From 5e5ec7bdcb310f554ea14554417f1fbadcc4a5d9 Mon Sep 17 00:00:00 2001 From: shimataro Date: Tue, 9 Mar 2021 18:49:46 +0900 Subject: [PATCH] "known_hosts: no" -> "known_hosts: unnecessary" --- .github/workflows/verify-on-container-centos.yml | 6 +++--- .github/workflows/verify-on-container-ubuntu.yml | 6 +++--- .github/workflows/verify-on-macos.yml | 6 +++--- .github/workflows/verify-on-ubuntu.yml | 6 +++--- .github/workflows/verify-on-windows.yml | 6 +++--- README.md | 6 ++---- lib/index.js | 2 +- src/main.ts | 2 +- 8 files changed, 19 insertions(+), 21 deletions(-) diff --git a/.github/workflows/verify-on-container-centos.yml b/.github/workflows/verify-on-container-centos.yml index b576325..384740c 100644 --- a/.github/workflows/verify-on-container-centos.yml +++ b/.github/workflows/verify-on-container-centos.yml @@ -293,8 +293,8 @@ jobs: - name: git clone through SSH run: git clone git@github.com:shimataro/ssh-key-action.git tmp - no_known_hosts: - name: no known_hosts file + known_hosts-unnecessary: + name: without known_hosts file runs-on: ${{ matrix.os }} container: ${{ matrix.container }} strategy: @@ -317,6 +317,6 @@ jobs: uses: ./. with: key: ${{ secrets.SSH_KEY_PEM }} - known_hosts: no + known_hosts: unnecessary - name: print created files run: ls -l /root/.ssh diff --git a/.github/workflows/verify-on-container-ubuntu.yml b/.github/workflows/verify-on-container-ubuntu.yml index fe9051e..7514bfc 100644 --- a/.github/workflows/verify-on-container-ubuntu.yml +++ b/.github/workflows/verify-on-container-ubuntu.yml @@ -311,8 +311,8 @@ jobs: - name: git clone through SSH run: git clone git@github.com:shimataro/ssh-key-action.git tmp - no_known_hosts: - name: no known_hosts file + known_hosts-unnecessary: + name: without known_hosts file runs-on: ${{ matrix.os }} container: ${{ matrix.container }} strategy: @@ -337,6 +337,6 @@ jobs: uses: ./. with: key: ${{ secrets.SSH_KEY_PEM }} - known_hosts: no + known_hosts: unnecessary - name: print created files run: ls -l /root/.ssh diff --git a/.github/workflows/verify-on-macos.yml b/.github/workflows/verify-on-macos.yml index c1bb2f8..7ae91c3 100644 --- a/.github/workflows/verify-on-macos.yml +++ b/.github/workflows/verify-on-macos.yml @@ -238,8 +238,8 @@ jobs: - name: git clone through SSH run: git clone git@github.com:shimataro/ssh-key-action.git tmp - no_known_hosts: - name: no known_hosts file + known_hosts-unnecessary: + name: without known_hosts file runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -255,6 +255,6 @@ jobs: uses: ./. with: key: ${{ secrets.SSH_KEY_PEM }} - known_hosts: no + known_hosts: unnecessary - name: print created files run: ls -l ~/.ssh diff --git a/.github/workflows/verify-on-ubuntu.yml b/.github/workflows/verify-on-ubuntu.yml index 4999d0e..f07a231 100644 --- a/.github/workflows/verify-on-ubuntu.yml +++ b/.github/workflows/verify-on-ubuntu.yml @@ -258,8 +258,8 @@ jobs: - name: git clone through SSH run: git clone git@github.com:shimataro/ssh-key-action.git tmp - no_known_hosts: - name: no known_hosts file + known_hosts-unnecessary: + name: without known_hosts file runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -275,6 +275,6 @@ jobs: uses: ./. with: key: ${{ secrets.SSH_KEY_PEM }} - known_hosts: no + known_hosts: unnecessary - name: print created files run: ls -l ~/.ssh diff --git a/.github/workflows/verify-on-windows.yml b/.github/workflows/verify-on-windows.yml index 532b123..32a4cdc 100644 --- a/.github/workflows/verify-on-windows.yml +++ b/.github/workflows/verify-on-windows.yml @@ -238,8 +238,8 @@ jobs: - name: git clone through SSH run: git clone git@github.com:shimataro/ssh-key-action.git tmp - no_known_hosts: - name: no known_hosts file + known_hosts-unnecessary: + name: without known_hosts file runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -255,6 +255,6 @@ jobs: uses: ./. with: key: ${{ secrets.SSH_KEY_PEM }} - known_hosts: no + known_hosts: unnecessary - name: print created files run: ls -l ~/.ssh diff --git a/README.md b/README.md index 768ddf8..3ef7bf9 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ steps: with: key: ${{ secrets.SSH_KEY }} name: id_rsa # optional - known_hosts: ${{ secrets.KNOWN_HOSTS }} # known_hosts; set to "no" in order to omit + known_hosts: ${{ secrets.KNOWN_HOSTS }} config: ${{ secrets.CONFIG }} # ssh_config; optional if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) - name: rsync over ssh @@ -43,8 +43,6 @@ steps: See [Workflow syntax for GitHub Actions](https://help.github.com/en/articles/workflow-syntax-for-github-actions) for details. -**NOTE:** `known_hosts: no` with `StrictHostKeyChecking=no` is not secure. Use it ONLY IF you are using secure methods, such as SSHFP and signed server key. - ### Install multiple keys If you want to install multiple keys, call this action multiple times. @@ -110,7 +108,7 @@ If **"It is hard to prefetch server key because the server will be created dynam By the way, there are some secure methods to SSH without `known_hosts`, such as SSHFP and signed server key. And here is a special value to omit `known_hosts`. You should use it ONLY IF you are sure that it is secure enough. You should use it ONLY IF you are using secure methods... -It is `known_hosts: no`. +It is `known_hosts: unnecessary`. ### How do I use encrypted SSH key? diff --git a/lib/index.js b/lib/index.js index 0c373cc..11dbfc5 100644 --- a/lib/index.js +++ b/lib/index.js @@ -456,7 +456,7 @@ function main() { }, }); } - if (knownHosts !== "no") { + if (knownHosts !== "unnecessary") { files.push({ name: "known_hosts", contents: insertLf(knownHosts, true, true), diff --git a/src/main.ts b/src/main.ts index b778e0c..737ec57 100644 --- a/src/main.ts +++ b/src/main.ts @@ -49,7 +49,7 @@ function main(): void }, }); } - if(knownHosts !== "no") + if(knownHosts !== "unnecessary") { files.push({ name: "known_hosts",