Difference between revisions of "Github Actions SSH Keys"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
- https://zellwk.com/blog/github-actions-deploy/ | - https://zellwk.com/blog/github-actions-deploy/ | ||
- https://stackoverflow.com/questions/60477061/github-actions-how-to-deploy-to-remote-server-using-ssh | - https://stackoverflow.com/questions/60477061/github-actions-how-to-deploy-to-remote-server-using-ssh | ||
| + | |||
| + | |||
| + | ``` | ||
| + | Genereate new keys | ||
| + | ssh-keygen -t rsa -b 4096 -C "user@host" -q -N "" | ||
| + | |||
| + | Update your host's authorized_keys | ||
| + | |||
| + | ssh-copy-id -i ~/.ssh/id_rsa.pub user@host | ||
| + | |||
| + | Enter the server & run | ||
| + | |||
| + | ssh-keyscan host | ||
| + | |||
| + | Copy the output to github secret (lets call it SSH_KNOWN_HOSTS) | ||
| + | Copy the private key to a github secret (lets call it SSH_PRIVATE_KEY) | ||
| + | In your workflow.yml file | ||
| + | |||
| + | #workflow.yaml | ||
| + | ... | ||
| + | jobs: | ||
| + | build: | ||
| + | runs-on: ubuntu-latest | ||
| + | steps: | ||
| + | - name: Create SSH key | ||
| + | run: | | ||
| + | mkdir -p ~/.ssh/ | ||
| + | echo "$SSH_PRIVATE_KEY" > ../private.key | ||
| + | sudo chmod 600 ../private.key | ||
| + | echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts | ||
| + | shell: bash | ||
| + | env: | ||
| + | SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}} | ||
| + | SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}} | ||
| + | SSH_KEY_PATH: ${{ github.workspace }}/../private.key | ||
| + | |||
| + | Then you can use ssh with ssh -i $SSH_KEY_PATH user@host | ||
| + | |||
| + | Hope this will save few hours to someone :] | ||
| + | |||
| + | Edit | ||
| + | Answer to comments (how to update github secrets) | ||
| + | In order add github secrets you have 2 options: | ||
| + | |||
| + | Via GitHub ui, https://github.com/{user}/{repo}/settings/secrets/ | ||
| + | Via GitHub API, I'm using github-secret-dotenv lib to sync my secrets with my local .env file (pre action trigger) | ||
| + | ``` | ||
Revision as of 16:14, 25 August 2021
- https://zellwk.com/blog/github-actions-deploy/
- https://stackoverflow.com/questions/60477061/github-actions-how-to-deploy-to-remote-server-using-ssh
Genereate new keys
ssh-keygen -t rsa -b 4096 -C "user@host" -q -N ""
Update your host's authorized_keys
ssh-copy-id -i ~/.ssh/id_rsa.pub user@host
Enter the server & run
ssh-keyscan host
Copy the output to github secret (lets call it SSH_KNOWN_HOSTS)
Copy the private key to a github secret (lets call it SSH_PRIVATE_KEY)
In your workflow.yml file
#workflow.yaml
...
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Create SSH key
run: |
mkdir -p ~/.ssh/
echo "$SSH_PRIVATE_KEY" > ../private.key
sudo chmod 600 ../private.key
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
shell: bash
env:
SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}}
SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}}
SSH_KEY_PATH: ${{ github.workspace }}/../private.key
Then you can use ssh with ssh -i $SSH_KEY_PATH user@host
Hope this will save few hours to someone :]
Edit
Answer to comments (how to update github secrets)
In order add github secrets you have 2 options:
Via GitHub ui, https://github.com/{user}/{repo}/settings/secrets/
Via GitHub API, I'm using github-secret-dotenv lib to sync my secrets with my local .env file (pre action trigger)