actions/ssh-key-action
1
0
Fork 0
mirror of https://github.com/shimataro/ssh-key-action.git synced 2025-06-19 22:52:10 +10:00
Code Activity

update README

Browse source
This commit is contained in:
shimataro 2021-03-09 13:58:27 +09:00
parent 7b4e14149a
commit f175db27c6
No known key found for this signature in database
GPG key ID: BE92C05736911A9D
2 changed files with 14 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

18
README.md
View file

@ -43,12 +43,14 @@ steps:
See [Workflow syntax for GitHub Actions](https://help.github.com/en/articles/workflow-syntax-for-github-actions) for details. See [Workflow syntax for GitHub Actions](https://help.github.com/en/articles/workflow-syntax-for-github-actions) for details.
**NOTE:** `known_hosts: no` with `StrictHostKeyChecking=no` is not secure. Use it ONLY IF you are using secure methods, such as SSHFP and signed server key.
### Install multiple keys ### Install multiple keys
If you want to install multiple keys, call this action multiple times. If you want to install multiple keys, call this action multiple times.
It is useful for port forwarding. It is useful for port forwarding.
**NOTE:** When this action is called multiple times, **the contents of `known_hosts` and `config` will be appended**. `key` must be saved as different name, by using `name` option. **NOTE:** When this action is called multiple times, **the contents of `known_hosts` and `config` will be appended**. `key` must be saved as different name, by using `name` option.
```yaml ```yaml
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -97,12 +99,18 @@ Use `if_key_exists` parameter.
* `ignore`: does nothing * `ignore`: does nothing
* `fail`: fails (default) * `fail`: fails (default)
### Why is it required to set `known_hosts` to `no`? Isn't it better to make `known_hosts` just omitable? ### I want to omit `known_hosts`.
It's for a heads up, in order not to omit without thinking. First of all, you have to understand that it is NOT secure to SSH with no `known_hosts` and using `StrictHostKeyChecking=no` option.
You should understand that it is not secure to SSH with no `known_hosts` file and using `StrictHostKeyChecking=no` option. Why do you want to omit it?
And should set `known_hosts` to `no` ONLY IF you are using secure methods, such as SSHFP and signed server key. If the reason is **"I'm not understanding about the function of `known_hosts`"** or **"It's bother to fetch server key"**, you should not omit.
If **"It is hard to prefetch server key because the server will be created dynamically"**, you can use bastion server.
By the way, there are some secure methods to SSH without `known_hosts`, such as SSHFP and signed server key.
And here is a special value to omit `known_hosts`. You should use it ONLY IF you are sure that it is secure enough.
You should use it ONLY IF you are using secure methods...
It is `known_hosts: no`.
### How do I use encrypted SSH key? ### How do I use encrypted SSH key?

2
action.yml
View file

@ -14,7 +14,7 @@ inputs:
required: false required: false
default: "id_rsa" default: "id_rsa"
known_hosts: known_hosts:
description: "public keys of SSH servers, or set to 'no' in order to omit it" description: "public keys of SSH servers"
required: true required: true
default: "" default: ""
config: config: