docs: add new section: Setting up a SSH Key

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2024-11-12 12:38:08 +00:00 · 2022-07-30 10:23:52 +08:00 · 2022-07-30 10:23:52 +08:00 · 7f8a7c1019
commit 7f8a7c1019
parent 2ce642f289
1 changed files with 105 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -66,6 +66,111 @@ SSH Proxy Setting:
 * proxy_fingerprint - fingerprint SHA256 of the host public key, default is to skip verification
 * proxy_use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#15](https://github.com/appleboy/scp-action/issues/15))

+### Setting up a SSH Key
+
+Make sure to follow the below steps while creating SSH Keys and using them.
+The best practice is create the SSH Keys on local machine not remote machine.
+Login with username specified in Github Secrets. Generate a RSA Key-Pair:
+
+<details>
+<summary>rsa</summary>
+<p>
+
+```bash
+ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
+```
+
+</p>
+</details>
+
+<details>
+<summary>ed25519</summary>
+<p>
+
+```bash
+ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
+```
+
+</p>
+</details>
+
+Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/).
+
+<details>
+<summary>rsa</summary>
+<p>
+
+```bash
+cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
+```
+
+</p>
+</details>
+
+<details>
+<summary>ed25519</summary>
+<p>
+
+```bash
+cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'
+```
+
+</p>
+</details>
+
+Copy Private Key content and paste in Github Secrets.
+
+<details>
+<summary>rsa</summary>
+<p>
+
+```bash
+clip < ~/.ssh/id_rsa
+```
+
+</p>
+</details>
+
+<details>
+<summary>ed25519</summary>
+<p>
+
+```bash
+clip < ~/.ssh/id_ed25519
+```
+
+</p>
+</details>
+
+See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html).
+
+**A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes:
+
+* Put the public key in `.ssh/authorized_keys2`
+* Change the permissions of `.ssh` to 700
+* Change the permissions of `.ssh/authorized_keys2` to 640
+
+### If you are using OpenSSH
+
+If you are currently using OpenSSH and are getting the following error:
+
+```bash
+ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
+```
+
+Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under 
+`/etc/ssh/sshd_config.d/`):
+
+```bash
+CASignatureAlgorithms +ssh-rsa
+```
+
+Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed:
+
+```bash
+ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
+```
+
 ### Example

 Copy file via a SSH password: