diff --git a/README.md b/README.md index a2d42a3..9fa93f0 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,111 @@ SSH Proxy Setting: * proxy_fingerprint - fingerprint SHA256 of the host public key, default is to skip verification * proxy_use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#15](https://github.com/appleboy/scp-action/issues/15)) +### Setting up a SSH Key + +Make sure to follow the below steps while creating SSH Keys and using them. +The best practice is create the SSH Keys on local machine not remote machine. +Login with username specified in Github Secrets. Generate a RSA Key-Pair: + +
+rsa +

+ +```bash +ssh-keygen -t rsa -b 4096 -C "your_email@example.com" +``` + +

+
+ +
+ed25519 +

+ +```bash +ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" +``` + +

+
+ +Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). + +
+rsa +

+ +```bash +cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' +``` + +

+
+ +
+ed25519 +

+ +```bash +cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' +``` + +

+
+ +Copy Private Key content and paste in Github Secrets. + +
+rsa +

+ +```bash +clip < ~/.ssh/id_rsa +``` + +

+
+ +
+ed25519 +

+ +```bash +clip < ~/.ssh/id_ed25519 +``` + +

+
+ +See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html). + +**A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes: + +* Put the public key in `.ssh/authorized_keys2` +* Change the permissions of `.ssh` to 700 +* Change the permissions of `.ssh/authorized_keys2` to 640 + +### If you are using OpenSSH + +If you are currently using OpenSSH and are getting the following error: + +```bash +ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] +``` + +Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under +`/etc/ssh/sshd_config.d/`): + +```bash +CASignatureAlgorithms +ssh-rsa +``` + +Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed: + +```bash +ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" +``` + ### Example Copy file via a SSH password: