diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 74cf8b2..0000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve -title: "" -labels: bug -assignees: appleboy ---- - -## Describe the bug - -A clear and concise description of what the bug is. If applicable, add screenshots to help explain your problem. - -## Yaml Config - -Please post your Yaml configuration file along with the output results. - -```yaml -name: remote ssh command -on: [push] -jobs: - build: - name: Build - runs-on: ubuntu-latest - steps: - - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.2 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami -``` - -## Related environment - -Please provide the following information: - -1. Your hosting provider information, such as DigitalOcean, Linode, AWS, or GCP. -2. The version information of your host's SSH service. -3. The information from your host's SSH configuration file. diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..58d418c --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,199 @@ +name: remote ssh command +on: [push] + +env: + FOO: "BAR" + BAR: "FOO" + +jobs: + + testing01: + name: default flag testing + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: correct password but wrong key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + key: "1234" + port: ${{ secrets.PORT }} + script: whoami + + - name: wrong password but correct key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: "abcdef" + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami + + - name: executing remote ssh commands using password + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami + + - name: executing remote ssh commands using ssh key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami + + - name: multiple command + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al + + - name: stop script if command error + uses: ./ + continue-on-error: true + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + sync: true + debug: true + script: | + mkdir abc/def + ls -al + + - name: ssh key passphrase + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.SSH2 }} + port: ${{ secrets.PORT }} + passphrase: ${{ secrets.PASSPHRASE }} + script: | + whoami + ls -al + + - name: use insecure cipher + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: | + ls \ + -lah + use_insecure_cipher: true + + # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 + - name: Multiline SSH commands interpreted as single lines + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true + + # https://github.com/appleboy/ssh-action/issues/85 + - name: Deployment to multiple hosts with different ports + uses: ./ + with: + host: "${{ secrets.HOST }}:${{ secrets.PORT }}" + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: 1024 + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true + + # - name: SSH ED25519 Private Key + # uses: ./ + # with: + # host: ${{ secrets.TUNNEL_HOST }} + # username: ${{ secrets.TUNNEL_USERNAME }} + # key: ${{ secrets.ID_ED25519 }} + # port: ${{ secrets.TUNNEL_PORT }} + # script: whoami + + testing02: + name: testing with envs + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: pass environment + uses: ./ + env: + FOO: "BAR" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + + - name: pass multiple environment + uses: ./ + env: + FOO: "BAR" + BAR: "FOO" + SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,SHA,PORT + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + echo "sha: $SHA" + echo "port: $PORT" + sh test.sh + + - name: custom envs format + uses: ./ + env: + FOO: "BAR" + AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,AAA + envs_format: export TEST_{NAME}={VALUE} + script: | + echo "I am $TEST_FOO, thanks" + echo "I am $TEST_BAR, thanks" + echo "I am $BAR, thanks" + echo "I am $TEST_AAA, thanks" diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml deleted file mode 100644 index 7f1ae24..0000000 --- a/.github/workflows/goreleaser.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Goreleaser - -on: - push: - tags: - - "*" - -permissions: - contents: write - -jobs: - goreleaser: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Setup go - uses: actions/setup-go@v5 - with: - go-version: "^1" - - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v6 - with: - # either 'goreleaser' (default) or 'goreleaser-pro' - distribution: goreleaser - version: latest - args: release --clean - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index aa01707..0000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,739 +0,0 @@ -name: testing main branch - -on: [push] - -jobs: - default-user-name-password: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server \ - --hostname=openssh-server \ - -p 2222:2222 \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server sh -c "hostname -i" > ip.txt - echo "REMOTE_HOST<> $GITHUB_ENV - cat ip.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip.txt - echo "======================================" - sleep 2 - - - name: ssh by username and password - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - port: 2222 - script: | - #!/usr/bin/env bash - set -e - whoami - - - name: ssh commands from a file - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - port: 2222 - script_path: testdata/test.sh - - # https://github.com/appleboy/ssh-action/issues/377 - - name: multiple commands - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - port: 2222 - script: | - mkdir -p /tmp/test - echo "hello world" > /tmp/test/hello.txt - cd /tmp/test - ls -al - cat /tmp/test/hello.txt - - check-ssh-key: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: add public key to env - run: | - echo "PUBLIC_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_rsa.pub >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= public key =========" - cat testdata/.ssh/id_rsa.pub - echo "============================" - echo "PRIVATE_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_rsa >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= private key =========" - cat testdata/.ssh/id_rsa - echo "============================" - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server \ - --hostname=openssh-server \ - -p 2222:2222 \ - -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server sh -c "hostname -i" > ip.txt - echo "REMOTE_HOST<> $GITHUB_ENV - cat ip.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip.txt - echo "======================================" - sleep 2 - - - name: ssh by private key - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - script: whoami - - - name: wrong password but correct key - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: "abcdef" - key: ${{ env.PRIVATE_KEY }} - port: 2222 - script: whoami - - - name: correct password but wrong key - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - key: password - port: 2222 - script: whoami - - support-key-passphrase: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: add public key to env - run: | - echo "PUBLIC_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= public key =========" - cat testdata/.ssh/id_passphrase.pub - echo "============================" - echo "PRIVATE_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_passphrase >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= private key =========" - cat testdata/.ssh/id_passphrase - echo "============================" - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server \ - --hostname=openssh-server \ - -p 2222:2222 \ - -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server sh -c "hostname -i" > ip.txt - echo "REMOTE_HOST<> $GITHUB_ENV - cat ip.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip.txt - echo "======================================" - sleep 2 - - - name: ssh key passphrase - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - passphrase: 1234 - script: | - whoami - ls -al - - - name: missing ssh key passphrase - uses: ./ - continue-on-error: true - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - script: | - whoami - ls -al - - # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - - name: Multiline SSH commands interpreted as single lines - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - passphrase: 1234 - script: | - ls \ - -lah - use_insecure_cipher: true - - multiple-server: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: add public key to env - run: | - echo "PUBLIC_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= public key =========" - cat testdata/.ssh/id_passphrase.pub - echo "============================" - echo "PRIVATE_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_passphrase >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= private key =========" - cat testdata/.ssh/id_passphrase - echo "============================" - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server-01 \ - --hostname=openssh-server-01 \ - -p 2222:2222 \ - -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server-01 sh -c "hostname -i" > ip01.txt - echo "REMOTE_HOST_01<> $GITHUB_ENV - cat ip01.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip01.txt - echo "======================================" - - docker run -d \ - --name=openssh-server-02 \ - --hostname=openssh-server-02 \ - -p 2223:2222 \ - -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server-02 sh -c "hostname -i" > ip02.txt - echo "REMOTE_HOST_02<> $GITHUB_ENV - cat ip02.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip02.txt - echo "======================================" - - sleep 2 - - # https://github.com/appleboy/ssh-action/issues/85 - - name: Deployment to multiple hosts with different ports - uses: ./ - with: - host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - passphrase: 1234 - script: | - whoami - - support-ed25519-key: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: add public key to env - run: | - echo "PUBLIC_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= public key =========" - cat testdata/.ssh/id_ed25519.pub - echo "============================" - echo "PRIVATE_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= private key =========" - cat testdata/.ssh/id_ed25519 - echo "============================" - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server \ - --hostname=openssh-server \ - -p 2222:2222 \ - -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server sh -c "hostname -i" > ip.txt - echo "REMOTE_HOST<> $GITHUB_ENV - cat ip.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip.txt - echo "======================================" - sleep 2 - - - name: testing id_ed25519 key - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - script: | - whoami - ls -al - - testing-with-env: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: add public key to env - run: | - echo "PUBLIC_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= public key =========" - cat testdata/.ssh/id_ed25519.pub - echo "============================" - echo "PRIVATE_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= private key =========" - cat testdata/.ssh/id_ed25519 - echo "============================" - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server \ - --hostname=openssh-server \ - -p 2222:2222 \ - -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=true \ - -e PASSWORD_ACCESS=true \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server sh -c "hostname -i" > ip.txt - echo "REMOTE_HOST<> $GITHUB_ENV - cat ip.