Github Actions SSH Keys
Jump to navigation
Jump to search
- https://zellwk.com/blog/github-actions-deploy/
- https://stackoverflow.com/questions/60477061/github-actions-how-to-deploy-to-remote-server-using-ssh
Genereate new keys
ssh-keygen -t rsa -b 4096 -C "user@host" -q -N ""
Update your host's authorized_keys
ssh-copy-id -i ~/.ssh/id_rsa.pub user@host
Enter the server & run
ssh-keyscan host
Copy the output to github secret (lets call it SSH_KNOWN_HOSTS)
Copy the private key to a github secret (lets call it SSH_PRIVATE_KEY)
In your workflow.yml file
#workflow.yaml
...
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Create SSH key
run: |
mkdir -p ~/.ssh/
echo "$SSH_PRIVATE_KEY" > ../private.key
sudo chmod 600 ../private.key
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
shell: bash
env:
SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}}
SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}}
SSH_KEY_PATH: ${{ github.workspace }}/../private.key
Then you can use ssh with ssh -i $SSH_KEY_PATH user@host
Hope this will save few hours to someone :]
Edit
Answer to comments (how to update github secrets)
In order add github secrets you have 2 options:
Via GitHub ui, https://github.com/{user}/{repo}/settings/secrets/
Via GitHub API, I'm using github-secret-dotenv lib to sync my secrets with my local .env file (pre action trigger)