"known_hosts: no" -> "known_hosts: unnecessary"

2025-06-19 22:52:10 +10:00 · 2021-03-09 18:49:46 +09:00 · 2021-03-09 18:49:46 +09:00 · 5e5ec7bdcb
commit 5e5ec7bdcb
parent f175db27c6
8 changed files with 19 additions and 21 deletions
--- a/.github/workflows/verify-on-container-centos.yml
+++ b/.github/workflows/verify-on-container-centos.yml
@ -293,8 +293,8 @@ jobs:
    - name: git clone through SSH
      run: git clone git@github.com:shimataro/ssh-key-action.git tmp

-  no_known_hosts:
-    name: no known_hosts file
+  known_hosts-unnecessary:
+    name: without known_hosts file
    runs-on: ${{ matrix.os }}
    container: ${{ matrix.container }}
    strategy:
@ -317,6 +317,6 @@ jobs:
      uses: ./.
      with:
        key: ${{ secrets.SSH_KEY_PEM }}
-        known_hosts: no
+        known_hosts: unnecessary
    - name: print created files
      run: ls -l /root/.ssh
--- a/.github/workflows/verify-on-container-ubuntu.yml
+++ b/.github/workflows/verify-on-container-ubuntu.yml
@ -311,8 +311,8 @@ jobs:
    - name: git clone through SSH
      run: git clone git@github.com:shimataro/ssh-key-action.git tmp

-  no_known_hosts:
-    name: no known_hosts file
+  known_hosts-unnecessary:
+    name: without known_hosts file
    runs-on: ${{ matrix.os }}
    container: ${{ matrix.container }}
    strategy:
@ -337,6 +337,6 @@ jobs:
      uses: ./.
      with:
        key: ${{ secrets.SSH_KEY_PEM }}
-        known_hosts: no
+        known_hosts: unnecessary
    - name: print created files
      run: ls -l /root/.ssh
--- a/.github/workflows/verify-on-macos.yml
+++ b/.github/workflows/verify-on-macos.yml
@ -238,8 +238,8 @@ jobs:
    - name: git clone through SSH
      run: git clone git@github.com:shimataro/ssh-key-action.git tmp

-  no_known_hosts:
-    name: no known_hosts file
+  known_hosts-unnecessary:
+    name: without known_hosts file
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
@ -255,6 +255,6 @@ jobs:
      uses: ./.
      with:
        key: ${{ secrets.SSH_KEY_PEM }}
-        known_hosts: no
+        known_hosts: unnecessary
    - name: print created files
      run: ls -l ~/.ssh
--- a/.github/workflows/verify-on-ubuntu.yml
+++ b/.github/workflows/verify-on-ubuntu.yml
@ -258,8 +258,8 @@ jobs:
    - name: git clone through SSH
      run: git clone git@github.com:shimataro/ssh-key-action.git tmp

-  no_known_hosts:
-    name: no known_hosts file
+  known_hosts-unnecessary:
+    name: without known_hosts file
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
@ -275,6 +275,6 @@ jobs:
      uses: ./.
      with:
        key: ${{ secrets.SSH_KEY_PEM }}
-        known_hosts: no
+        known_hosts: unnecessary
    - name: print created files
      run: ls -l ~/.ssh
--- a/.github/workflows/verify-on-windows.yml
+++ b/.github/workflows/verify-on-windows.yml
@ -238,8 +238,8 @@ jobs:
    - name: git clone through SSH
      run: git clone git@github.com:shimataro/ssh-key-action.git tmp

-  no_known_hosts:
-    name: no known_hosts file
+  known_hosts-unnecessary:
+    name: without known_hosts file
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
@ -255,6 +255,6 @@ jobs:
      uses: ./.
      with:
        key: ${{ secrets.SSH_KEY_PEM }}
-        known_hosts: no
+        known_hosts: unnecessary
    - name: print created files
      run: ls -l ~/.ssh
--- a/README.md
+++ b/README.md
@ -34,7 +34,7 @@ steps:
  with:
    key: ${{ secrets.SSH_KEY }}
    name: id_rsa # optional
-    known_hosts: ${{ secrets.KNOWN_HOSTS }} # known_hosts; set to "no" in order to omit
+    known_hosts: ${{ secrets.KNOWN_HOSTS }}
    config: ${{ secrets.CONFIG }} # ssh_config; optional
    if_key_exists: fail # replace / ignore / fail; optional (defaults to fail)
 - name: rsync over ssh
@ -43,8 +43,6 @@ steps:

 See [Workflow syntax for GitHub Actions](https://help.github.com/en/articles/workflow-syntax-for-github-actions) for details.

-**NOTE:** `known_hosts: no` with `StrictHostKeyChecking=no` is not secure. Use it ONLY IF you are using secure methods, such as SSHFP and signed server key.
-
 ### Install multiple keys

 If you want to install multiple keys, call this action multiple times.
@ -110,7 +108,7 @@ If **"It is hard to prefetch server key because the server will be created dynam
 By the way, there are some secure methods to SSH without `known_hosts`, such as SSHFP and signed server key.
 And here is a special value to omit `known_hosts`. You should use it ONLY IF you are sure that it is secure enough.
 You should use it ONLY IF you are using secure methods...
-It is `known_hosts: no`.
+It is `known_hosts: unnecessary`.

 ### How do I use encrypted SSH key?

--- a/lib/index.js
+++ b/lib/index.js
@ -456,7 +456,7 @@ function main() {
                },
            });
        }
-        if (knownHosts !== "no") {
+        if (knownHosts !== "unnecessary") {
            files.push({
                name: "known_hosts",
                contents: insertLf(knownHosts, true, true),
--- a/src/main.ts
+++ b/src/main.ts
@ -49,7 +49,7 @@ function main(): void
 				},
 			});
 		}
-		if(knownHosts !== "no")
+		if(knownHosts !== "unnecessary")
 		{
 			files.push({
 				name: "known_hosts",