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip.txt - echo "======================================" - sleep 2 - - - name: testing id_ed25519 key - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - script: | - whoami - ls -al - - - name: pass environment - uses: ./ - env: - FOO: "BAR" - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - envs: FOO - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - - - name: pass multiple environment - uses: ./ - env: - FOO: "BAR" - BAR: "FOO" - SHA: ${{ github.sha }} - PORT: ${{ secrets.PORT }} - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - envs: FOO,BAR,SHA,PORT - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - echo "sha: $SHA" - echo "port: $PORT" - - - name: custom envs format - uses: ./ - env: - FOO: "BAR" - AAA: "BBB" - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - envs: FOO,BAR,AAA - envs_format: export TEST_{NAME}={VALUE} - script: | - echo "I am $TEST_FOO, thanks" - echo "I am $TEST_BAR, thanks" - echo "I am $BAR, thanks" - echo "I am $TEST_AAA, thanks" - - - name: pass all ENV variables to script - uses: ./ - env: - INPUT_FOO: "BAR" - INPUT_AAA: "BBB" - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - allenvs: true - script: | - echo "I am $INPUT_FOO, thanks" - echo "I am $INPUT_AAA, thanks" - echo "$GITHUB_BASE_REF" - echo "$GITHUB_REF" - - - name: pass secret variable in shell - uses: ./ - continue-on-error: true - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - script: cd ${{ secrets.PORT }} - - - name: switch to root user - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - request_pty: true - command_timeout: 30s - script: | - whoami && echo 'hello world' && touch todo.txt - sudo whoami - - testing06: - name: testing ipv6 - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: Set up WARP - uses: fscarmen/warp-on-actions@v1.1 - with: - stack: dual - - - name: testing ipv6 for command - run: | - curl -m 9 --ipv6 --verbose https://google.com - - - name: testing ipv6 - uses: ./ - continue-on-error: true - with: - host: 2402:1f00:8000:800::2628 - username: ubuntu - password: ${{ secrets.OVH_PASSWORD }} - protocol: tcp6 - port: 22 - command_timeout: 30s - script: | - whoami - - testing07: - name: some special character - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: Set Environment Variables - run: | - PASS='3HUS$?8kLu)}' - printf "PASS=${PASS}" >> $GITHUB_ENV - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server \ - --hostname=openssh-server \ - -p 2222:2222 \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD='${{ env.PASS }}' \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server sh -c "hostname -i" > ip.txt - echo "REMOTE_HOST<> $GITHUB_ENV - cat ip.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip.txt - echo "======================================" - sleep 2 - - - name: ssh by username and password - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: ${{ env.PASS }} - port: 2222 - script: | - #!/usr/bin/env bash - set -e - whoami - - testing-capturing-output: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server \ - --hostname=openssh-server \ - -p 2222:2222 \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server sh -c "hostname -i" > ip.txt - echo "REMOTE_HOST<> $GITHUB_ENV - cat ip.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip.txt - echo "======================================" - sleep 2 - - - id: stdout - name: ssh command with stdout - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - port: 2222 - capture_stdout: true - script: | - #!/usr/bin/env bash - set -e - whoami - - - name: check stdout - run: | - echo "stdout: ${{ steps.stdout.outputs.stdout }}" - - testing-script-stop: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server \ - --hostname=openssh-server \ - -p 2222:2222 \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server sh -c "hostname -i" > ip.txt - echo "REMOTE_HOST<> $GITHUB_ENV - cat ip.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip.txt - echo "======================================" - sleep 2 - - - id: stdout01 - name: ssh command with stdout 01 - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - port: 2222 - capture_stdout: true - script: | - #!/usr/bin/env bash - set -e - echo "TMP TESTING IF" - if [[ "2" == "1" ]]; then - echo "True" - else - echo "False" - fi - - - name: check stdout 01 - run: | - echo "stdout: ${{ steps.stdout01.outputs.stdout }}" - if echo "${{ steps.stdout01.outputs.stdout }}" | grep -q "True"; then - echo "Output contains 'True'" - exit 1 - fi - if echo "${{ steps.stdout01.outputs.stdout }}" | grep -q "False"; then - echo "Output contains 'False'" - fi - - - id: stdout02 - name: ssh command with stdout 01 - uses: ./ - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - port: 2222 - capture_stdout: true - script: | - #!/usr/bin/env bash - set -e - echo "TMP TESTING IF" - if [[ "1" == "1" ]]; then - echo "True" - else - echo "False" - fi - - - name: check stdout 02 - run: | - echo "stdout: ${{ steps.stdout02.outputs.stdout }}" - if echo "${{ steps.stdout02.outputs.stdout }}" | grep -q "False"; then - echo "Output contains 'False'" - exit 1 - fi - if echo "${{ steps.stdout02.outputs.stdout }}" | grep -q "True"; then - echo "Output contains 'True'" - fi - - testing-script-error: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server \ - --hostname=openssh-server \ - -p 2222:2222 \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server sh -c "hostname -i" > ip.txt - echo "REMOTE_HOST<> $GITHUB_ENV - cat ip.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip.txt - echo "======================================" - sleep 2 - - - name: test script error - uses: ./ - continue-on-error: true - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - port: 2222 - capture_stdout: true - script: | - #!/usr/bin/env bash - set -e - ls /nonexistent diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml deleted file mode 100644 index 7bffc93..0000000 --- a/.github/workflows/stable.yml +++ /dev/null @@ -1,467 +0,0 @@ -name: testing stable version - -on: [push] - -jobs: - default-user-name-password: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server \ - --hostname=openssh-server \ - -p 2222:2222 \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server sh -c "hostname -i" > ip.txt - echo "REMOTE_HOST<> $GITHUB_ENV - cat ip.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip.txt - echo "======================================" - sleep 2 - - - name: ssh by username and password - uses: appleboy/ssh-action@v1 - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - port: 2222 - script: | - #!/usr/bin/env bash - set -e - whoami - - - name: ssh commands from a file - uses: appleboy/ssh-action@v1 - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - port: 2222 - script_path: testdata/test.sh - - check-ssh-key: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: add public key to env - run: | - echo "PUBLIC_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_rsa.pub >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= public key =========" - cat testdata/.ssh/id_rsa.pub - echo "============================" - echo "PRIVATE_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_rsa >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= private key =========" - cat testdata/.ssh/id_rsa - echo "============================" - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server \ - --hostname=openssh-server \ - -p 2222:2222 \ - -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server sh -c "hostname -i" > ip.txt - echo "REMOTE_HOST<> $GITHUB_ENV - cat ip.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip.txt - echo "======================================" - sleep 2 - - - name: ssh by private key - uses: appleboy/ssh-action@v1 - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - script: whoami - - - name: wrong password but correct key - uses: appleboy/ssh-action@v1 - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: "abcdef" - key: ${{ env.PRIVATE_KEY }} - port: 2222 - script: whoami - - - name: correct password but wrong key - uses: appleboy/ssh-action@v1 - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - key: password - port: 2222 - script: whoami - - support-key-passphrase: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: add public key to env - run: | - echo "PUBLIC_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= public key =========" - cat testdata/.ssh/id_passphrase.pub - echo "============================" - echo "PRIVATE_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_passphrase >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= private key =========" - cat testdata/.ssh/id_passphrase - echo "============================" - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server \ - --hostname=openssh-server \ - -p 2222:2222 \ - -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server sh -c "hostname -i" > ip.txt - echo "REMOTE_HOST<> $GITHUB_ENV - cat ip.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip.txt - echo "======================================" - sleep 2 - - - name: ssh key passphrase - uses: appleboy/ssh-action@v1 - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - passphrase: 1234 - script: | - whoami - ls -al - - - name: missing ssh key passphrase - uses: appleboy/ssh-action@v1 - continue-on-error: true - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - script: | - whoami - ls -al - - # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - - name: Multiline SSH commands interpreted as single lines - uses: appleboy/ssh-action@v1 - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - passphrase: 1234 - script: | - ls \ - -lah - use_insecure_cipher: true - - multiple-server: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: add public key to env - run: | - echo "PUBLIC_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= public key =========" - cat testdata/.ssh/id_passphrase.pub - echo "============================" - echo "PRIVATE_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_passphrase >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= private key =========" - cat testdata/.ssh/id_passphrase - echo "============================" - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server-01 \ - --hostname=openssh-server-01 \ - -p 2222:2222 \ - -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server-01 sh -c "hostname -i" > ip01.txt - echo "REMOTE_HOST_01<> $GITHUB_ENV - cat ip01.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip01.txt - echo "======================================" - - docker run -d \ - --name=openssh-server-02 \ - --hostname=openssh-server-02 \ - -p 2223:2222 \ - -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server-02 sh -c "hostname -i" > ip02.txt - echo "REMOTE_HOST_02<> $GITHUB_ENV - cat ip02.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip02.txt - echo "======================================" - - sleep 2 - - # https://github.com/appleboy/ssh-action/issues/85 - - name: Deployment to multiple hosts with different ports - uses: appleboy/ssh-action@v1 - with: - host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - passphrase: 1234 - script: | - whoami - - support-ed25519-key: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: add public key to env - run: | - echo "PUBLIC_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= public key =========" - cat testdata/.ssh/id_ed25519.pub - echo "============================" - echo "PRIVATE_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= private key =========" - cat testdata/.ssh/id_ed25519 - echo "============================" - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server \ - --hostname=openssh-server \ - -p 2222:2222 \ - -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=false \ - -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server sh -c "hostname -i" > ip.txt - echo "REMOTE_HOST<> $GITHUB_ENV - cat ip.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip.txt - echo "======================================" - sleep 2 - - - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1 - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - script: | - whoami - ls -al - - testing-with-env: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: add public key to env - run: | - echo "PUBLIC_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= public key =========" - cat testdata/.ssh/id_ed25519.pub - echo "============================" - echo "PRIVATE_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= private key =========" - cat testdata/.ssh/id_ed25519 - echo "============================" - - - name: create new ssh server - run: | - docker run -d \ - --name=openssh-server \ - --hostname=openssh-server \ - -p 2222:2222 \ - -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=true \ - -e PASSWORD_ACCESS=true \ - -e USER_NAME=linuxserver.io \ - --restart unless-stopped \ - lscr.io/linuxserver/openssh-server:latest - docker exec openssh-server sh -c "hostname -i" > ip.txt - echo "REMOTE_HOST<> $GITHUB_ENV - cat ip.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "======= container ip address =========" - cat ip.txt - echo "======================================" - sleep 2 - - - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1 - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - script: | - whoami - ls -al - - - name: pass environment - uses: appleboy/ssh-action@v1 - env: - FOO: "BAR" - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - envs: FOO - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - - - name: pass multiple environment - uses: appleboy/ssh-action@v1 - env: - FOO: "BAR" - BAR: "FOO" - SHA: ${{ github.sha }} - PORT: ${{ secrets.PORT }} - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - envs: FOO,BAR,SHA,PORT - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - echo "sha: $SHA" - echo "port: $PORT" - - - name: custom envs format - uses: appleboy/ssh-action@v1 - env: - FOO: "BAR" - AAA: "BBB" - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - envs: FOO,BAR,AAA - envs_format: export TEST_{NAME}={VALUE} - script: | - echo "I am $TEST_FOO, thanks" - echo "I am $TEST_BAR, thanks" - echo "I am $BAR, thanks" - echo "I am $TEST_AAA, thanks" - - - name: pass all ENV variables to script - uses: appleboy/ssh-action@v1 - env: - INPUT_FOO: "BAR" - INPUT_AAA: "BBB" - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - allenvs: true - script: | - echo "I am $INPUT_FOO, thanks" - echo "I am $INPUT_AAA, thanks" - echo "$GITHUB_BASE_REF" - echo "$GITHUB_REF" - - - name: switch to root user - uses: appleboy/ssh-action@v1 - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} - port: 2222 - request_pty: true - command_timeout: 30s - script: | - whoami && echo 'hello world' && touch todo.txt - sudo whoami diff --git a/.goreleaser.yaml b/.goreleaser.yaml deleted file mode 100644 index fcd5b97..0000000 --- a/.goreleaser.yaml +++ /dev/null @@ -1,28 +0,0 @@ -builds: - - # If true, skip the build. - # Useful for library projects. - # Default is false - skip: true - -changelog: - use: github - groups: - - title: Features - regexp: "^.*feat[(\\w)]*:+.*$" - order: 0 - - title: "Bug fixes" - regexp: "^.*fix[(\\w)]*:+.*$" - order: 1 - - title: "Enhancements" - regexp: "^.*chore[(\\w)]*:+.*$" - order: 2 - - title: "Refactor" - regexp: "^.*refactor[(\\w)]*:+.*$" - order: 3 - - title: "Build process updates" - regexp: ^.*?(build|ci)(\(.+\))??!?:.+$ - order: 4 - - title: "Documentation updates" - regexp: ^.*?docs?(\(.+\))??!?:.+$ - order: 5 - - title: Others diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..ffdb73d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,5 @@ +FROM ghcr.io/appleboy/drone-ssh:1.6.13 + +COPY entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] diff --git a/README.md b/README.md index f3f79a3..425658d 100644 --- a/README.md +++ b/README.md @@ -1,247 +1,170 @@ # 🚀 SSH for GitHub Actions -English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) +[繁體中文](./README.zh-tw.md) -## Table of Contents - -- [🚀 SSH for GitHub Actions](#-ssh-for-github-actions) - - [Table of Contents](#table-of-contents) - - [📖 Introduction](#-introduction) - - [🧩 Core Concepts \& Input Parameters](#-core-concepts--input-parameters) - - [🔌 Connection Settings](#-connection-settings) - - [🛠️ SSH Command Settings](#️-ssh-command-settings) - - [🌐 Proxy Settings](#-proxy-settings) - - [⚡ Quick Start](#-quick-start) - - [🔑 SSH Key Setup \& OpenSSH Compatibility](#-ssh-key-setup--openssh-compatibility) - - [Setting Up SSH Keys](#setting-up-ssh-keys) - - [Generate RSA key](#generate-rsa-key) - - [Generate ED25519 key](#generate-ed25519-key) - - [OpenSSH Compatibility](#openssh-compatibility) - - [🛠️ Usage Scenarios \& Advanced Examples](#️-usage-scenarios--advanced-examples) - - [Using password authentication](#using-password-authentication) - - [Using private key authentication](#using-private-key-authentication) - - [Multiple commands](#multiple-commands) - - [Run commands from a file](#run-commands-from-a-file) - - [Multiple hosts](#multiple-hosts) - - [Multiple hosts with different ports](#multiple-hosts-with-different-ports) - - [Synchronous execution on multiple hosts](#synchronous-execution-on-multiple-hosts) - - [Pass environment variables to shell script](#pass-environment-variables-to-shell-script) - - [🌐 Proxy \& Jump Host Usage](#-proxy--jump-host-usage) - - [🛡️ Security Best Practices](#️-security-best-practices) - - [Protecting Your Private Key](#protecting-your-private-key) - - [Host Fingerprint Verification](#host-fingerprint-verification) - - [🚨 Error Handling \& Troubleshooting](#-error-handling--troubleshooting) - - [Q\&A](#qa) - - [Command not found (npm or other command)](#command-not-found-npm-or-other-command) - - [🤝 Contributing](#-contributing) - - [📝 License](#-license) - ---- - -## 📖 Introduction - -**SSH for GitHub Actions** is a powerful [GitHub Action](https://github.com/features/actions) for executing remote SSH commands easily and securely in your CI/CD workflows. -Built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh), it supports a wide range of SSH scenarios, including multi-host, proxy, and advanced authentication. +[GitHub Action](https://github.com/features/actions) for executing remote ssh commands. ![ssh workflow](./images/ssh-workflow.png) -[![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) +[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) ---- +**Important**: Only support **Linux** [docker](https://www.docker.com/) container. -## 🧩 Core Concepts & Input Parameters +This thing is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 -This action provides flexible SSH command execution with a rich set of configuration options. +## Input variables -For full details, see [action.yml](./action.yml). +See [action.yml](./action.yml) for more detailed information. -### 🔌 Connection Settings +* `host` - ssh host +* `port` - ssh port, default is `22` +* `username` - ssh username +* `password` - ssh password +* `passphrase` - the passphrase is usually to encrypt the private key +* `sync` - synchronous execution if multiple hosts, default is false +* `timeout` - timeout for ssh to remote host, default is `30s` +* `command_timeout` - timeout for ssh command, default is `10m` +* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, remember include the BEGIN and END lines +* `key_path` - path of ssh private key +* `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification +* `script` - execute commands +* `script_stop` - stop script after first failure +* `envs` - pass environment variable to shell script +* `debug` - enable debug mode +* `use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) +* `cipher` - the allowed cipher algorithms. If unspecified then a sensible +* `envs_format` - flexible configuration of environment value transfer. default is `export {NAME}={VALUE}` -These parameters control how the action connects to your remote host. +SSH Proxy Setting: -| Parameter | Description | Default | -| ------------------- | ----------------------------------------------------------------- | ------- | -| host | SSH host address | | -| port | SSH port number | 22 | -| username | SSH username | | -| password | SSH password | | -| protocol | SSH protocol version (`tcp`, `tcp4`, `tcp6`) | tcp | -| sync | Run synchronously if multiple hosts are specified | false | -| timeout | Timeout for SSH connection to host | 30s | -| key | Content of SSH private key (e.g., raw content of `~/.ssh/id_rsa`) | | -| key_path | Path to SSH private key | | -| passphrase | Passphrase for the SSH private key | | -| fingerprint | SHA256 fingerprint of the host public key | | -| use_insecure_cipher | Allow additional (less secure) ciphers | false | -| cipher | Allowed cipher algorithms. Uses sensible defaults if unspecified | | +* `proxy_host` - proxy host +* `proxy_port` - proxy port, default is `22` +* `proxy_username` - proxy username +* `proxy_password` - proxy password +* `proxy_passphrase` - the passphrase is usually to encrypt the private key +* `proxy_timeout` - timeout for ssh to proxy host, default is `30s` +* `proxy_key` - content of ssh proxy private key. +* `proxy_key_path` - path of ssh proxy private key +* `proxy_fingerprint` - fingerprint SHA256 of the proxy host public key, default is to skip verification +* `proxy_use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) +* `proxy_cipher` - the allowed cipher algorithms. If unspecified then a sensible ---- +## Usage -### 🛠️ SSH Command Settings - -These parameters control the commands executed on the remote host and related behaviors. - -| Parameter | Description | Default | -| --------------- | --------------------------------------------------------------------------------- | ------- | -| script | Commands to execute remotely | | -| script_path | Path to a file in the repository containing commands to execute remotely | | -| envs | Environment variables to pass to the shell script | | -| envs_format | Flexible configuration for environment variable transfer | | -| allenvs | Pass all environment variables with `GITHUB_` and `INPUT_` prefixes to the script | false | -| command_timeout | Timeout for SSH command execution | 10m | -| debug | Enable debug mode | false | -| request_pty | Request a pseudo-terminal from the server | false | -| curl_insecure | Allow curl to connect to SSL sites without certificates | false | -| version | drone-ssh binary version. If not specified, the latest version will be used. | | - ---- - -### 🌐 Proxy Settings - -These parameters control the use of a proxy (jump host) for connecting to your target host. - -| Parameter | Description | Default | -| ------------------------- | ----------------------------------------------- | ------- | -| proxy_host | SSH proxy host | | -| proxy_port | SSH proxy port | 22 | -| proxy_username | SSH proxy username | | -| proxy_password | SSH proxy password | | -| proxy_passphrase | SSH proxy key passphrase | | -| proxy_protocol | SSH proxy protocol version | tcp | -| proxy_timeout | Timeout for SSH connection to proxy host | 30s | -| proxy_key | Content of SSH proxy private key | | -| proxy_key_path | Path to SSH proxy private key | | -| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | -| proxy_cipher | Allowed cipher algorithms for the proxy | | -| proxy_use_insecure_cipher | Allow insecure ciphers for the proxy | false | - -> **Note:** To mimic the removed `script_stop` option, add `set -e` at the top of your shell script. - ---- - -## ⚡ Quick Start - -Run remote SSH commands in your workflow with minimal configuration: +Executing remote ssh commands. ```yaml -name: Remote SSH Command +name: remote ssh command on: [push] jobs: + build: name: Build runs-on: ubuntu-latest steps: - - name: Execute remote SSH commands using password - uses: appleboy/ssh-action@v1 - with: - host: ${{ secrets.HOST }} - username: linuxserver.io - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v0.1.9 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami ``` -**Output:** +output: ```sh ======CMD====== whoami ======END====== -linuxserver.io -=============================================== -✅ Successfully executed commands to all hosts. -=============================================== +out: *** +============================================== +✅ Successfully executed commands to all host. +============================================== ``` ---- +### Setting up a SSH Key -## 🔑 SSH Key Setup & OpenSSH Compatibility +Make sure to follow the below steps while creating SSH Keys and using them. +The best practice is create the SSH Keys on local machine not remote machine. +Login with username specified in Github Secrets. Generate a RSA Key-Pair: -### Setting Up SSH Keys - -It is best practice to create SSH keys on your local machine (not on a remote server). Log in with the username specified in GitHub Secrets and generate a key pair: - -#### Generate RSA key +### Generate rsa key ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -#### Generate ED25519 key +### Generate ed25519 key ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -Add the new public key to the authorized keys on your server. [Learn more about authorized keys.](https://www.ssh.com/ssh/authorized_keys/) +Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). + +### Add rsa key into Authorized keys ```bash -# Add RSA key -cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys' - -# Add ED25519 key -cat .ssh/id_ed25519.pub | ssh user@host 'cat >> .ssh/authorized_keys' +cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` -Copy the private key content and paste it into GitHub Secrets. +### Add ed25519 key into Authorized keys ```bash -# macOS -pbcopy < ~/.ssh/id_rsa -# Ubuntu -xclip < ~/.ssh/id_rsa +cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` -> **Tip:** Copy from `-----BEGIN OPENSSH PRIVATE KEY-----` to `-----END OPENSSH PRIVATE KEY-----` (inclusive). +Copy Private Key content and paste in Github Secrets. -For ED25519: +### Copy rsa Private key ```bash -# macOS -pbcopy < ~/.ssh/id_ed25519 -# Ubuntu -xclip < ~/.ssh/id_ed25519 +clip < ~/.ssh/id_rsa ``` -See more: [SSH login without a password](http://www.linuxproblem.org/art_9.html). +### Copy ed25519 Private key -> **Note:** Depending on your SSH version, you may also need to: -> -> - Place the public key in `.ssh/authorized_keys2` -> - Set `.ssh` permissions to 700 -> - Set `.ssh/authorized_keys2` permissions to 640 +```bash +clip < ~/.ssh/id_ed25519 +``` -### OpenSSH Compatibility +See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html). -If you see this error: +**A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes: + +* Put the public key in `.ssh/authorized_keys2` +* Change the permissions of `.ssh` to 700 +* Change the permissions of `.ssh/authorized_keys2` to 640 + +### If you are using OpenSSH + +If you are currently using OpenSSH and are getting the following error: ```bash ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -On Ubuntu 20.04+ you may need to explicitly allow the `ssh-rsa` algorithm. Add this to your OpenSSH daemon config (`/etc/ssh/sshd_config` or a drop-in under `/etc/ssh/sshd_config.d/`): +Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`): ```bash CASignatureAlgorithms +ssh-rsa ``` -Alternatively, use ED25519 keys (supported by default): +Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed: ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` ---- +### Example -## 🛠️ Usage Scenarios & Advanced Examples - -This section covers common and advanced usage patterns, including multi-host, proxy, and environment variable passing. - -### Using password authentication +#### Executing remote ssh commands using password ```yaml -- name: Execute remote SSH commands using password - uses: appleboy/ssh-action@v1 +- name: executing remote ssh commands using password + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -250,11 +173,11 @@ This section covers common and advanced usage patterns, including multi-host, pr script: whoami ``` -### Using private key authentication +#### Using private key ```yaml -- name: Execute remote SSH commands using SSH key - uses: appleboy/ssh-action@v1 +- name: executing remote ssh commands using ssh key + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -263,11 +186,11 @@ This section covers common and advanced usage patterns, including multi-host, pr script: whoami ``` -### Multiple commands +#### Multiple Commands ```yaml -- name: Multiple commands - uses: appleboy/ssh-action@v1 +- name: multiple command + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -280,24 +203,11 @@ This section covers common and advanced usage patterns, including multi-host, pr ![result](./images/output-result.png) -### Run commands from a file - -```yaml -- name: File commands - uses: appleboy/ssh-action@v1 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_path: scripts/script.sh -``` - -### Multiple hosts +#### Multiple Hosts ```diff - - name: Multiple hosts - uses: appleboy/ssh-action@v1 + - name: multiple host + uses: appleboy/ssh-action@v0.1.9 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -309,13 +219,11 @@ This section covers common and advanced usage patterns, including multi-host, pr ls -al ``` -Default `port` is `22`. - -### Multiple hosts with different ports +#### Multiple hosts with different port ```diff - - name: Multiple hosts - uses: appleboy/ssh-action@v1 + - name: multiple host + uses: appleboy/ssh-action@v0.1.9 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -326,11 +234,11 @@ Default `port` is `22`. ls -al ``` -### Synchronous execution on multiple hosts +#### Synchronous execution on multiple hosts ```diff - - name: Multiple hosts - uses: appleboy/ssh-action@v1 + - name: multiple host + uses: appleboy/ssh-action@v0.1.9 with: host: "foo.com,bar.com" + sync: true @@ -342,11 +250,11 @@ Default `port` is `22`. ls -al ``` -### Pass environment variables to shell script +#### Pass environment variable to shell script ```diff - - name: Pass environment - uses: appleboy/ssh-action@v1 + - name: pass environment + uses: appleboy/ssh-action@v0.1.9 + env: + FOO: "BAR" + BAR: "FOO" @@ -363,13 +271,40 @@ Default `port` is `22`. echo "sha: $SHA" ``` -> _All environment variables in the `env` object must be strings. Using integers or other types may cause unexpected results._ +_Inside `env` object, you need to pass every environment variable as a string, passing `Integer` data type or any other may output unexpected results._ ---- +#### Stop script after first failure -## 🌐 Proxy & Jump Host Usage +> ex: missing `abc` folder -You can connect to remote hosts via a proxy (jump host) for advanced network topologies. +```diff + - name: stop script if command error + uses: appleboy/ssh-action@v0.1.9 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ script_stop: true + script: | + mkdir abc/def + ls -al +``` + +output: + +```sh +======CMD====== +mkdir abc/def +ls -al + +======END====== +2019/11/21 01:16:21 Process exited with status 1 +err: mkdir: cannot create directory ‘abc/def’: No such file or directory +##[error]Docker run failed with exit code 1 +``` + +#### How to connect remote server using `ProxyCommand`? ```bash +--------+ +----------+ +-----------+ @@ -377,7 +312,7 @@ You can connect to remote hosts via a proxy (jump host) for advanced network top +--------+ +----------+ +-----------+ ``` -Example `~/.ssh/config`: +in your `~/.ssh/config`, you will see the following. ```bash Host Jumphost @@ -393,11 +328,11 @@ Host FooServer ProxyCommand ssh -q -W %h:%p Jumphost ``` -**GitHub Actions YAML:** +#### How to convert to YAML format of GitHubActions ```diff - - name: SSH proxy command - uses: appleboy/ssh-action@v1 + - name: ssh proxy command + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -412,17 +347,15 @@ Host FooServer ls -al ``` ---- +#### Protecting a Private Key -## 🛡️ Security Best Practices - -### Protecting Your Private Key - -A passphrase encrypts your private key, making it useless to attackers if leaked. Always store your private key securely. +The purpose of the passphrase is usually to encrypt the private key. +This makes the key file by itself useless to an attacker. +It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems. ```diff - - name: SSH key passphrase - uses: appleboy/ssh-action@v1 + - name: ssh key passphrase + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -434,19 +367,21 @@ A passphrase encrypts your private key, making it useless to attackers if leaked ls -al ``` -### Host Fingerprint Verification +#### Using host fingerprint verification -Verifying the SSH host fingerprint helps prevent