mirror of
https://github.com/shimataro/ssh-key-action.git
synced 2025-06-19 22:52:10 +10:00
Feature/no known hosts (#181)
* add "if_key_exists" * add test * fix flag * fix SSH connection commands * add test for if_key_exists=ignore * add test for if_key_exists=fail * add tests to Windows / macOS * update CHANGELOG * update badges * update README * fix README * update README * test no_known_hosts parameter * implement * ignore known_hosts if no_known_hosts is true * refactor * no_known_hosts is false * Revert "no_known_hosts is false" This reverts commit206d310c5c. * test on Windows / macOS * test on Docker containers * add tests for Docker containers * test no_known_hosts parameter * implement * ignore known_hosts if no_known_hosts is true * refactor * no_known_hosts is false * Revert "no_known_hosts is false" This reverts commit206d310c5c. * test on Windows / macOS * test on Docker containers * use `known_hosts: no` instead of `no_known_hosts: true` * update README * update README * "known_hosts: no" -> "known_hosts: unnecessary" * update README * update README * update CHANGELOG
This commit is contained in:
shimataro
GitHub
parent
f8aa6610de
commit
954c620b17
10 changed files with 208 additions and 37 deletions
14
README.md
14
README.md
|
|
@ -50,7 +50,7 @@ See [Workflow syntax for GitHub Actions](https://help.github.com/en/articles/wor
|
|||
If you want to install multiple keys, call this action multiple times.
|
||||
It is useful for port forwarding.
|
||||
|
||||
**NOTE:** When this action is called multiple times, **the contents of `known_hosts` and `config` will be appended**. `key` must be saved as different name, by using `name` option.
|
||||
**NOTE:** When this action is called multiple times, **the contents of `known_hosts` and `config` will be appended**. `key` must be saved as different name, by using `name` option.
|
||||
|
||||
```yaml
|
||||
runs-on: ubuntu-latest
|
||||
|
|
@ -133,6 +133,18 @@ It has some advantages over other methods:
|
|||
* And will be updated continuously.
|
||||
* if security incident ―e.g., private key leaked― occurs, it's OK just to remove `authorized_keys` on bastion.
|
||||
|
||||
### I want to omit `known_hosts`.
|
||||
|
||||
First of all, you have to understand that it is NOT secure to SSH with no `known_hosts` and using `StrictHostKeyChecking=no` option.
|
||||
|
||||
Why do you want to omit it?
|
||||
If the reason is **"I'm not understanding about the function of `known_hosts`"** or **"It's bother to fetch server key"**, you should not omit.
|
||||
If **"It is hard to prefetch server key because the server will be created dynamically"**, you can use bastion server.
|
||||
|
||||
**"`known_hosts` is unnecessary because I'm using secure method for SSH, such as SSHFP and signed server key."** — OK, here is a special value to omit `known_hosts`.
|
||||
You should use it ONLY IF you are using secure methods...
|
||||
It is `known_hosts: unnecessary`.
|
||||
|
||||
## License
|
||||
|
||||
The scripts and documentation in this project are released under the [MIT License](LICENSE)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue