mirror of
https://github.com/shimataro/ssh-key-action.git
synced 2025-06-19 22:52:10 +10:00
"known_hosts: no" -> "known_hosts: unnecessary"
This commit is contained in:
shimataro
parent
f175db27c6
commit
5e5ec7bdcb
8 changed files with 19 additions and 21 deletions
|
|
@ -293,8 +293,8 @@ jobs:
|
||||||
- name: git clone through SSH
|
- name: git clone through SSH
|
||||||
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
|
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
|
||||||
|
|
||||||
no_known_hosts:
|
known_hosts-unnecessary:
|
||||||
name: no known_hosts file
|
name: without known_hosts file
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
container: ${{ matrix.container }}
|
container: ${{ matrix.container }}
|
||||||
strategy:
|
strategy:
|
||||||
|
|
@ -317,6 +317,6 @@ jobs:
|
||||||
uses: ./.
|
uses: ./.
|
||||||
with:
|
with:
|
||||||
key: ${{ secrets.SSH_KEY_PEM }}
|
key: ${{ secrets.SSH_KEY_PEM }}
|
||||||
known_hosts: no
|
known_hosts: unnecessary
|
||||||
- name: print created files
|
- name: print created files
|
||||||
run: ls -l /root/.ssh
|
run: ls -l /root/.ssh
|
||||||
|
|
|
||||||
|
|
@ -311,8 +311,8 @@ jobs:
|
||||||
- name: git clone through SSH
|
- name: git clone through SSH
|
||||||
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
|
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
|
||||||
|
|
||||||
no_known_hosts:
|
known_hosts-unnecessary:
|
||||||
name: no known_hosts file
|
name: without known_hosts file
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
container: ${{ matrix.container }}
|
container: ${{ matrix.container }}
|
||||||
strategy:
|
strategy:
|
||||||
|
|
@ -337,6 +337,6 @@ jobs:
|
||||||
uses: ./.
|
uses: ./.
|
||||||
with:
|
with:
|
||||||
key: ${{ secrets.SSH_KEY_PEM }}
|
key: ${{ secrets.SSH_KEY_PEM }}
|
||||||
known_hosts: no
|
known_hosts: unnecessary
|
||||||
- name: print created files
|
- name: print created files
|
||||||
run: ls -l /root/.ssh
|
run: ls -l /root/.ssh
|
||||||
|
|
|
||||||
6
.github/workflows/verify-on-macos.yml
vendored
6
.github/workflows/verify-on-macos.yml
vendored
|
|
@ -238,8 +238,8 @@ jobs:
|
||||||
- name: git clone through SSH
|
- name: git clone through SSH
|
||||||
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
|
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
|
||||||
|
|
||||||
no_known_hosts:
|
known_hosts-unnecessary:
|
||||||
name: no known_hosts file
|
name: without known_hosts file
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
|
|
@ -255,6 +255,6 @@ jobs:
|
||||||
uses: ./.
|
uses: ./.
|
||||||
with:
|
with:
|
||||||
key: ${{ secrets.SSH_KEY_PEM }}
|
key: ${{ secrets.SSH_KEY_PEM }}
|
||||||
known_hosts: no
|
known_hosts: unnecessary
|
||||||
- name: print created files
|
- name: print created files
|
||||||
run: ls -l ~/.ssh
|
run: ls -l ~/.ssh
|
||||||
|
|
|
||||||
6
.github/workflows/verify-on-ubuntu.yml
vendored
6
.github/workflows/verify-on-ubuntu.yml
vendored
|
|
@ -258,8 +258,8 @@ jobs:
|
||||||
- name: git clone through SSH
|
- name: git clone through SSH
|
||||||
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
|
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
|
||||||
|
|
||||||
no_known_hosts:
|
known_hosts-unnecessary:
|
||||||
name: no known_hosts file
|
name: without known_hosts file
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
|
|
@ -275,6 +275,6 @@ jobs:
|
||||||
uses: ./.
|
uses: ./.
