actions/ssh-key-action
1
0
Fork 0
mirror of https://github.com/shimataro/ssh-key-action.git synced 2025-06-19 22:52:10 +10:00
Code Activity

Feature/no known hosts (#181)

Browse source 
* add "if_key_exists"

* add test

* fix flag

* fix SSH connection commands

* add test for if_key_exists=ignore

* add test for if_key_exists=fail

* add tests to Windows / macOS

* update CHANGELOG

* update badges

* update README

* fix README

* update README

* test no_known_hosts parameter

* implement

* ignore known_hosts if no_known_hosts is true

* refactor

* no_known_hosts is false

* Revert "no_known_hosts is false"

This reverts commit 206d310c5c.

* test on Windows / macOS

* test on Docker containers

* add tests for Docker containers

* test no_known_hosts parameter

* implement

* ignore known_hosts if no_known_hosts is true

* refactor

* no_known_hosts is false

* Revert "no_known_hosts is false"

This reverts commit 206d310c5c.

* test on Windows / macOS

* test on Docker containers

* use `known_hosts: no` instead of `no_known_hosts: true`

* update README

* update README

* "known_hosts: no" -> "known_hosts: unnecessary"

* update README

* update README

* update CHANGELOG
This commit is contained in:
shimataro 2021-03-21 15:43:28 +09:00 committed by GitHub
parent f8aa6610de
commit 954c620b17
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 208 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

29
.github/workflows/verify-on-container-alpine.yml vendored
View file

@ -301,3 +301,32 @@ jobs:
run: ls -l /root/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
known_hosts-unnecessary:
name: without known_hosts file
runs-on: ${{ matrix.os }}
container: ${{ matrix.container }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-16.04
- ubuntu-18.04
- ubuntu-20.04
container:
- alpine:3.10
- alpine:3.11
- alpine:3.12
- alpine:3.13
steps:
- name: Install packages
run: apk add openssh-client git
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: unnecessary
- name: print created files
run: ls -l /root/.ssh

28
.github/workflows/verify-on-container-centos.yml vendored
View file

@ -292,3 +292,31 @@ jobs:
run: ls -l /root/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
known_hosts-unnecessary:
name: without known_hosts file
runs-on: ${{ matrix.os }}
container: ${{ matrix.container }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-16.04
- ubuntu-18.04
- ubuntu-20.04
container:
- centos:7
- centos:8
steps:
- name: Install packages
run: |
yum install -y git openssh-clients
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: unnecessary
- name: print created files
run: ls -l /root/.ssh

30
.github/workflows/verify-on-container-ubuntu.yml vendored
View file

@ -310,3 +310,33 @@ jobs:
run: ls -l /root/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
known_hosts-unnecessary:
name: without known_hosts file
runs-on: ${{ matrix.os }}
container: ${{ matrix.container }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-16.04
- ubuntu-18.04
- ubuntu-20.04
container:
- ubuntu:16.04
- ubuntu:18.04
- ubuntu:20.04
steps:
- name: Install packages
run: |
apt update
apt -y install openssh-client git
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: unnecessary
- name: print created files
run: ls -l /root/.ssh

21
.github/workflows/verify-on-macos.yml vendored
View file

@ -237,3 +237,24 @@ jobs:
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
known_hosts-unnecessary:
name: without known_hosts file
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-16.04
- ubuntu-18.04
- ubuntu-20.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: unnecessary
- name: print created files
run: ls -l ~/.ssh

21
.github/workflows/verify-on-ubuntu.yml vendored
View file

@ -257,3 +257,24 @@ jobs:
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
known_hosts-unnecessary:
name: without known_hosts file
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-16.04
- ubuntu-18.04
- ubuntu-20.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: unnecessary
- name: print created files
run: ls -l ~/.ssh

21
.github/workflows/verify-on-windows.yml vendored
View file

@ -237,3 +237,24 @@ jobs:
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
known_hosts-unnecessary:
name: without known_hosts file
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-16.04
- ubuntu-18.04
- ubuntu-20.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: unnecessary
- name: print created files
run: ls -l ~/.ssh

1
CHANGELOG.md
View file

@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
### Added
* `if_key_exists` parameter
* `known_hosts: unnecessary`
* Support Alpine Linux Docker container
## [2.2.0] - 2021-02-27

14
README.md
View file

@ -50,7 +50,7 @@ See [Workflow syntax for GitHub Actions](https://help.github.com/en/articles/wor
If you want to install multiple keys, call this action multiple times.
It is useful for port forwarding.
**NOTE:** When this action is called multiple times, **the contents of `known_hosts` and `config` will be appended**. `key` must be saved as different name, by using `name` option.
**NOTE:** When this action is called multiple times, **the contents of `known_hosts` and `config` will be appended**. `key` must be saved as different name, by using `name` option.
```yaml
runs-on: ubuntu-latest
@ -133,6 +133,18 @@ It has some advantages over other methods:
* And will be updated continuously.
* if security incident ―e.g., private key leaked― occurs, it's OK just to remove `authorized_keys` on bastion.
### I want to omit `known_hosts`.
First of all, you have to understand that it is NOT secure to SSH with no `known_hosts` and using `StrictHostKeyChecking=no` option.
Why do you want to omit it?
If the reason is **"I'm not understanding about the function of `known_hosts`"** or **"It's bother to fetch server key"**, you should not omit.
If **"It is hard to prefetch server key because the server will be created dynamically"**, you can use bastion server.
**"`known_hosts` is unnecessary because I'm using secure method for SSH, such as SSHFP and signed server key."** — OK, here is a special value to omit `known_hosts`.
You should use it ONLY IF you are using secure methods...
It is `known_hosts: unnecessary`.
## License
The scripts and documentation in this project are released under the [MIT License](LICENSE)

39
lib/index.js
View file

@ -445,24 +445,7 @@ function main() {
mode: 0o700,
});
// files to be created
const files = [
{
name: "known_hosts",
contents: insertLf(knownHosts, true, true),
options: {
mode: 0o644,
flag: "a",
},
},
{
name: "config",
contents: insertLf(config, true, true),
options: {
mode: 0o644,
flag: "a",
},
},
];
const files = [];
if (shouldCreateKeyFile(path_1.default.join(dirName, name), ifKeyExists)) {
files.push({
name: name,
@ -473,6 +456,26 @@ function main() {
},
});
}
if (knownHosts !== "unnecessary") {
files.push({
name: "known_hosts",
contents: insertLf(knownHosts, true, true),
options: {
mode: 0o644,
flag: "a",
},
});
}
if (config !== "") {
files.push({
name: "config",
contents: insertLf(config, true, true),
options: {
mode: 0o644,
flag: "a",
},
});
}
// create files
for (const file of files) {
const fileName = path_1.default.join(dirName, file.name);

41
src/main.ts
View file

@ -37,24 +37,7 @@ function main(): void
});
// files to be created
const files: FileInfo[] = [
{
name: "known_hosts",
contents: insertLf(knownHosts, true, true),
options: {
mode: 0o644,
flag: "a",
},
},
{
name: "config",
contents: insertLf(config, true, true),
options: {
mode: 0o644,
flag: "a",
},
},
];
const files: FileInfo[] = [];
if(shouldCreateKeyFile(path.join(dirName, name), ifKeyExists))
{
files.push({
@ -66,6 +49,28 @@ function main(): void
},
});
}
if(knownHosts !== "unnecessary")
{
files.push({
name: "known_hosts",
contents: insertLf(knownHosts, true, true),
options: {
mode: 0o644,
flag: "a",
},
});
}
if(config !== "")
{
files.push({
name: "config",
contents: insertLf(config, true, true),
options: {
mode: 0o644,
flag: "a",
},
});
}
// create files
for(const file of files)