.com/blog/github-actions-deploy/
• https://stackoverflow.com/questions/60477061/github-actions-how-to-deploy-to-remote-server-using-ssh

Genereate new keys
ssh-keygen -t rsa -b 4096 -C "user@host" -q -N ""

Update your host's authorized_keys

ssh-copy-id -i ~/.ssh/id_rsa.pub user@host

Enter the server & run

ssh-keyscan host

Copy the output to github secret (lets call it SSH_KNOWN_HOSTS)
Copy the private key to a github secret (lets call it SSH_PRIVATE_KEY)
In your workflow.yml file

#workflow.yaml
...
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Create SSH key
        run: |
          mkdir -p ~/.ssh/
          echo "$SSH_PRIVATE_KEY" > ../private.key
          sudo chmod 600 ../private.key
          echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
        shell: bash
        env:
          SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}}
          SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}}
          SSH_KEY_PATH: ${{ github.workspace }}/../private.key

Then you can use ssh with ssh -i $SSH_KEY_PATH user@host

Hope this will save few hours to someone :]

Edit
Answer to comments (how to update github secrets)
In order add github secrets you have 2 options:

Via GitHub ui, https://github.com/{user}/{repo}/settings/secrets/
Via GitHub API, I'm using github-secret-dotenv lib to sync my secrets with my local .env file (pre action trigger)

# Notes & Examples

example_prep_ssh(){
  echo "$SSH_ID" > id
  eval "$(ssh-agent -s)"
  chmod 600 id
  ssh-add id

  ssh_opts="-o StrictHostKeyChecking=no \
    -o UserKnownHostsFile=/dev/null \
    -o ConnectionAttempts=10"
  ssh_cmd="ssh -p 22 ${ssh_opts}"
  alias ssh="${ssh_cmd}"
  alias scp="scp ${ssh_opts}"
  alias rsync="rsync -avz --rsync-path=\"sudo rsync\" -e \"${ssh_cmd}\""
}