actions/ssh-key-action
1
0
Fork 0
mirror of https://github.com/shimataro/ssh-key-action.git synced 2025-06-19 22:52:10 +10:00
Code Activity

update README

Browse source
This commit is contained in:
shimataro 2021-03-10 19:37:46 +09:00
parent 5e5ec7bdcb
commit 9dc7b32ce8
No known key found for this signature in database
GPG key ID: BE92C05736911A9D
1 changed files with 12 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

25
README.md
View file

@ -97,19 +97,6 @@ Use `if_key_exists` parameter.
* `ignore`: does nothing
* `fail`: fails (default)
### I want to omit `known_hosts`.
First of all, you have to understand that it is NOT secure to SSH with no `known_hosts` and using `StrictHostKeyChecking=no` option.
Why do you want to omit it?
If the reason is **"I'm not understanding about the function of `known_hosts`"** or **"It's bother to fetch server key"**, you should not omit.
If **"It is hard to prefetch server key because the server will be created dynamically"**, you can use bastion server.
By the way, there are some secure methods to SSH without `known_hosts`, such as SSHFP and signed server key.
And here is a special value to omit `known_hosts`. You should use it ONLY IF you are sure that it is secure enough.
You should use it ONLY IF you are using secure methods...
It is `known_hosts: unnecessary`.
### How do I use encrypted SSH key?
This action doesn't support encrypted key directly.
@ -144,6 +131,18 @@ It has some advantages over other methods:
* And will be updated continuously.
* if security incident ―e.g., private key leaked― occurs, it's OK just to remove `authorized_keys` on bastion.
### I want to omit `known_hosts`.
First of all, you have to understand that it is NOT secure to SSH with no `known_hosts` and using `StrictHostKeyChecking=no` option.
Why do you want to omit it?
If the reason is **"I'm not understanding about the function of `known_hosts`"** or **"It's bother to fetch server key"**, you should not omit.
If **"It is hard to prefetch server key because the server will be created dynamically"**, you can use bastion server.
By the way, there are some secure methods to SSH without `known_hosts`, such as SSHFP and signed server key.
And here is a special value to omit `known_hosts`. You should use it ONLY IF you are using secure methods...
It is `known_hosts: unnecessary`.
## License
The scripts and documentation in this project are released under the [MIT License](LICENSE)