man-in-the-middle attacks. To get your host's fingerprint (replace `ed25519` with your key type and `example.com` with your host): +Setting up SSH host fingerprint verification can help to prevent Person-in-the-Middle attacks. Before setting this up, run the command below to get your SSH host fingerprint. Remember to replace `ed25519` with your appropriate key type (`rsa`, `dsa`, etc.) that your server is using and `example.com` with your host. + +In modern OpenSSH releases, the _default_ key types to be fetched are `rsa` (since version 5.1), `ecdsa` (since version 6.0), and `ed25519` (since version 6.7). ```sh ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 ``` -Update your config: +Now you can adjust you config: ```diff - - name: SSH key passphrase - uses: appleboy/ssh-action@v1 + - name: ssh key passphrase + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -458,33 +393,10 @@ Update your config: ls -al ``` ---- +## Contributing -## 🚨 Error Handling & Troubleshooting +We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! -### Q&A +## License -#### Command not found (npm or other command) - -If you encounter "command not found" errors, see [this issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non-interactive shells. - -On many Linux distros, `/etc/bash.bashrc` contains: - -```sh -# If not running interactively, don't do anything -[ -z "$PS1" ] && return -``` - -Comment out this line or use absolute paths for your commands. - ---- - -## 🤝 Contributing - -Contributions are welcome! Please submit a pull request to help improve `appleboy/ssh-action`. - ---- - -## 📝 License - -This project is licensed under the [MIT License](LICENSE). +The scripts and documentation in this project are released under the [MIT License](LICENSE) diff --git a/README.zh-cn.md b/README.zh-cn.md deleted file mode 100644 index 40d6400..0000000 --- a/README.zh-cn.md +++ /dev/null @@ -1,490 +0,0 @@ -# 🚀 用于 GitHub Actions 的 SSH - -[English](./README.md) | [繁體中文](./README.zh-tw.md) | 简体中文 - -## 目录 - -- [🚀 用于 GitHub Actions 的 SSH](#-用于-github-actions-的-ssh) - - [目录](#目录) - - [📖 简介](#-简介) - - [🧩 核心概念与输入参数](#-核心概念与输入参数) - - [🔌 连接设置](#-连接设置) - - [🛠️ 指令设置](#️-指令设置) - - [🌐 代理设置](#-代理设置) - - [⚡ 快速开始](#-快速开始) - - [🔑 SSH 密钥配置与 OpenSSH 兼容性](#-ssh-密钥配置与-openssh-兼容性) - - [配置 SSH 密钥](#配置-ssh-密钥) - - [生成 RSA 密钥](#生成-rsa-密钥) - - [生成 ED25519 密钥](#生成-ed25519-密钥) - - [OpenSSH 兼容性](#openssh-兼容性) - - [🛠️ 用法场景与进阶示例](#️-用法场景与进阶示例) - - [使用密码认证](#使用密码认证) - - [使用私钥认证](#使用私钥认证) - - [多条命令](#多条命令) - - [从文件执行命令](#从文件执行命令) - - [多主机](#多主机) - - [多主机不同端口](#多主机不同端口) - - [多主机同步执行](#多主机同步执行) - - [传递环境变量到 shell 脚本](#传递环境变量到-shell-脚本) - - [🌐 代理与跳板机用法](#-代理与跳板机用法) - - [🛡️ 安全最佳实践](#️-安全最佳实践) - - [保护你的私钥](#保护你的私钥) - - [主机指纹验证](#主机指纹验证) - - [🚨 错误处理与疑难解答](#-错误处理与疑难解答) - - [常见问题](#常见问题) - - [命令未找到(npm 或其他命令)](#命令未找到npm-或其他命令) - - [🤝 贡献](#-贡献) - - [📝 许可证](#-许可证) - ---- - -## 📖 简介 - -**SSH for GitHub Actions** 是一个强大的 [GitHub Action](https://github.com/features/actions),可让你在 CI/CD 工作流中轻松且安全地执行远程 SSH 命令。 -本项目基于 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 构建,支持多主机、代理、高级认证等多种 SSH 场景。 - -![ssh workflow](./images/ssh-workflow.png) - -[![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) - ---- - -## 🧩 核心概念与输入参数 - -本 Action 提供灵活的 SSH 命令执行能力,并具备丰富的配置选项。 - -详细参数请参阅 [action.yml](./action.yml)。 - -### 🔌 连接设置 - -这些参数用于控制如何连接到远程主机。 - -| 参数 | 描述 | 默认值 | -| ------------------- | --------------------------------------------- | ------ | -| host | SSH 主机地址 | | -| port | SSH 端口号 | 22 | -| username | SSH 用户名 | | -| password | SSH 密码 | | -| protocol | SSH 协议版本(`tcp`、`tcp4`、`tcp6`) | tcp | -| sync | 指定多个主机时同步执行 | false | -| timeout | SSH 连接主机的超时时间 | 30s | -| key | SSH 私钥内容(如 `~/.ssh/id_rsa` 的原始内容) | | -| key_path | SSH 私钥路径 | | -| passphrase | SSH 私钥密码短语 | | -| fingerprint | 主机公钥的 SHA256 指纹 | | -| use_insecure_cipher | 允许额外(不安全)的加密算法 | false | -| cipher | 允许的加密算法,未指定时使用默认值 | | - ---- - -### 🛠️ 指令设置 - -这些参数用于控制在远程主机上执行的命令及相关行为。 - -| 参数 | 描述 | 默认值 | -| --------------- | ----------------------------------------------------- | ------ | -| script | 远程执行的命令 | | -| script_path | 仓库中包含要远程执行命令的文件路径 | | -| envs | 传递给 shell 脚本的环境变量 | | -| envs_format | 环境变量传递的灵活配置 | | -| allenvs | 传递所有带 `GITHUB_` 和 `INPUT_` 前缀的环境变量到脚本 | false | -| command_timeout | SSH 命令执行超时时间 | 10m | -| debug | 启用调试模式 | false | -| request_pty | 向服务器请求伪终端 | false | -| curl_insecure | 允许 curl 连接无证书的 SSL 站点 | false | -| version | drone-ssh 二进制版本,未指定时使用最新版本 | | - ---- - -### 🌐 代理设置 - -这些参数用于通过代理(跳板机)连接到目标主机。 - -| 参数 | 描述 | 默认值 | -| ------------------------- | ----------------------------------------- | ------ | -| proxy_host | SSH 代理主机 | | -| proxy_port | SSH 代理端口 | 22 | -| proxy_username | SSH 代理用户名 | | -| proxy_password | SSH 代理密码 | | -| proxy_passphrase | SSH 代理私钥密码短语 | | -| proxy_protocol | SSH 代理协议版本(`tcp`、`tcp4`、`tcp6`) | tcp | -| proxy_timeout | SSH 连接代理主机的超时时间 | 30s | -| proxy_key | SSH 代理私钥内容 | | -| proxy_key_path | SSH 代理私钥路径 | | -| proxy_fingerprint | 代理主机公钥的 SHA256 指纹 | | -| proxy_cipher | 代理允许的加密算法 | | -| proxy_use_insecure_cipher | 代理允许额外(不安全)的加密算法 | false | - -> **注意:** 如需实现已移除的 `script_stop` 功能,请在 shell 脚本顶部添加 `set -e`。 - ---- - -## ⚡ 快速开始 - -只需简单配置,即可在工作流中执行远程 SSH 命令: - -```yaml -name: Remote SSH Command -on: [push] -jobs: - build: - name: Build - runs-on: ubuntu-latest - steps: - - name: 执行远程 SSH 命令(密码认证) - uses: appleboy/ssh-action@v1 - with: - host: ${{ secrets.HOST }} - username: linuxserver.io - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami -``` - -**输出:** - -```sh -======CMD====== -whoami -======END====== -linuxserver.io -=============================================== -✅ Successfully executed commands to all hosts. -=============================================== -``` - ---- - -## 🔑 SSH 密钥配置与 OpenSSH 兼容性 - -### 配置 SSH 密钥 - -建议在本地机器(而非远程服务器)上创建 SSH 密钥。请使用 GitHub Secrets 中指定的用户名登录并生成密钥对: - -#### 生成 RSA 密钥 - -```bash -ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -``` - -#### 生成 ED25519 密钥 - -```bash -ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" -``` - -将新生成的公钥添加到服务器的 authorized_keys。 [了解更多 authorized_keys](https://www.ssh.com/ssh/authorized_keys/) - -```bash -# 添加 RSA 公钥 -cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys' - -# 添加 ED25519 公钥 -cat .ssh/id_ed25519.pub | ssh user@host 'cat >> .ssh/authorized_keys' -``` - -复制私钥内容并粘贴到 GitHub Secrets。 - -```bash -# macOS -pbcopy < ~/.ssh/id_rsa -# Ubuntu -xclip < ~/.ssh/id_rsa -``` - -> **提示:** 复制内容需包含 `-----BEGIN OPENSSH PRIVATE KEY-----` 到 `-----END OPENSSH PRIVATE KEY-----`(含)。 - -ED25519 同理: - -```bash -# macOS -pbcopy < ~/.ssh/id_ed25519 -# Ubuntu -xclip < ~/.ssh/id_ed25519 -``` - -更多信息:[SSH 无密码登录](http://www.linuxproblem.org/art_9.html)。 - -> **注意:** 根据 SSH 版本,可能还需: -> -> - 将公钥放入 `.ssh/authorized_keys2` -> - 设置 `.ssh` 权限为 700 -> - 设置 `.ssh/authorized_keys2` 权限为 640 - -### OpenSSH 兼容性 - -如果出现如下错误: - -```bash -ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] -``` - -在 Ubuntu 20.04+,你可能需要显式允许 `ssh-rsa` 算法。请在 OpenSSH 配置文件(`/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 下的 drop-in 文件)中添加: - -```bash -CASignatureAlgorithms +ssh-rsa -``` - -或者,直接使用默认支持的 ED25519 密钥: - -```bash -ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" -``` - ---- - -## 🛠️ 用法场景与进阶示例 - -本节涵盖常见与进阶用法,包括多主机、代理、环境变量传递等。 - -### 使用密码认证 - -```yaml -- name: 执行远程 SSH 命令(密码认证) - uses: appleboy/ssh-action@v1 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami -``` - -### 使用私钥认证 - -```yaml -- name: 执行远程 SSH 命令(密钥认证) - uses: appleboy/ssh-action@v1 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami -``` - -### 多条命令 - -```yaml -- name: 多条命令 - uses: appleboy/ssh-action@v1 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al -``` - -![result](./images/output-result.png) - -### 从文件执行命令 - -```yaml -- name: 文件命令 - uses: appleboy/ssh-action@v1 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_path: scripts/script.sh -``` - -### 多主机 - -```diff - - name: 多主机 - uses: appleboy/ssh-action@v1 - with: -- host: "foo.com" -+ host: "foo.com,bar.com" - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al -``` - -默认 `port` 为 `22`。 - -### 多主机不同端口 - -```diff - - name: 多主机 - uses: appleboy/ssh-action@v1 - with: -- host: "foo.com" -+ host: "foo.com:1234,bar.com:5678" - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - script: | - whoami - ls -al -``` - -### 多主机同步执行 - -```diff - - name: 多主机 - uses: appleboy/ssh-action@v1 - with: - host: "foo.com,bar.com" -+ sync: true - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al -``` - -### 传递环境变量到 shell 脚本 - -```diff - - name: 传递环境变量 - uses: appleboy/ssh-action@v1 -+ env: -+ FOO: "BAR" -+ BAR: "FOO" -+ SHA: ${{ github.sha }} - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} -+ envs: FOO,BAR,SHA - script: | - echo "I am $FOO" - echo "I am $BAR" - echo "sha: $SHA" -``` - -> _`env` 对象中的所有环境变量必须为字符串。传递整数或其他类型可能导致意外结果。_ - ---- - -## 🌐 代理与跳板机用法 - -你可以通过代理(跳板机)连接到远程主机,适用于进阶网络拓扑。 - -```bash -+--------+ +----------+ +-----------+ -| Laptop | <--> | Jumphost | <--> | FooServer | -+--------+ +----------+ +-----------+ -``` - -示例 `~/.ssh/config`: - -```bash -Host Jumphost - HostName Jumphost - User ubuntu - Port 22 - IdentityFile ~/.ssh/keys/jump_host.pem - -Host FooServer - HostName FooServer - User ubuntu - Port 22 - ProxyCommand ssh -q -W %h:%p Jumphost -``` - -**GitHub Actions YAML:** - -```diff - - name: SSH 代理命令 - uses: appleboy/ssh-action@v1 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} -+ proxy_host: ${{ secrets.PROXY_HOST }} -+ proxy_username: ${{ secrets.PROXY_USERNAME }} -+ proxy_key: ${{ secrets.PROXY_KEY }} -+ proxy_port: ${{ secrets.PROXY_PORT }} - script: | - mkdir abc/def - ls -al -``` - ---- - -## 🛡️ 安全最佳实践 - -### 保护你的私钥 - -密码短语会加密你的私钥,即使泄露也无法被攻击者直接利用。请务必妥善保管私钥。 - -```diff - - name: SSH 密钥密码短语 - uses: appleboy/ssh-action@v1 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} -+ passphrase: ${{ secrets.PASSPHRASE }} - script: | - whoami - ls -al -``` - -### 主机指纹验证 - -验证 SSH 主机指纹有助于防止中间人攻击。获取主机指纹(将 `ed25519` 替换为你的密钥类型,`example.com` 替换为你的主机): - -```sh -ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 -``` - -更新配置: - -```diff - - name: SSH 密钥密码短语 - uses: appleboy/ssh-action@v1 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} -+ fingerprint: ${{ secrets.FINGERPRINT }} - script: | - whoami - ls -al -``` - ---- - -## 🚨 错误处理与疑难解答 - -### 常见问题 - -#### 命令未找到(npm 或其他命令) - -如果遇到 "command not found" 错误,请参考 [此评论](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) 了解交互式与非交互式 shell 的区别。 - -许多 Linux 发行版的 `/etc/bash.bashrc` 包含如下内容: - -```sh -# If not running interactively, don't do anything -[ -z "$PS1" ] && return -``` - -注释掉该行或使用命令的绝对路径。 - ---- - -## 🤝 贡献 - -欢迎贡献!请提交 Pull Request 改进 `appleboy/ssh-action`。 - ---- - -## 📝 许可证 - -本项目采用 [MIT License](LICENSE) 授权。 