|
||||||
with:
|
with:
|
||||||
key: ${{ secrets.SSH_KEY_PEM }}
|
key: ${{ secrets.SSH_KEY_PEM }}
|
||||||
known_hosts: no
|
known_hosts: unnecessary
|
||||||
- name: print created files
|
- name: print created files
|
||||||
run: ls -l ~/.ssh
|
run: ls -l ~/.ssh
|
||||||
|
|
|
||||||
6
.github/workflows/verify-on-windows.yml
vendored
6
.github/workflows/verify-on-windows.yml
vendored
|
|
@ -238,8 +238,8 @@ jobs:
|
||||||
- name: git clone through SSH
|
- name: git clone through SSH
|
||||||
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
|
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
|
||||||
|
|
||||||
no_known_hosts:
|
known_hosts-unnecessary:
|
||||||
name: no known_hosts file
|
name: without known_hosts file
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
|
|
@ -255,6 +255,6 @@ jobs:
|
||||||
uses: ./.
|
uses: ./.
|
||||||
with:
|
with:
|
||||||
key: ${{ secrets.SSH_KEY_PEM }}
|
key: ${{ secrets.SSH_KEY_PEM }}
|
||||||
known_hosts: no
|
known_hosts: unnecessary
|
||||||
- name: print created files
|
- name: print created files
|
||||||
run: ls -l ~/.ssh
|
run: ls -l ~/.ssh
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,7 @@ steps:
|
||||||
with:
|
with:
|
||||||
key: ${{ secrets.SSH_KEY }}
|
key: ${{ secrets.SSH_KEY }}
|
||||||
name: id_rsa # optional
|
name: id_rsa # optional
|
||||||
known_hosts: ${{ secrets.KNOWN_HOSTS }} # known_hosts; set to "no" in order to omit
|
known_hosts: ${{ secrets.KNOWN_HOSTS }}
|
||||||
config: ${{ secrets.CONFIG }} # ssh_config; optional
|
config: ${{ secrets.CONFIG }} # ssh_config; optional
|
||||||
if_key_exists: fail # replace / ignore / fail; optional (defaults to fail)
|
if_key_exists: fail # replace / ignore / fail; optional (defaults to fail)
|
||||||
- name: rsync over ssh
|
- name: rsync over ssh
|
||||||
|
|
@ -43,8 +43,6 @@ steps:
|
||||||
|
|
||||||
See [Workflow syntax for GitHub Actions](https://help.github.com/en/articles/workflow-syntax-for-github-actions) for details.
|
See [Workflow syntax for GitHub Actions](https://help.github.com/en/articles/workflow-syntax-for-github-actions) for details.
|
||||||
|
|
||||||
**NOTE:** `known_hosts: no` with `StrictHostKeyChecking=no` is not secure. Use it ONLY IF you are using secure methods, such as SSHFP and signed server key.
|
|
||||||
|
|
||||||
### Install multiple keys
|
### Install multiple keys
|
||||||
|
|
||||||
If you want to install multiple keys, call this action multiple times.
|
If you want to install multiple keys, call this action multiple times.
|
||||||
|
|
@ -110,7 +108,7 @@ If **"It is hard to prefetch server key because the server will be created dynam
|
||||||
By the way, there are some secure methods to SSH without `known_hosts`, such as SSHFP and signed server key.
|
By the way, there are some secure methods to SSH without `known_hosts`, such as SSHFP and signed server key.
|
||||||
And here is a special value to omit `known_hosts`. You should use it ONLY IF you are sure that it is secure enough.
|
And here is a special value to omit `known_hosts`. You should use it ONLY IF you are sure that it is secure enough.
|
||||||
You should use it ONLY IF you are using secure methods...
|
You should use it ONLY IF you are using secure methods...
|
||||||
It is `known_hosts: no`.
|
It is `known_hosts: unnecessary`.
|
||||||
|
|
||||||
### How do I use encrypted SSH key?
|
### How do I use encrypted SSH key?
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -456,7 +456,7 @@ function main() {
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
if (knownHosts !== "no") {
|
if (knownHosts !== "unnecessary") {
|
||||||
files.push({
|
files.push({
|
||||||
name: "known_hosts",
|
name: "known_hosts",
|
||||||
contents: insertLf(knownHosts, true, true),
|
contents: insertLf(knownHosts, true, true),
|
||||||
|
|
|
||||||
|
|
@ -49,7 +49,7 @@ function main(): void
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
if(knownHosts !== "no")
|
if(knownHosts !== "unnecessary")
|
||||||
{
|
{
|
||||||
files.push({
|
files.push({
|
||||||
name: "known_hosts",
|
name: "known_hosts",
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue