mirror of
https://github.com/appleboy/ssh-action.git
synced 2026-07-12 08:15:36 +00:00
Compare commits
No commits in common. "039c9e07bb37b35054415f27cdbfd7645237832d" and "92737056c0040ce12606ea20e76e4bcb9824d517" have entirely different histories.
039c9e07bb
...
92737056c0
36
README.md
36
README.md
@ -1,18 +1,18 @@
|
|||||||
# 🚀 SSH for GitHub Actions
|
# 🚀 SSH for GitHub Actions
|
||||||
|
|
||||||
English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md)
|
[繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md)
|
||||||
|
|
||||||
A [GitHub Action](https://github.com/features/actions) for executing remote SSH commands.
|
[GitHub Action](https://github.com/features/actions) for executing remote SSH commands.
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
[](https://github.com/appleboy/ssh-action/actions/workflows/main.yml)
|
[](https://github.com/appleboy/ssh-action/actions/workflows/main.yml)
|
||||||
|
|
||||||
This project is built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀
|
This project is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀
|
||||||
|
|
||||||
## Input variables
|
## Input variables
|
||||||
|
|
||||||
Refer to [action.yml](./action.yml) for more detailed information.
|
See [action.yml](./action.yml) for more detailed information.
|
||||||
|
|
||||||
| Input Parameter | Description | Default Value |
|
| Input Parameter | Description | Default Value |
|
||||||
| ------------------------- | ---------------------------------------------------------------------------------------- | ------------- |
|
| ------------------------- | ---------------------------------------------------------------------------------------- | ------------- |
|
||||||
@ -88,9 +88,9 @@ linuxserver.io
|
|||||||
|
|
||||||
### Setting up a SSH Key
|
### Setting up a SSH Key
|
||||||
|
|
||||||
Follow the steps below to create and use SSH Keys.
|
Make sure to follow the below steps while creating SSH Keys and using them.
|
||||||
It is best practice to create SSH Keys on your local machine, not on a remote machine.
|
The best practice is create the SSH Keys on local machine not remote machine.
|
||||||
Log in with the username specified in GitHub Secrets and generate an RSA Key-Pair:
|
Login with username specified in Github Secrets. Generate a RSA Key-Pair:
|
||||||
|
|
||||||
### Generate rsa key
|
### Generate rsa key
|
||||||
|
|
||||||
@ -104,7 +104,7 @@ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
|
|||||||
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
||||||
```
|
```
|
||||||
|
|
||||||
Add the newly generated key to the Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/).
|
Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/).
|
||||||
|
|
||||||
### Add rsa key into Authorized keys
|
### Add rsa key into Authorized keys
|
||||||
|
|
||||||
@ -118,18 +118,18 @@ cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
|
|||||||
cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'
|
cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'
|
||||||
```
|
```
|
||||||
|
|
||||||
Copy the Private Key content and paste it into GitHub Secrets.
|
Copy Private Key content and paste in Github Secrets.
|
||||||
|
|
||||||
### Copy rsa Private key
|
### Copy rsa Private key
|
||||||
|
|
||||||
Before copying the private key, install the `clip` command as shown below:
|
Before copying the private key, install `clip` command as shown below:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Ubuntu
|
# Ubuntu
|
||||||
sudo apt-get install xclip
|
sudo apt-get install xclip
|
||||||
```
|
```
|
||||||
|
|
||||||
Copy the private key:
|
copy the private key:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# macOS
|
# macOS
|
||||||
@ -138,8 +138,6 @@ pbcopy < ~/.ssh/id_rsa
|
|||||||
xclip < ~/.ssh/id_rsa
|
xclip < ~/.ssh/id_rsa
|
||||||
```
|
```
|
||||||
|
|
||||||
Starting from and including the comment section `-----BEGIN OPENSSH PRIVATE KEY-----` and ending at and including the comment section `-----END OPENSSH PRIVATE KEY-----`, copy the private key and paste it into GitHub Secrets.
|
|
||||||
|
|
||||||
### Copy ed25519 Private key
|
### Copy ed25519 Private key
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -149,9 +147,9 @@ pbcopy < ~/.ssh/id_ed25519
|
|||||||
xclip < ~/.ssh/id_ed25519
|
xclip < ~/.ssh/id_ed25519
|
||||||
```
|
```
|
||||||
|
|
||||||
See detailed information about [SSH login without a password](http://www.linuxproblem.org/art_9.html).
|
See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html).
|
||||||
|
|
||||||
**Note**: Depending on your version of SSH, you might also need to make the following changes:
|
**A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes:
|
||||||
|
|
||||||
- Put the public key in `.ssh/authorized_keys2`
|
- Put the public key in `.ssh/authorized_keys2`
|
||||||
- Change the permissions of `.ssh` to 700
|
- Change the permissions of `.ssh` to 700
|
||||||
@ -165,13 +163,13 @@ If you are currently using OpenSSH and are getting the following error:
|
|||||||
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
|
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
|
||||||
```
|
```
|
||||||
|
|
||||||
Ensure that your chosen key algorithm is supported. On Ubuntu 20.04 or later, you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`):
|
Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`):
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
CASignatureAlgorithms +ssh-rsa
|
CASignatureAlgorithms +ssh-rsa
|
||||||
```
|
```
|
||||||
|
|
||||||
Alternatively, `ed25519` keys are accepted by default in OpenSSH. You can use this instead of rsa if needed:
|
Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
||||||
@ -402,7 +400,7 @@ Now you can adjust you config:
|
|||||||
|
|
||||||
See the [issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non interactive shell. Thanks @kocyigityunus for the solution.
|
See the [issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non interactive shell. Thanks @kocyigityunus for the solution.
|
||||||
|
|
||||||
If you are running a command in a non-interactive shell, like ssh-action, on many Linux distros,
|
Basically, if you are running a command in a non interactive shell, like ssh-action, on many linux distros,
|
||||||
|
|
||||||
`/etc/bash.bashrc` file has a specific command that returns only, so some of the files didn't run and some specific commands doesn't add to path,
|
`/etc/bash.bashrc` file has a specific command that returns only, so some of the files didn't run and some specific commands doesn't add to path,
|
||||||
|
|
||||||
@ -417,7 +415,7 @@ If you are running a command in a non-interactive shell, like ssh-action, on man
|
|||||||
[ -z "$PS1" ] && return`
|
[ -z "$PS1" ] && return`
|
||||||
```
|
```
|
||||||
|
|
||||||
comment out the line that returns early, and everything should work fine. Alternatively, you can use the real paths of the commands you want to use.
|
just comment out the line that returns early and everything should work fine, or you can use the real paths of the commands that you would like to use.
|
||||||
|
|
||||||
## Contributing
|
## Contributing
|
||||||
|
|
||||||
|
|||||||
135
README.zh-cn.md
135
README.zh-cn.md
@ -1,8 +1,8 @@
|
|||||||
# 🚀 用于 GitHub Actions 的 SSH
|
# 🚀 用于 GitHub Actions 的 SSH
|
||||||
|
|
||||||
[English](./README.md) | [繁體中文](./README.zh-tw.md) | 简体中文
|
[English](./README.md) | [繁體中文](./README.zh-tw.md)
|
||||||
|
|
||||||
一个用于执行远程 SSH 命令的 [GitHub Action](https://github.com/features/actions)。
|
[GitHub Action](https://github.com/features/actions) 用于执行远程 SSH 命令。
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
@ -12,7 +12,7 @@
|
|||||||
|
|
||||||
## 输入变量
|
## 输入变量
|
||||||
|
|
||||||
有关更详细的信息,请参阅 [action.yml](./action.yml)。
|
更详细的信息,请参考 [action.yml](./action.yml)。
|
||||||
|
|
||||||
| 输入参数 | 描述 | 默认值 |
|
| 输入参数 | 描述 | 默认值 |
|
||||||
| ------------------------- | ----------------------------------------------------- | ------ |
|
| ------------------------- | ----------------------------------------------------- | ------ |
|
||||||
@ -22,9 +22,9 @@
|
|||||||
| username | SSH 用户名 | |
|
| username | SSH 用户名 | |
|
||||||
| password | SSH 密码 | |
|
| password | SSH 密码 | |
|
||||||
| protocol | SSH 协议版本(tcp, tcp4, tcp6) | tcp |
|
| protocol | SSH 协议版本(tcp, tcp4, tcp6) | tcp |
|
||||||
| sync | 如果指定了多个主机,则启用同步执行 | false |
|
| sync | 如果有多个主机,启用同步执行 | false |
|
||||||
| use_insecure_cipher | 使用不安全的密码算法 | false |
|
| use_insecure_cipher | 使用不安全的密码算法 | false |
|
||||||
| cipher | 允许的密码算法。如果未指定,则使用适当的默认值 | |
|
| cipher | 允许的密码算法。如果未指定,则使用适当的算法 | |
|
||||||
| timeout | SSH 连接到主机的超时时间 | 30s |
|
| timeout | SSH 连接到主机的超时时间 | 30s |
|
||||||
| command_timeout | SSH 命令的超时时间 | 10m |
|
| command_timeout | SSH 命令的超时时间 | 10m |
|
||||||
| key | SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容 | |
|
| key | SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容 | |
|
||||||
@ -54,7 +54,7 @@
|
|||||||
|
|
||||||
## 使用方法
|
## 使用方法
|
||||||
|
|
||||||
执行远程 SSH 命令。
|
执行远程 SSH 命令
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
name: remote ssh command
|
name: remote ssh command
|
||||||
@ -68,19 +68,19 @@ jobs:
|
|||||||
uses: appleboy/ssh-action@v1.2.1
|
uses: appleboy/ssh-action@v1.2.1
|
||||||
with:
|
with:
|
||||||
host: ${{ secrets.HOST }}
|
host: ${{ secrets.HOST }}
|
||||||
username: linuxserver.io
|
username: ${{ secrets.USERNAME }}
|
||||||
password: ${{ secrets.PASSWORD }}
|
password: ${{ secrets.PASSWORD }}
|
||||||
port: ${{ secrets.PORT }}
|
port: ${{ secrets.PORT }}
|
||||||
script: whoami
|
script: whoami
|
||||||
```
|
```
|
||||||
|
|
||||||
输出:
|
画面输出
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
======CMD======
|
======CMD======
|
||||||
whoami
|
whoami
|
||||||
======END======
|
======END======
|
||||||
linuxserver.io
|
out: ***
|
||||||
===============================================
|
===============================================
|
||||||
✅ Successfully executed commands to all hosts.
|
✅ Successfully executed commands to all hosts.
|
||||||
===============================================
|
===============================================
|
||||||
@ -88,20 +88,18 @@ linuxserver.io
|
|||||||
|
|
||||||
### 设置 SSH 密钥
|
### 设置 SSH 密钥
|
||||||
|
|
||||||
请按照以下步骤创建和使用 SSH 密钥。
|
请在创建 SSH 密钥并使用 SSH 密钥时遵循以下步骤。最佳做法是在本地机器上创建 SSH 密钥而不是远程机器上。请使用 Github Secrets 中指定的用户名登录。生成 RSA 密钥:
|
||||||
最佳做法是在本地机器上创建 SSH 密钥,而不是在远程机器上。
|
|
||||||
使用 GitHub Secrets 中指定的用户名登录并生成 RSA 密钥对:
|
|
||||||
|
|
||||||
### 生成 RSA 密钥
|
### 生成 RSA 密钥
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
|
ssh-keygen -t rsa -b 4096 -C ”your_email@example.com“
|
||||||
```
|
```
|
||||||
|
|
||||||
### 生成 ed25519 密钥
|
### 生成 ed25519 密钥
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“
|
||||||
```
|
```
|
||||||
|
|
||||||
将新生成的密钥添加到已授权的密钥中。详细了解已授权的密钥请点[此处](https://www.ssh.com/ssh/authorized_keys/)。
|
将新生成的密钥添加到已授权的密钥中。详细了解已授权的密钥请点[此处](https://www.ssh.com/ssh/authorized_keys/)。
|
||||||
@ -109,49 +107,32 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
|||||||
### 将 RSA 密钥添加到已授权密钥中
|
### 将 RSA 密钥添加到已授权密钥中
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
|
cat .ssh/id_rsa.pub | ssh b@B ’cat >> .ssh/authorized_keys‘
|
||||||
```
|
```
|
||||||
|
|
||||||
### 将 ed25519 密钥添加到已授权密钥中
|
### 将 ed25519 密钥添加到已授权密钥中
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'
|
cat .ssh/id_ed25519.pub | ssh b@B ’cat >> .ssh/authorized_keys‘
|
||||||
```
|
```
|
||||||
|
|
||||||
复制私钥内容,然后将其粘贴到 GitHub Secrets 中。
|
复制私钥内容,然后将其粘贴到 Github Secrets 中。
|
||||||
|
|
||||||
### 复制 RSA 私钥内容
|
### 复制 rsa 私钥内容
|
||||||
|
|
||||||
在复制私钥之前,按照以下步骤安装 `clip` 命令:
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Ubuntu
|
clip < ~/.ssh/id_rsa
|
||||||
sudo apt-get install xclip
|
|
||||||
```
|
```
|
||||||
|
|
||||||
复制私钥:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# macOS
|
|
||||||
pbcopy < ~/.ssh/id_rsa
|
|
||||||
# Ubuntu
|
|
||||||
xclip < ~/.ssh/id_rsa
|
|
||||||
```
|
|
||||||
|
|
||||||
从包含注释部分 `-----BEGIN OPENSSH PRIVATE KEY-----` 开始,到包含注释部分 `-----END OPENSSH PRIVATE KEY-----` 结束,复制私钥并将其粘贴到 GitHub Secrets 中。
|
|
||||||
|
|
||||||
### 复制 ed25519 私钥内容
|
### 复制 ed25519 私钥内容
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# macOS
|
clip < ~/.ssh/id_ed25519
|
||||||
pbcopy < ~/.ssh/id_ed25519
|
|
||||||
# Ubuntu
|
|
||||||
xclip < ~/.ssh/id_ed25519
|
|
||||||
```
|
```
|
||||||
|
|
||||||
有关无需密码登录 SSH 的详细信息,请[见该网站](http://www.linuxproblem.org/art_9.html)。
|
有关无需密码登录 SSH 的详细信息,请[见该网站](http://www.linuxproblem.org/art_9.html)。
|
||||||
|
|
||||||
**注意**:根据您的 SSH 版本,您可能还需要进行以下更改:
|
**来自读者的注意事项**: 根据您的 SSH 版本,您可能还需要进行以下更改:
|
||||||
|
|
||||||
- 将公钥放在 `.ssh/authorized_keys2` 中
|
- 将公钥放在 `.ssh/authorized_keys2` 中
|
||||||
- 将 `.ssh` 的权限更改为 700
|
- 将 `.ssh` 的权限更改为 700
|
||||||
@ -165,19 +146,19 @@ xclip < ~/.ssh/id_ed25519
|
|||||||
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
|
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
|
||||||
```
|
```
|
||||||
|
|
||||||
请确保您所选择的密钥算法得到支持。在 Ubuntu 20.04 或更高版本上,您必须明确允许使用 ssh-rsa 算法。请在 OpenSSH 守护进程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一个附加文件):
|
请确保您所选择的密钥算法得到支持。在 Ubuntu 20.04 或更高版本上,您必须明确允许使用 SSH-RSA 算法。请在 OpenSSH 守护进程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一个附加文件):
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
CASignatureAlgorithms +ssh-rsa
|
CASignatureAlgorithms +ssh-rsa
|
||||||
```
|
```
|
||||||
|
|
||||||
或者,`ed25519` 密钥在 OpenSSH 中默认被接受。如果需要,您可以使用它来替代 RSA:
|
或者,`Ed25519` 密钥在 OpenSSH 中默认被接受。如果需要,您可以使用它来替代 RSA。
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“
|
||||||
```
|
```
|
||||||
|
|
||||||
### 示例
|
### Example
|
||||||
|
|
||||||
#### 使用密码执行远程 SSH 命令
|
#### 使用密码执行远程 SSH 命令
|
||||||
|
|
||||||
@ -222,7 +203,23 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
|||||||
|
|
||||||

|

|
||||||
|
|
||||||
#### 从文件执行命令
|
#### 多台主机
|
||||||
|
|
||||||
|
```diff
|
||||||
|
- name: multiple host
|
||||||
|
uses: appleboy/ssh-action@v1.2.1
|
||||||
|
with:
|
||||||
|
- host: ”foo.com“
|
||||||
|
+ host: ”foo.com,bar.com“
|
||||||
|
username: ${{ secrets.USERNAME }}
|
||||||
|
key: ${{ secrets.KEY }}
|
||||||
|
port: ${{ secrets.PORT }}
|
||||||
|
script: |
|
||||||
|
whoami
|
||||||
|
ls -al
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Commands from a file
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- name: file commands
|
- name: file commands
|
||||||
@ -235,32 +232,14 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
|||||||
script_path: scripts/script.sh
|
script_path: scripts/script.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 多台主机
|
|
||||||
|
|
||||||
```diff
|
|
||||||
- name: multiple host
|
|
||||||
uses: appleboy/ssh-action@v1.2.1
|
|
||||||
with:
|
|
||||||
- host: "foo.com"
|
|
||||||
+ host: "foo.com,bar.com"
|
|
||||||
username: ${{ secrets.USERNAME }}
|
|
||||||
key: ${{ secrets.KEY }}
|
|
||||||
port: ${{ secrets.PORT }}
|
|
||||||
script: |
|
|
||||||
whoami
|
|
||||||
ls -al
|
|
||||||
```
|
|
||||||
|
|
||||||
默认的 `port` 值是 `22`。
|
|
||||||
|
|
||||||
#### 多个不同端口的主机
|
#### 多个不同端口的主机
|
||||||
|
|
||||||
```diff
|
```diff
|
||||||
- name: multiple host
|
- name: multiple host
|
||||||
uses: appleboy/ssh-action@v1.2.1
|
uses: appleboy/ssh-action@v1.2.1
|
||||||
with:
|
with:
|
||||||
- host: "foo.com"
|
- host: ”foo.com“
|
||||||
+ host: "foo.com:1234,bar.com:5678"
|
+ host: ”foo.com:1234,bar.com:5678“
|
||||||
username: ${{ secrets.USERNAME }}
|
username: ${{ secrets.USERNAME }}
|
||||||
key: ${{ secrets.KEY }}
|
key: ${{ secrets.KEY }}
|
||||||
script: |
|
script: |
|
||||||
@ -274,7 +253,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
|||||||
- name: multiple host
|
- name: multiple host
|
||||||
uses: appleboy/ssh-action@v1.2.1
|
uses: appleboy/ssh-action@v1.2.1
|
||||||
with:
|
with:
|
||||||
host: "foo.com,bar.com"
|
host: ”foo.com,bar.com“
|
||||||
+ sync: true
|
+ sync: true
|
||||||
username: ${{ secrets.USERNAME }}
|
username: ${{ secrets.USERNAME }}
|
||||||
key: ${{ secrets.KEY }}
|