diff --git a/README.zh-tw.md b/README.zh-tw.md index cb590aa..e81326c 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -1,247 +1,163 @@ -# 🚀 GitHub Actions 的 SSH +# 🚀 用於 GitHub Actions 的 SSH -[English](./README.md) | 繁體中文 | [简体中文](./README.zh-cn.md) - -## 目錄 - -- [🚀 GitHub Actions 的 SSH](#-github-actions-的-ssh) - - [目錄](#目錄) - - [📖 簡介](#-簡介) - - [🧩 核心概念與輸入參數](#-核心概念與輸入參數) - - [🔌 連線設定](#-連線設定) - - [🛠️ 指令設定](#️-指令設定) - - [🌐 代理設定](#-代理設定) - - [⚡ 快速開始](#-快速開始) - - [🔑 SSH 金鑰設定與 OpenSSH 相容性](#-ssh-金鑰設定與-openssh-相容性) - - [設定 SSH 金鑰](#設定-ssh-金鑰) - - [產生 RSA 金鑰](#產生-rsa-金鑰) - - [產生 ED25519 金鑰](#產生-ed25519-金鑰) - - [OpenSSH 相容性](#openssh-相容性) - - [🛠️ 用法場景與進階範例](#️-用法場景與進階範例) - - [使用密碼認證](#使用密碼認證) - - [使用私鑰認證](#使用私鑰認證) - - [多條指令](#多條指令) - - [從檔案執行指令](#從檔案執行指令) - - [多主機](#多主機) - - [多主機不同埠號](#多主機不同埠號) - - [多主機同步執行](#多主機同步執行) - - [傳遞環境變數到 shell 腳本](#傳遞環境變數到-shell-腳本) - - [🌐 代理與跳板機用法](#-代理與跳板機用法) - - [🛡️ 安全最佳實踐](#️-安全最佳實踐) - - [保護你的私鑰](#保護你的私鑰) - - [主機指紋驗證](#主機指紋驗證) - - [🚨 錯誤處理與疑難排解](#-錯誤處理與疑難排解) - - [常見問題](#常見問題) - - [指令找不到(npm 或其他指令)](#指令找不到npm-或其他指令) - - [🤝 貢獻](#-貢獻) - - [📝 授權](#-授權) - ---- - -## 📖 簡介 - -**SSH for GitHub Actions** 是一個強大的 [GitHub Action](https://github.com/features/actions),可讓你在 CI/CD 工作流程中輕鬆且安全地執行遠端 SSH 指令。 -本專案以 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 建立,支援多主機、代理、進階認證等多種 SSH 場景。 +[GitHub Action](https://github.com/features/actions) for executing remote ssh commands. ![ssh workflow](./images/ssh-workflow.png) -[![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) +[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) ---- +**注意**: 只支援在 **Linux** [docker](https://www.docker.com/) 容器上執行。 -## 🧩 核心概念與輸入參數 +## 輸入變數 -本 Action 提供彈性的 SSH 指令執行能力,並具備豐富的設定選項。 +更詳細的資訊,請參閱 [action.yml](./action.yml)。 -完整參數請參閱 [action.yml](./action.yml)。 +* `host` - SSH 主機 +* `port` - SSH 連接埠,預設為 `22` +* `username` - SSH 使用者名稱 +* `password` - SSH 密碼 +* `passphrase` - 通常用於加密私鑰的 passphrase +* `sync` - 同步執行多個主機上的命令,預設為 false +* `timeout` - SSH 連接到遠端主機的超時時間,預設為 `30s` +* `command_timeout` - SSH 命令超時時間,預設為 10m +* `key` - SSH 私鑰的內容,例如 ~/.ssh/id_rsa 的原始內容,請記得包含 BEGIN 和 END 行 +* `key_path` - SSH 私鑰的路徑 +* `fingerprint` - 主機公鑰的 SHA256 指紋,預設為略過驗證 +* `script` - 執行命令 +* `script_stop` - 當出現第一個錯誤時停止執行命令 +* `envs` - 傳遞環境變數到 shell script +* `debug` - 啟用偵錯模式 +* `use_insecure_cipher` - 使用不安全的密碼(ciphers)進行加密,參見 [#56](https://github.com/appleboy/ssh-action/issues/56) +* `cipher` - 允許使用的密碼(ciphers)演算法。如果未指定,則使用適當的演算法 -### 🔌 連線設定 +SSH 代理設置: -這些參數用於控制如何連線到遠端主機。 +* `proxy_host` - 代理主機 +* `proxy_port` - 代理端口,預設為 `22` +* `proxy_username` - 代理使用者名稱 +* `proxy_password` - 代理密碼 +* `proxy_passphrase` - 密碼通常用於加密私有金鑰 +* `proxy_timeout` - SSH 連線至代理主機的逾時時間,預設為 `30s` +* `proxy_key` - SSH 代理私有金鑰內容 +* `proxy_key_path` - SSH 代理私有金鑰路徑 +* `proxy_fingerprint` - 代理主機公鑰的 SHA256 指紋,預設為跳過驗證 +* `proxy_use_insecure_cipher` - 使用不安全的加密方式,請參閱 [#56](https://github.com/appleboy/ssh-action/issues/56) +* `proxy_cipher` - 允許的加密算法。如果未指定,則使用合理的算法 -| 參數 | 說明 | 預設值 | -| ------------------- | --------------------------------------------- | ------ | -| host | SSH 主機位址 | | -| port | SSH 埠號 | 22 | -| username | SSH 使用者名稱 | | -| password | SSH 密碼 | | -| protocol | SSH 協議版本(`tcp`、`tcp4`、`tcp6`) | tcp | -| sync | 指定多個主機時同步執行 | false | -| timeout | SSH 連線主機的逾時時間 | 30s | -| key | SSH 私鑰內容(如 `~/.ssh/id_rsa` 的原始內容) | | -| key_path | SSH 私鑰路徑 | | -| passphrase | SSH 私鑰密碼 | | -| fingerprint | 主機公鑰的 SHA256 指紋 | | -| use_insecure_cipher | 允許額外(不安全)的加密演算法 | false | -| cipher | 允許的加密演算法,未指定時使用預設值 | | +## 使用方式 ---- - -### 🛠️ 指令設定 - -這些參數用於控制在遠端主機上執行的指令及相關行為。 - -| 參數 | 說明 | 預設值 | -| --------------- | ----------------------------------------------------- | ------ | -| script | 遠端執行的指令 | | -| script_path | 儲存庫中包含要遠端執行指令的檔案路徑 | | -| envs | 傳遞給 shell 腳本的環境變數 | | -| envs_format | 環境變數傳遞的彈性設定 | | -| allenvs | 傳遞所有帶 `GITHUB_` 和 `INPUT_` 前綴的環境變數到腳本 | false | -| command_timeout | SSH 指令執行逾時時間 | 10m | -| debug | 啟用除錯模式 | false | -| request_pty | 向伺服器請求偽終端 | false | -| curl_insecure | 允許 curl 連線無憑證的 SSL 網站 | false | -| version | drone-ssh 執行檔版本,未指定時使用最新版本 | | - ---- - -### 🌐 代理設定 - -這些參數用於透過代理(跳板機)連線到目標主機。 - -| 參數 | 說明 | 預設值 | -| ------------------------- | ----------------------------------------- | ------ | -| proxy_host | SSH 代理主機 | | -| proxy_port | SSH 代理埠號 | 22 | -| proxy_username | SSH 代理使用者名稱 | | -| proxy_password | SSH 代理密碼 | | -| proxy_passphrase | SSH 代理私鑰密碼 | | -| proxy_protocol | SSH 代理協議版本(`tcp`、`tcp4`、`tcp6`) | tcp | -| proxy_timeout | SSH 連線代理主機的逾時時間 | 30s | -| proxy_key | SSH 代理私鑰內容 | | -| proxy_key_path | SSH 代理私鑰路徑 | | -| proxy_fingerprint | 代理主機公鑰的 SHA256 指紋 | | -| proxy_cipher | 代理允許的加密演算法 | | -| proxy_use_insecure_cipher | 代理允許額外(不安全)的加密演算法 | false | - -> **注意:** 如需實現已移除的 `script_stop` 功能,請在 shell 腳本最上方加上 `set -e`。 - ---- - -## ⚡ 快速開始 - -只需簡單設定,即可在工作流程中執行遠端 SSH 指令: +執行遠端 SSH 命令 ```yaml -name: Remote SSH Command +name: remote ssh command on: [push] jobs: + build: name: Build runs-on: ubuntu-latest steps: - - name: 執行遠端 SSH 指令(密碼認證) - uses: appleboy/ssh-action@v1 - with: - host: ${{ secrets.HOST }} - username: linuxserver.io - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v0.1.9 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami ``` -**輸出:** +畫面輸出 ```sh ======CMD====== whoami ======END====== -linuxserver.io -=============================================== -✅ Successfully executed commands to all hosts. -=============================================== +out: *** +============================================== +✅ Successfully executed commands to all host. +============================================== ``` ---- +### 設置 SSH 金鑰 -## 🔑 SSH 金鑰設定與 OpenSSH 相容性 +請在創建 SSH 金鑰並使用 SSH 金鑰時遵循以下步驟。最佳做法是在本地機器上創建 SSH 金鑰而不是遠端機器上。請使用 Github Secrets 中指定的用戶名登錄。生成 RSA 金鑰: -### 設定 SSH 金鑰 - -建議於本地端(非遠端伺服器)產生 SSH 金鑰。請以 GitHub Secrets 指定的使用者名稱登入並產生金鑰對: - -#### 產生 RSA 金鑰 +### 生成 RSA 金鑰 ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -#### 產生 ED25519 金鑰 +### 生成 ed25519 金鑰 ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -將新產生的公鑰加入伺服器的 authorized_keys。 [了解更多 authorized_keys](https://www.ssh.com/ssh/authorized_keys/) +將新生成的金鑰添加到已授權的金鑰中。詳細了解已授權的金鑰請點擊[此處](https://www.ssh.com/ssh/authorized_keys/). + +### 將 RSA 金鑰添加到已授權金鑰中 ```bash -# 加入 RSA 公鑰 -cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys' - -# 加入 ED25519 公鑰 -cat .ssh/id_ed25519.pub | ssh user@host 'cat >> .ssh/authorized_keys' +cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` -複製私鑰內容並貼到 GitHub Secrets。 +### 將 ed25519 金鑰添加到已授權金鑰中 ```bash -# macOS -pbcopy < ~/.ssh/id_rsa -# Ubuntu -xclip < ~/.ssh/id_rsa +cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` -> **提示:** 複製內容需包含 `-----BEGIN OPENSSH PRIVATE KEY-----` 到 `-----END OPENSSH PRIVATE KEY-----`(含)。 +複製私鑰內容,然後將其粘貼到 Github Secrets 中。 -ED25519 同理: +### 複製 rsa 私鑰內容 ```bash -# macOS -pbcopy < ~/.ssh/id_ed25519 -# Ubuntu -xclip < ~/.ssh/id_ed25519 +clip < ~/.ssh/id_rsa ``` -更多資訊:[SSH 免密碼登入](http://www.linuxproblem.org/art_9.html)。 +### 複製 ed25519 私鑰內容 -> **注意:** 根據 SSH 版本,可能還需: -> -> - 將公鑰放入 `.ssh/authorized_keys2` -> - 設定 `.ssh` 權限為 700 -> - 設定 `.ssh/authorized_keys2` 權限為 640 +```bash +clip < ~/.ssh/id_ed25519 +``` -### OpenSSH 相容性 +有關無需密碼登錄 SSH 的詳細信息,請[參見該網站](http://www.linuxproblem.org/art_9.html)。 -若出現以下錯誤: +**來自讀者的注意事項**: 根據您的 SSH 版本,您可能還需要進行以下更改: + +* 將公鑰放在 `.ssh/authorized_keys2` 中 +* 將 `.ssh` 的權限更改為700 +* 將 `.ssh/authorized_keys2` 的權限更改為640 + +### 如果你使用的是 OpenSSH + +如果您正在使用 OpenSSH,並出現以下錯誤: ```bash ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -在 Ubuntu 20.04+,你可能需明確允許 `ssh-rsa` 演算法。請於 OpenSSH 設定檔(`/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 下的 drop-in 檔案)加入: +請確保您所選擇的密鑰演算法得到支援。在 Ubuntu 20.04 或更高版本上,您必須明確允許使用 SSH-RSA 演算法。請在 OpenSSH 守護進程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一個附著文件): ```bash CASignatureAlgorithms +ssh-rsa ``` -或直接使用預設支援的 ED25519 金鑰: +或者,`Ed25519` 密鑰在 OpenSSH 中默認被接受。如果需要,您可以使用它來替代 RSA。 ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` ---- +### Example -## 🛠️ 用法場景與進階範例 - -本節涵蓋常見與進階用法,包括多主機、代理、環境變數傳遞等。 - -### 使用密碼認證 +#### 使用密碼執行遠端 SSH 命令 ```yaml -- name: 執行遠端 SSH 指令(密碼認證) - uses: appleboy/ssh-action@v1 +- name: executing remote ssh commands using password + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -250,11 +166,11 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script: whoami ``` -### 使用私鑰認證 +#### 使用私鑰 ```yaml -- name: 執行遠端 SSH 指令(私鑰認證) - uses: appleboy/ssh-action@v1 +- name: executing remote ssh commands using ssh key + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -263,11 +179,11 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script: whoami ``` -### 多條指令 +#### 多個命令 ```yaml -- name: 多條指令 - uses: appleboy/ssh-action@v1 +- name: multiple command + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -280,24 +196,11 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ![result](./images/output-result.png) -### 從檔案執行指令 - -```yaml -- name: 檔案指令 - uses: appleboy/ssh-action@v1 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_path: scripts/script.sh -``` - -### 多主機 +#### 多台主機 ```diff - - name: 多主機 - uses: appleboy/ssh-action@v1 + - name: multiple host + uses: appleboy/ssh-action@v0.1.9 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -309,13 +212,11 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -預設 `port` 為 `22`。 - -### 多主機不同埠號 +#### 多個不同端口的主機 ```diff - - name: 多主機 - uses: appleboy/ssh-action@v1 + - name: multiple host + uses: appleboy/ssh-action@v0.1.9 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -326,11 +227,11 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -### 多主機同步執行 +#### 在多個主機上同步執行 ```diff - - name: 多主機 - uses: appleboy/ssh-action@v1 + - name: multiple host + uses: appleboy/ssh-action@v0.1.9 with: host: "foo.com,bar.com" + sync: true @@ -342,11 +243,11 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -### 傳遞環境變數到 shell 腳本 +#### 將環境變量傳遞到 Shell 腳本 ```diff - - name: 傳遞環境變數 - uses: appleboy/ssh-action@v1 + - name: pass environment + uses: appleboy/ssh-action@v0.1.9 + env: + FOO: "BAR" + BAR: "FOO" @@ -363,13 +264,40 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" echo "sha: $SHA" ``` -> _`env` 物件中的所有環境變數必須為字串。傳遞整數或其他型別可能導致非預期結果。_ +_在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳遞 `Integer` 數據類型或任何其他類型可能會產生意外結果。_ ---- +#### 在第一次失敗後停止腳本 -## 🌐 代理與跳板機用法 +> ex: missing `abc` folder -你可以透過代理(跳板機)連線到遠端主機,適用於進階網路拓撲。 +```diff + - name: stop script if command error + uses: appleboy/ssh-action@v0.1.9 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ script_stop: true + script: | + mkdir abc/def + ls -al +``` + +畫面輸出: + +```sh +======CMD====== +mkdir abc/def +ls -al + +======END====== +2019/11/21 01:16:21 Process exited with status 1 +err: mkdir: cannot create directory ‘abc/def’: No such file or directory +##[error]Docker run failed with exit code 1 +``` + +#### 如何使用 `ProxyCommand` 連接遠程服務器? ```bash +--------+ +----------+ +-----------+ @@ -377,7 +305,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" +--------+ +----------+ +-----------+ ``` -範例 `~/.ssh/config`: +在您的 `~/.ssh/config` 文件中,您會看到以下內容。 ```bash Host Jumphost @@ -393,11 +321,11 @@ Host FooServer ProxyCommand ssh -q -W %h:%p Jumphost ``` -**GitHub Actions YAML:** +#### 如何將其轉換為 GitHubActions 的 YAML 格式? ```diff - - name: SSH 代理指令 - uses: appleboy/ssh-action@v1 + - name: ssh proxy command + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -412,17 +340,13 @@ Host FooServer ls -al ``` ---- +#### 如何保護私鑰? -## 🛡️ 安全最佳實踐 - -### 保護你的私鑰 - -密碼短語會加密你的私鑰,即使外洩也無法被攻擊者直接利用。請務必妥善保管私鑰。 +密碼短語通常用於加密私鑰。這使得攻擊者無法單獨使用密鑰文件。文件泄露可能來自備份或停用的硬件,黑客通常可以從受攻擊系統中洩露文件。因此,保護私鑰非常重要。 ```diff - - name: SSH 私鑰密碼 - uses: appleboy/ssh-action@v1 + - name: ssh key passphrase + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -434,19 +358,21 @@ Host FooServer ls -al ``` -### 主機指紋驗證 +#### 使用主機指紋驗證 -驗證 SSH 主機指紋有助於防止中間人攻擊。取得主機指紋(將 `ed25519` 換成你的金鑰型別,`example.com` 換成你的主機): +設置 SSH 主機指紋驗證可以幫助防止中間人攻擊。在設置之前,運行以下命令以獲取 SSH 主機指紋。請記得將 `ed25519` 替換為您的適當金鑰類型(`rsa`、 `dsa`等),而 `example.com` 則替換為您的主機。 + +現代 OpenSSH 版本中,需要提取的_默認金鑰_類型是 `rsa`(從版本 5.1 開始)、`ecdsa`(從版本 6.0 開始)和 `ed25519`(從版本 6.7 開始)。 ```sh ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 ``` -更新設定: +現在您可以調整您的配置: ```diff - - name: SSH 私鑰密碼 - uses: appleboy/ssh-action@v1 + - name: ssh key passphrase + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -458,33 +384,10 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ls -al ``` ---- +## 貢獻 -## 🚨 錯誤處理與疑難排解 +我們非常希望您為 `appleboy/ssh-action` 做出貢獻,歡迎提交請求! -### 常見問題 +## 授權方式 -#### 指令找不到(npm 或其他指令) - -若遇到 "command not found" 錯誤,請參考 [此討論](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) 了解互動式與非互動式 shell 差異。 - -許多 Linux 發行版的 `/etc/bash.bashrc` 包含如下內容: - -```sh -# If not running interactively, don't do anything -[ -z "$PS1" ] && return -``` - -請將該行註解掉或使用指令的絕對路徑。 - ---- - -## 🤝 貢獻 - -歡迎貢獻!請提交 Pull Request 改善 `appleboy/ssh-action`。 - ---- - -## 📝 授權 - -本專案採用 [MIT License](LICENSE) 授權。 +本項目中的腳本和文檔采用 [MIT](LICENSE) 許可證 發布。 diff --git a/action.yml b/action.yml index 7027751..3cdc797 100644 --- a/action.yml +++ b/action.yml @@ -1,145 +1,79 @@ -name: "SSH Remote Commands" -description: "Executing remote ssh commands" -author: "Bo-Yi Wu" +name: 'SSH Remote Commands' +description: 'Executing remote ssh commands' +author: 'Bo-Yi Wu' inputs: host: - description: "SSH host address or IP to connect to." + description: 'ssh host' port: - description: "SSH port number for the connection." - default: "22" + description: 'ssh port' + default: 22 passphrase: - description: "Passphrase to decrypt the SSH private key if protected." + description: 'ssh key passphrase' username: - description: "SSH username for authentication on the remote server." + description: 'ssh username' password: - description: "SSH password for authentication (use secrets for sensitive data)." - protocol: - description: 'IP protocol version to use. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).' - default: "tcp" + description: 'ssh password' sync: - description: "When true, executes commands synchronously across multiple hosts (one after another)." + description: 'synchronous execution if multiple hosts' + default: false use_insecure_cipher: - description: "Enable additional legacy ciphers that might be less secure but more compatible with older systems." + description: 'include more ciphers with use_insecure_cipher' + default: false cipher: - description: "Specify custom cipher algorithms for encryption. Leave empty to use secure defaults." + description: 'the allowed cipher algorithms. If unspecified then a sensible' timeout: - description: "Maximum time to wait when establishing the SSH connection, e.g., '30s', '1m'." + description: 'timeout for ssh to host' default: "30s" command_timeout: - description: "Maximum execution time for the remote commands before terminating, e.g., '10m', '1h'." + description: 'timeout for ssh command' default: "10m" key: - description: "Raw content of the SSH private key for authentication (use secrets for sensitive data)." + description: 'content of ssh private key. ex raw content of ~/.ssh/id_rsa' key_path: - description: "Path to the SSH private key file on the runner." + description: 'path of ssh private key' fingerprint: - description: "SHA256 fingerprint of the host public key for verification to prevent MITM attacks." + description: 'sha256 fingerprint of the host public key' proxy_host: - description: "Proxy server hostname or IP if connecting through an SSH jump host." + description: 'ssh proxy host' proxy_port: - description: "SSH port number for the proxy connection." - default: "22" + description: 'ssh proxy port' + default: 22 proxy_username: - description: "Username for authentication on the proxy server." + description: 'ssh proxy username' proxy_password: - description: "Password for authentication on the proxy server (use secrets for sensitive data)." - proxy_protocol: - description: 'IP protocol version for proxy. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).' - default: "tcp" + description: 'ssh proxy password' proxy_passphrase: - description: "Passphrase to decrypt the proxy SSH private key if protected." + description: 'ssh proxy key passphrase' proxy_timeout: - description: "Maximum time to wait when establishing the proxy SSH connection, e.g., '30s', '1m'." + description: 'timeout for ssh to proxy host' default: "30s" proxy_key: - description: "Raw content of the SSH proxy private key for authentication (use secrets for sensitive data)." + description: 'content of ssh proxy private key. ex raw content of ~/.ssh/id_rsa' proxy_key_path: - description: "Path to the SSH proxy private key file on the runner." + description: 'path of ssh proxy private key' proxy_fingerprint: - description: "SHA256 fingerprint of the proxy host public key for verification." + description: 'sha256 fingerprint of the proxy host public key' proxy_cipher: - description: "Specify custom cipher algorithms for proxy connection encryption." + description: 'the allowed cipher algorithms. If unspecified then a sensible' proxy_use_insecure_cipher: - description: "Enable additional legacy ciphers for proxy connections (less secure but more compatible)." + description: 'include more ciphers with use_insecure_cipher' + default: false script: - description: "Commands to execute on the remote server (inline script string)." - script_path: - description: "Path to a local file containing commands to execute on the remote server." + description: 'execute commands' + script_stop: + description: 'stop script after first failure' + default: false envs: - description: "Environment variables to expose to the remote script, format: key=value,key2=value2." + description: 'pass environment variable to shell script' envs_format: - description: "Format specification for environment variable transfer (for advanced usage)." + description: 'flexible configuration of environment value transfer' debug: - description: "Set to true to enable verbose logging for troubleshooting connection issues." - allenvs: - description: "When true, passes all GitHub Actions environment variables to the remote script." - request_pty: - description: "Request a pseudo-terminal from the server (required for interactive commands or sudo)." - curl_insecure: - description: "When true, uses the --insecure option with curl for insecure downloads." - default: "false" - capture_stdout: - description: "When true, captures and returns standard output from the commands as action output." - default: "false" - version: - description: | - The version of drone-ssh to use. - -outputs: - stdout: - description: "Standard output of the executed commands when capture_stdout is enabled." - value: ${{ steps.entrypoint.outputs.stdout }} - + description: 'enable debug mode' + default: false runs: - using: "composite" - steps: - - name: Set GitHub Path - run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH - shell: bash - env: - GITHUB_ACTION_PATH: ${{ github.action_path }} - - id: entrypoint - name: Run entrypoint.sh - run: entrypoint.sh - shell: bash - env: - GITHUB_ACTION_PATH: ${{ github.action_path }} - INPUT_HOST: ${{ inputs.host }} - INPUT_PORT: ${{ inputs.port }} - INPUT_PROTOCOL: ${{ inputs.protocol }} - INPUT_USERNAME: ${{ inputs.username }} - INPUT_PASSWORD: ${{ inputs.password }} - INPUT_PASSPHRASE: ${{ inputs.passphrase }} - INPUT_KEY: ${{ inputs.key }} - INPUT_KEY_PATH: ${{ inputs.key_path }} - INPUT_FINGERPRINT: ${{ inputs.fingerprint }} - INPUT_PROXY_HOST: ${{ inputs.proxy_host }} - INPUT_PROXY_PORT: ${{ inputs.proxy_port }} - INPUT_PROXY_USERNAME: ${{ inputs.proxy_username }} - INPUT_PROXY_PASSWORD: ${{ inputs.proxy_password }} - INPUT_PROXY_PASSPHRASE: ${{ inputs.proxy_passphrase }} - INPUT_PROXY_KEY: ${{ inputs.proxy_key }} - INPUT_PROXY_KEY_PATH: ${{ inputs.proxy_key_path }} - INPUT_PROXY_FINGERPRINT: ${{ inputs.proxy_fingerprint }} - INPUT_TIMEOUT: ${{ inputs.timeout }} - INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }} - INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }} - INPUT_SCRIPT: ${{ inputs.script }} - INPUT_SCRIPT_FILE: ${{ inputs.script_path }} - INPUT_ENVS: ${{ inputs.envs }} - INPUT_ENVS_FORMAT: ${{ inputs.envs_format }} - INPUT_DEBUG: ${{ inputs.debug }} - INPUT_ALL_ENVS: ${{ inputs.allenvs }} - INPUT_REQUEST_PTY: ${{ inputs.request_pty }} - INPUT_USE_INSECURE_CIPHER: ${{ inputs.use_insecure_cipher }} - INPUT_CIPHER: ${{ inputs.cipher }} - INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }} - INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }} - INPUT_SYNC: ${{ inputs.sync }} - INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }} - INPUT_CURL_INSECURE: ${{ inputs.curl_insecure }} - DRONE_SSH_VERSION: ${{ inputs.version }} + using: 'docker' + image: 'Dockerfile' branding: - icon: "terminal" - color: "gray-dark" + icon: 'terminal' + color: 'gray-dark' diff --git a/entrypoint.sh b/entrypoint.sh index 1eb7733..f880594 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,56 +1,7 @@ -#!/usr/bin/env bash +#!/bin/sh -set -euo pipefail +set -eu export GITHUB="true" -GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" -DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" -DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.8.1}" - -function log_error() { - echo "$1" >&2 - exit "$2" -} - -function detect_client_info() { - CLIENT_PLATFORM="${SSH_CLIENT_OS:-$(uname -s | tr '[:upper:]' '[:lower:]')}" - CLIENT_ARCH="${SSH_CLIENT_ARCH:-$(uname -m)}" - - case "${CLIENT_PLATFORM}" in - darwin | linux | windows) ;; - *) log_error "Unknown or unsupported platform: ${CLIENT_PLATFORM}. Supported platforms are Linux, Darwin, and Windows." 2 ;; - esac - - case "${CLIENT_ARCH}" in - x86_64* | i?86_64* | amd64*) CLIENT_ARCH="amd64" ;; - aarch64* | arm64*) CLIENT_ARCH="arm64" ;; - *) log_error "Unknown or unsupported architecture: ${CLIENT_ARCH}. Supported architectures are x86_64, i686, and arm64." 