key: ${{ secrets.KEY }}
|
||||||
@ -284,14 +263,14 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
|||||||
ls -al
|
ls -al
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 将环境变量传递到 shell 脚本
|
#### 将环境变量传递到 Shell 脚本
|
||||||
|
|
||||||
```diff
|
```diff
|
||||||
- name: pass environment
|
- name: pass environment
|
||||||
uses: appleboy/ssh-action@v1.2.1
|
uses: appleboy/ssh-action@v1.2.1
|
||||||
+ env:
|
+ env:
|
||||||
+ FOO: "BAR"
|
+ FOO: ”BAR“
|
||||||
+ BAR: "FOO"
|
+ BAR: ”FOO“
|
||||||
+ SHA: ${{ github.sha }}
|
+ SHA: ${{ github.sha }}
|
||||||
with:
|
with:
|
||||||
host: ${{ secrets.HOST }}
|
host: ${{ secrets.HOST }}
|
||||||
@ -300,9 +279,9 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
|||||||
port: ${{ secrets.PORT }}
|
port: ${{ secrets.PORT }}
|
||||||
+ envs: FOO,BAR,SHA
|
+ envs: FOO,BAR,SHA
|
||||||
script: |
|
script: |
|
||||||
echo "I am $FOO"
|
echo ”I am $FOO“
|
||||||
echo "I am $BAR"
|
echo ”I am $BAR“
|
||||||
echo "sha: $SHA"
|
echo ”sha: $SHA“
|
||||||
```
|
```
|
||||||
|
|
||||||
_在 `env` 对象中,您需要将每个环境变量作为字符串传递,传递 `Integer` 数据类型或任何其他类型可能会产生意外结果。_
|
_在 `env` 对象中,您需要将每个环境变量作为字符串传递,传递 `Integer` 数据类型或任何其他类型可能会产生意外结果。_
|
||||||
@ -310,9 +289,9 @@ _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传
|
|||||||
#### 如何使用 `ProxyCommand` 连接远程服务器?
|
#### 如何使用 `ProxyCommand` 连接远程服务器?
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
+--------+ +----------+ +-----------+
|
+———+ +-———+ +————+
|
||||||
| Laptop | <--> | Jumphost | <--> | FooServer |
|
| Laptop | <—> | Jumphost | <—> | FooServer |
|
||||||
+--------+ +----------+ +-----------+
|
+———+ +-———+ +————+
|
||||||
```
|
```
|
||||||
|
|
||||||
在您的 `~/.ssh/config` 文件中,您会看到以下内容。
|
在您的 `~/.ssh/config` 文件中,您会看到以下内容。
|
||||||
@ -350,9 +329,9 @@ Host FooServer
|
|||||||
ls -al
|
ls -al
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 保护私钥
|
#### 如何保护私钥?
|
||||||
|
|
||||||
密码短语通常用于加密私钥。这使得密钥文件本身对攻击者无用。文件泄露可能来自备份或停用的硬件,黑客通常可以从受攻击系统中泄露文件。
|
密码短语通常用于加密私钥。这使得攻击者无法单独使用密钥文件。文件泄露可能来自备份或停用的硬件,黑客通常可以从受攻击系统中泄露文件。因此,保护私钥非常重要。
|
||||||
|
|
||||||
```diff
|
```diff
|
||||||
- name: ssh key passphrase
|
- name: ssh key passphrase
|
||||||
@ -372,10 +351,10 @@ Host FooServer
|
|||||||
|
|
||||||
设置 SSH 主机指纹验证可以帮助防止中间人攻击。在设置之前,运行以下命令以获取 SSH 主机指纹。请记得将 `ed25519` 替换为您适当的密钥类型(`rsa`、 `dsa`等),而 `example.com` 则替换为您的主机。
|
设置 SSH 主机指纹验证可以帮助防止中间人攻击。在设置之前,运行以下命令以获取 SSH 主机指纹。请记得将 `ed25519` 替换为您适当的密钥类型(`rsa`、 `dsa`等),而 `example.com` 则替换为您的主机。
|
||||||
|
|
||||||
在现代 OpenSSH 版本中,默认提取的密钥类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。
|
现代 OpenSSH 版本中,需要提取的**默认密钥**类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2
|
ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ‘ -f2
|
||||||
```
|
```
|
||||||
|
|
||||||
现在您可以调整您的配置:
|
现在您可以调整您的配置:
|
||||||
@ -400,4 +379,4 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' '
|
|||||||
|
|
||||||
## 授权方式
|
## 授权方式
|
||||||
|
|
||||||
本项目中的脚本和文档采用 [MIT 许可证](LICENSE) 发布。
|
本项目中的脚本和文档采用 [MIT](LICENSE) 许可证 发布。
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
# 🚀 GitHub Actions 的 SSH
|
# 🚀 GitHub Actions 的 SSH
|
||||||
|
|
||||||
[English](./README.md) | 繁體中文 | [简体中文](./README.zh-cn.md)
|
[English](./README.md) | [简体中文](./README.zh-cn.md)
|
||||||
|
|
||||||
[GitHub Action](https://github.com/features/actions) 用於執行遠端 SSH 命令。
|
[GitHub Action](https://github.com/features/actions) 用於執行遠端 SSH 命令。
|
||||||
|
|
||||||
@ -68,7 +68,7 @@ jobs:
|
|||||||
uses: appleboy/ssh-action@v1.2.1
|
uses: appleboy/ssh-action@v1.2.1
|
||||||
with:
|
with:
|
||||||
host: ${{ secrets.HOST }}
|
host: ${{ secrets.HOST }}
|
||||||
username: linuxserver.io
|
username: ${{ secrets.USERNAME }}
|
||||||
password: ${{ secrets.PASSWORD }}
|
password: ${{ secrets.PASSWORD }}
|
||||||
port: ${{ secrets.PORT }}
|
port: ${{ secrets.PORT }}
|
||||||
script: whoami
|
script: whoami
|
||||||
@ -80,7 +80,7 @@ jobs:
|
|||||||
======CMD======
|
======CMD======
|
||||||
whoami
|
whoami
|
||||||
======END======
|
======END======
|
||||||
linuxserver.io
|
out: ***
|
||||||
===============================================
|
===============================================
|
||||||
✅ Successfully executed commands to all hosts.
|
✅ Successfully executed commands to all hosts.
|
||||||
===============================================
|
===============================================
|
||||||
@ -120,36 +120,19 @@ cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'
|
|||||||
|
|
||||||
### 複製 rsa 私鑰內容
|
### 複製 rsa 私鑰內容
|
||||||
|
|
||||||
在複製私鑰之前,請按照以下說明安裝 `clip` 命令:
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Ubuntu
|
clip < ~/.ssh/id_rsa
|
||||||
sudo apt-get install xclip
|
|
||||||
```
|
```
|
||||||
|
|
||||||
複製私鑰:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# macOS
|
|
||||||
pbcopy < ~/.ssh/id_rsa
|
|
||||||
# Ubuntu
|
|
||||||
xclip < ~/.ssh/id_rsa
|
|
||||||
```
|
|
||||||
|
|
||||||
從包含註釋部分 `-----BEGIN OPENSSH PRIVATE KEY-----` 開始,到包含註釋部分 `-----END OPENSSH PRIVATE KEY-----` 結束,複製私鑰並將其粘貼到 GitHub Secrets 中。
|
|
||||||
|
|
||||||
### 複製 ed25519 私鑰內容
|
### 複製 ed25519 私鑰內容
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# macOS
|
clip < ~/.ssh/id_ed25519
|
||||||
pbcopy < ~/.ssh/id_ed25519
|
|
||||||
# Ubuntu
|
|
||||||
xclip < ~/.ssh/id_ed25519
|
|
||||||
```
|
```
|
||||||
|
|
||||||
有關無需密碼登錄 SSH 的詳細信息,請[參見該網站](http://www.linuxproblem.org/art_9.html)。
|
有關無需密碼登錄 SSH 的詳細信息,請[參見該網站](http://www.linuxproblem.org/art_9.html)。
|
||||||
|
|
||||||
**注意**:根據您的 SSH 版本,您可能還需要進行以下更改:
|
**來自讀者的注意事項**: 根據您的 SSH 版本,您可能還需要進行以下更改:
|
||||||
|
|
||||||
- 將公鑰放在 `.ssh/authorized_keys2` 中
|
- 將公鑰放在 `.ssh/authorized_keys2` 中
|
||||||
- 將 `.ssh` 的權限更改為 700
|
- 將 `.ssh` 的權限更改為 700
|
||||||
@ -220,7 +203,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
|||||||
|
|
||||||

|

|
||||||
|
|
||||||
#### 從文件中執行命令
|
#### Commands from a file
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- name: file commands
|
- name: file commands
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user