3 ;; - esac -} - -detect_client_info -DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" -CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" -TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" -echo "Downloading ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" -INSECURE_OPTION="" -if [[ "${INPUT_CURL_INSECURE}" == 'true' ]]; then - INSECURE_OPTION="--insecure" -fi - -curl -fsSL --retry 5 --keepalive-time 2 ${INSECURE_OPTION} "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}" -chmod +x "${TARGET}" - -echo "======= CLI Version Information =======" -"${TARGET}" --version -echo "=======================================" -if [[ "${INPUT_CAPTURE_STDOUT}" == 'true' ]]; then - { - echo 'stdout<>"${GITHUB_OUTPUT}" -else - "${TARGET}" "$@" -fi +sh -c "/bin/drone-ssh $*" diff --git a/testdata/.ssh/id_ed25519 b/testdata/.ssh/id_ed25519 deleted file mode 100644 index 9dc32bb..0000000 --- a/testdata/.ssh/id_ed25519 +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW -QyNTUxOQAAACDoi7FltQCqpWporKh61nJUPIeazUYdzdstncoeU5XS2AAAAKBF5e2SReXt -kgAAAAtzc2gtZWQyNTUxOQAAACDoi7FltQCqpWporKh61nJUPIeazUYdzdstncoeU5XS2A -AAAEBrsLG1vSg08yaQgYM46KQW93Lz2ZikS1tTMH35gfHhpOiLsWW1AKqlamisqHrWclQ8 -h5rNRh3N2y2dyh5TldLYAAAAFnlvdXJfZW1haWxAZXhhbXBsZS5jb20BAgMEBQYH ------END OPENSSH PRIVATE KEY----- diff --git a/testdata/.ssh/id_ed25519.pub b/testdata/.ssh/id_ed25519.pub deleted file mode 100644 index 14f2085..0000000 --- a/testdata/.ssh/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiLsWW1AKqlamisqHrWclQ8h5rNRh3N2y2dyh5TldLY your_email@example.com diff --git a/testdata/.ssh/id_passphrase b/testdata/.ssh/id_passphrase deleted file mode 100644 index 089d425..0000000 --- a/testdata/.ssh/id_passphrase +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA5p9eRXu -BJantF5ARnBfnqAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCuWKQh09Vl -v3IRu/+oK18ws72VQS7PCXJaIEp1L+7HqC/6+plizaVgd9SjAg0UJSqvp+WfpU5I53hevE -0Ip3s71Tsoeu1azWoi2Mbq3ycZ5ysh4htZZklKBkYsyW+2EdITPcmhA8rF+KiDRyuvk7fD -o08G3YWgbCScY6VkLA06ReThCehAY54WNvgbx7lyvCWj1qYG0XjM7mTQHr3QN0JHJNdFaG -3MCi1rTG2hK/owOlzcesIbzfM1VMIQG5HT4vNg/ULP0BTZ7pGtdvWlvR/660KQwc1tBxLq -xI1dYoCgiS/gMyPxhOtNKTvhR/NR7e2sp/StkXURIxTHhj0KjKbnpXTQ2IndnesHAG9kDJ -7c31SXastWpbXWhCIdRZk+KQsnmwobZlw3w1vfx2Dm7M2ZCcCgG/ArUPjY44nGOWO5Nz98 -QHyz3IocsKJXrGVo/3YpNNu72jkw7UGVMqh1dAe3ZMaCAC5pAAa0HKvkid7jdXawL2b//+ -vsAPSHdnEjP58AAAWQCUj9ajDO6N0sI5jzkRxiMIaeDvP7Ns+cJtE1uxzrm7Ecgf7kBL2V -9Ru0gW1+ii3U/hPLkxwBwd3xvoc1Xy+n+c7D6bQVviv1lsbY1uPzxGR3fUfRCu2M1D8OEH -vol7jvFAZmtrpgy3gY45k2lbsY368bIJ+hYIqeHRqFsD+SyM/xSnj5/bZNvNrc+kHikiA3 -uVSvXe9oWVNm3hxLDppYPEYkORERHx9EWh5sruLwoM2NW6qwE+wGw0Vx1AuA7cNszDdmMs -qJFq0n5cQ78E3q0V49e0FOBjMoSJBxdQRHRz2al9MzJlcVVs5LGwmgVH0ur0V9QR8zv2Pv -ZV6r+H9mMo2eCtUDlKUXlCnfgwDP0ghXysFKSDLzXNEPrddmvzQeWA973fcguniLLq7Gbw -gpHSuP/vqVqtQQbXEdozgUl666SXC7GdPqaA5YsfGIJ4Ank3/Vjb3hc0/hElx4O0fEn18E -TWbd9o6v70mNbu3LjeJPNDwODMGn9GC3kRtSc5bU0A8YAM+gFaeytrz2W/vCe3EST8VBcQ -UtvYqGG/zGJhV8+OYoIZZQQkyCmTt0i4nTCJAMUnZ+pgY6YJk+UdBGhLvwNBtl4Z1nQKSA -hcBBo6T08bQfe/HmVs4dcwBO956qiOX/QjHDLew81MfpvjZ2kGD5Hp/qhieUdJ3IiUEsOC -FQC01JeEJlkEqd2jqBR/9RDnK7O8gTR0AA858L+MftN4nN2h2UkGjWMWSbkmwGMqyRGfRa -TJeg5njxYJVcRlWZ/KvNPxis8wIuCaRMbPT2WpHsRr1lY3s4IzFn+EMCkybHZArQVYtl1O -iGXYjpxe+cOc02PM1aKlUfCQfsr0CrXwwGzIQ73uXVSQgP5pQdV3iN/57+5aiH8F9D7X3n -p5QJzBuLGvhUDWqqwbwWy+81k3Y8rHXNfhVSlRmtGJXAPqpw0PCyquySJNwogi4rBkg0jF -xuqvimvhNcWzF7yf+fnYa6H+N8PavH32HRM50AYyWPyKWBp3Syri0P54cnkBjKTjTKGYA6 -4KwizazsbOMY5kp0UAmgX6XyM5OSROtxUp4P6T20okjKaSzamgMBKZULP/b768l4UYRgFe -uohg2/9A1fwYB/K8I+V7Qw9079JvAG05eIOgce3Dd+bXoH6j/Ylmk5Gj7LzhEXtMz3NEpj -LCg8tx0YFpuyoCaRlqOnsZCpc1EnL0UyMguCh9ADTG9h6V3Xf2j2Q94rKvAc4ZrBtj6qXT -BIfGsBIA7vA1KnKHB9oOFQZ26iRU7oTAunAQvSKF7/7luTqONoni6U/RpvERT/KeeIDSxz -uzFQ+apy/PTESSUtutpnTug6rexwrPb6ugJipag8ebNWVdOgaNBUL8wciW4lN8YkzjhXMw -xHB0PUuSXcBuuPDQuYZk84dpXxM10fWwuCTMlH1bXatSQhtRVbjVJIDXnnYpQKtuURiwMm -j4WLEt10hvu6t4aNJzzVY80/iLMb4ZGQgHotrjFfx9nzwe3SioINPaxRIb3m2gTsi8Nr/p -Y5zNjV9NOjONktUjLznRpfY/yBxOtPe9lxnaKfniRTK5HjBbi8hmei9G8lIHV9qyhpURYM -1EdZB86uZWJOaRA8/fpwt8z2stmpKpuGFQOSgr7W5JQWSFeTAMYPoafsm0PD1zSyw7j1wE -DWlmUAzpMirSnPUQndR8IcF7fZmI8J1g30eIFTQpoTDCyoiegkOXHa9HyWwmEAwws1PCWZ -a5Viw6XLJI3tahSNhZzdY/UNFikuO8AuIDXykBM7riaqK4PADtmGY88QGWXQbw5xxWtH6r -Wwk4KzDL9UFeCMSiQo//e+kg/mPLml6Sa4THOzP3iOmx810JoMDmF/jvtpC+ew5HpPPtg4 -h55pSap77CEhEhE5FPZKuH9f7/E= ------END OPENSSH PRIVATE KEY----- diff --git a/testdata/.ssh/id_passphrase.pub b/testdata/.ssh/id_passphrase.pub deleted file mode 100644 index 1d84832..0000000 --- a/testdata/.ssh/id_passphrase.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuWKQh09Vlv3IRu/+oK18ws72VQS7PCXJaIEp1L+7HqC/6+plizaVgd9SjAg0UJSqvp+WfpU5I53hevE0Ip3s71Tsoeu1azWoi2Mbq3ycZ5ysh4htZZklKBkYsyW+2EdITPcmhA8rF+KiDRyuvk7fDo08G3YWgbCScY6VkLA06ReThCehAY54WNvgbx7lyvCWj1qYG0XjM7mTQHr3QN0JHJNdFaG3MCi1rTG2hK/owOlzcesIbzfM1VMIQG5HT4vNg/ULP0BTZ7pGtdvWlvR/660KQwc1tBxLqxI1dYoCgiS/gMyPxhOtNKTvhR/NR7e2sp/StkXURIxTHhj0KjKbnpXTQ2IndnesHAG9kDJ7c31SXastWpbXWhCIdRZk+KQsnmwobZlw3w1vfx2Dm7M2ZCcCgG/ArUPjY44nGOWO5Nz98QHyz3IocsKJXrGVo/3YpNNu72jkw7UGVMqh1dAe3ZMaCAC5pAAa0HKvkid7jdXawL2b//+vsAPSHdnEjP58= mtk10671@NB22040567 diff --git a/testdata/.ssh/id_rsa b/testdata/.ssh/id_rsa deleted file mode 100644 index 6270f55..0000000 --- a/testdata/.ssh/id_rsa +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA4e2D/qPN08pzTac+a8ZmlP1ziJOXk45CynMPtva0rtK/RB26 -VbfAF0hIJji7ltvnYnqCU9oFfvEM33cTn7T96+od8ib/Vz25YU8ZbstqtIskPuwC -bv3K0mAHgsviJyRD7yM+QKTbBQEgbGuW6gtbMKhiYfiIB4Dyj7AdS/fk3v26wDgz -7SHI5OBqu9bv1KhxQYdFEnU3PAtAqeccgzNpbH3eYLyGzuUxEIJlhpZ/uU2G9ppj -/cSrONVPiI8Ahi4RrlZjmP5l57/sq1ClGulyLpFcMw68kP5FikyqHpHJHRBNgU57 -1y0Ph33SjBbs0haCIAcmreWEhGe+/OXnJe6VUQIDAQABAoIBAH97emORIm9DaVSD -7mD6DqA7c5m5Tmpgd6eszU08YC/Vkz9oVuBPUwDQNIX8tT0m0KVs42VVPIyoj874 -bgZMJoucC1G8V5Bur9AMxhkShx9g9A7dNXJTmsKilRpk2TOk7wBdLp9jZoKoZBdJ -jlp6FfaazQjjKD6zsCsMATwAoRCBpBNsmT6QDN0n0bIgY0tE6YGQaDdka0dAv68G -R0VZrcJ9voT6+f+rgJLoojn2DAu6iXaM99Gv8FK91YCymbQlXXgrk6CyS0IHexN7 -V7a3k767KnRbrkqd3o6JyNun/CrUjQwHs1IQH34tvkWScbseRaFehcAm6mLT93RP -muauvMECgYEA9AXGtfDMse0FhvDPZx4mx8x+vcfsLvDHcDLkf/lbyPpu97C27b/z -ia07bu5TAXesUZrWZtKA5KeRE5doQSdTOv1N28BEr8ZwzDJwfn0DPUYUOxsN2iIy -MheO5A45Ko7bjKJVkZ61Mb1UxtqCTF9mqu9R3PBdJGthWOd+HUvF460CgYEA7QRf -Z8+vpGA+eSuu29e0xgRKnRzed5zXYpcI4aERc3JzBgO4Z0er9G8l66OWVGdMfpe6 -CBajC5ToIiT8zqoYxXwqJgN+glir4gJe3mm8J703QfArZiQrdk0NTi5bY7+vLLG/ -knTrtpdsKih6r3kjhuPPaAsIwmMxIydFvATKjLUCgYEAh/y4EihRSk5WKC8GxeZt -oiZ58vT4z+fqnMIfyJmD5up48JuQNcokw/LADj/ODiFM7GUnWkGxBrvDA3H67WQm -49bJjs8E+BfUQFdTjYnJRlpJZ+7Zt1gbNQMf5ENw5CCchTDqEq6pN0DVf8PBnSIF -KvkXW9KvdV5J76uCAn15mDkCgYA1y8dHzbjlCz9Cy2pt1aDfTPwOew33gi7U3skS -RTerx29aDyAcuQTLfyrROBkX4TZYiWGdEl5Bc7PYhCKpWawzrsH2TNa7CRtCOh2E -R+V/84+GNNf04ALJYCXD9/ugQVKmR1XfDRCvKeFQFE38Y/dvV2etCswbKt5tRy2p -xkCe/QKBgQCkLqafD4S20YHf6WTp3jp/4H/qEy2X2a8gdVVBi1uKkGDXr0n+AoVU -ib4KbP5ovZlrjL++akMQ7V2fHzuQIFWnCkDA5c2ZAqzlM+ZN+HRG7gWur7Bt4XH1 -7XC9wlRna4b3Ln8ew3q1ZcBjXwD4ppbTlmwAfQIaZTGJUgQbdsO9YA== ------END RSA PRIVATE KEY----- diff --git a/testdata/.ssh/id_rsa.pub b/testdata/.ssh/id_rsa.pub deleted file mode 100644 index 2983f04..0000000 --- a/testdata/.ssh/id_rsa.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDh7YP+o83TynNNpz5rxmaU/XOIk5eTjkLKcw+29rSu0r9EHbpVt8AXSEgmOLuW2+dieoJT2gV+8QzfdxOftP3r6h3yJv9XPblhTxluy2q0iyQ+7AJu/crSYAeCy+InJEPvIz5ApNsFASBsa5bqC1swqGJh+IgHgPKPsB1L9+Te/brAODPtIcjk4Gq71u/UqHFBh0USdTc8C0Cp5xyDM2lsfd5gvIbO5TEQgmWGln+5TYb2mmP9xKs41U+IjwCGLhGuVmOY/mXnv+yrUKUa6XIukVwzDryQ/kWKTKoekckdEE2BTnvXLQ+HfdKMFuzSFoIgByat5YSEZ7785ecl7pVR drone-scp@localhost diff --git a/testdata/.ssh/test b/testdata/.ssh/test deleted file mode 100644 index 89cc6ec..0000000 --- a/testdata/.ssh/test +++ /dev/null @@ -1,50 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAZka7A7i -FscMeJBPyPteclAAAAEAAAAAEAAAIXAAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2o -nnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mh -HBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+ -rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMG -vX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv -9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOr -b93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mr -D2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jI -NHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE -3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpv -jwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQAAB1CnEMQGwAKZbd3F1DJqwfPf -KWjoUJKbTRiav6h5pQr65JaqDe/7YE2ZHYo5917AC2vPLwPxAnoHFMsbObd5mWcmpATg/0 -K/qkN5Z4Ml5U3bwr51wfSPh1MiAP21Aickt09BDstIJzNNwwgcY31O3k/d6VBjqyM6Ezop -66LI4s/IIni1BI+cALyEfzE4Qu16GfzIeM+JVxildP4VImhvNBESmmbBL8rNmSzlQ+FTuF -JVmowUbcon1O0CppM1MRVPeG805XDwjxHXKwOp5O7MdTz7H8JeORoe8D6+4rNfJE0eQGY7 -Nm4+Wa97HzAFbT9IS433rxoGx9Qps3LAySFONso2JWSOEfo8rxnqO04DrfVHQhY3DkkwQt -FsDnMtkthJa+ZzUYc75fnS0DBPGuF9DZUCqrev5oAUHP6C4Vc4b33JJQD4FZJ+ehk3Xsci -cwJQsmgLyc5Jdh543Dm7kZoM9ku7HDNrB4H/1p45Vo6aBZMAY50x+fTdBeTgCzzhzzTbf+ -0IF8W3yW3/BYD+S2Byo3JKp6NH0Q8cgPJrGTl6GltGfpVuc6kLjMZ5zvxRbyWaqtIygM46 -W1izbA+9jwbHhitCtOk42e/ff6iEB1MVC13LqPty3gPNR8Pv0rDUDjJS4KiVwXqUY+bMr0 -C8l/hx93euHjLUJ49Ru6uy/2fBlHZEj6GmEAJhu/i6t2c1Rq0HBLis9X356oQT+YZnIai2 -ym0MknPxjeYBAItOV3zhRd1cYnk7CDcl1XALcnh0tqP712x24IJ+Ytqg7nvB2NZV8T469I -8Fp254Nr89HOMAXaZD0UcIPm7D2rfWV+YJFI3ZcJ/8DM99H3tpXe2j4oHMdmAbBd++09sx -KBRdFLcvnBfd1lqwxpA7hbxzrxi/yehYCqzh5KQGaf2UXej6TPiVzBWVYbp34cMZtsT6mF -K8SS3l5TXoNK2DNEk30o8K3q+vngQpfC9GZ/id4B7LS/3ybellxemZHXQoU4PxDkLKt7jd -AAsd5WO13dv3n/qgyu8iBRiFU+W66NX0RJGkp+lZMnta0YzukafM2n6GDn/r/Cx/y21PAi -ah8i41ByI1QLI4m1r+bRHdUxAarS/XJw4tTSFiZu3zddMYrlzeG9O3VUX9zBvBtfQbSmeJ -omml0zlr/qD7TMsORiujy7XIn7sMW+Ls/NA8TvX8oRnACjXe/MYNEZ8WDu2rkZuY/Dfc+o -NyYWO7kZ3kcejQZ1NusJSA7MG0FFGYSIaC9T9CWqYd5IcRSJW4dZnCt9z8CIJ6TSUFqMb/ -H1Y5Rmi0IIX+8qbGGXVBDIBk5y9xtS43+nz1nsdXwDmkTiXN9+ZX+GDsLxCWoHGryrWDbk -EuOAlqpvxFKzEkNsx+AC5wae6i/hBeiEce9bm4nZp+hFv1ic1Z9WS8B37YOFgJ4utGeOjB -6hnywUUJ3aH0LnCQNB3UzeFR7BmEaxmYD/phJodmjA5SD3CWpeizdXfrUjtqXGhYlr2jzq -vBAeeYEO4uaHIGxg8GqoqtaseqVcIdtouHxrVAxxXkjShV2ji7oJ/AtrLZNlkKYxMk0TpX -fFiKqL/uKfS78FfvVOhOkHZTD6ZeMgmdL/uOghEAtrf08ChyRvdp7QLjA802aio9eUVIQm -lHb1ltPEbIZNuvQ5kTIwk2eM6EAkOh0MBMoAYOxOpIb00XHNRDGJYuLewByjMQa8EoT6VM -NoiFIzJU9lLAXE6yz6JswctpTpLHK9Aq5vY7ObaOvrmpCQqsXfOuVUo2nR/FyEes97zuXG -E4aKaHK4IAW4UY/oGYk7pU/yRpudhiNRMXzmcQXfVmBEHuvDrh2chg8lDYn++07F7RWqkI -nfMAOWR8UEl4xp4zJtThDjRxNW6QLl8E1ADjndA9wVaKNSzv2i1TLXKBr5luFqY9MSJ2rm -yBR5EwairH/Qn9TUxaDD+0p6J+E9iz1l8UPTJa/cjtwiySljahY/6tHHnr9YQVnox92yfU -UXpfINGjYrpqh6EFwmyRw9fryIMvMhgZYo6ZoCRBCK2GfGAB0VTzJy2FGs4GecZK5ptXKu -sOX8BgGX/Q/nAJ7PWf9hgYlX2YyjmLjQZDMWECp05VFx9znEETNKlwF1FX5/E/37ISyz4d -I1LVSKOEccJX7jCR32LzvRW1UBX47Z+q3LVE4sa0QAV/JoISq6Qn6zAsVIV0yEPmVbd/xx -aX2uBUGHhmd99YJDh81xJIoYEMRzoGVfp0JjfYcDUc+2I6JdrOMF9/KmMA5wsZl4OKiu/F -cTRGjUkgw/cF2EFRGWknee2esYRB7tOr4y56qZ4gxqw8q9rYXhyB42jbdTvt5xcCm/ynid -sn4InokRRoIiMIPL5Ur7FZQHOP+915MWUBsrTJtkCWQuqJheYUi3mCzh/7NadAKplRpaKb -rS/DJIOOkjnGni/sDxJzPq7STDBVy4WStwQl6NI5hq+/c+JvN9GI4Vu/kz0z8qUcdShLaH -l4njcaMpg4tpQMHtCBOicGyV0= ------END OPENSSH PRIVATE KEY----- diff --git a/testdata/.ssh/test.pub b/testdata/.ssh/test.pub deleted file mode 100644 index 559daf2..0000000 --- a/testdata/.ssh/test.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2onnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mhHBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMGvX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOrb93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mrD2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jINHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpvjwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQ== deploy@easyssh diff --git a/testdata/test.sh b/testdata/test.sh deleted file mode 100644 index a229cae..0000000 --- a/testdata/test.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash -set -e -whoami