• Stars
    star
    3,247
  • Rank 13,824 (Top 0.3 %)
  • Language
    Dockerfile
  • License
    MIT License
  • Created over 5 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

GitHub Actions for executing remote ssh commands.

🚀 SSH for GitHub Actions

繁體中文

GitHub Action for executing remote ssh commands.

ssh workflow

Actions Status

Important: Only support Linux docker container.

This thing is built using Golang and drone-ssh. 🚀

Input variables

See action.yml for more detailed information.

Input Parameter Description Default Value
host SSH host address
port SSH port number 22
passphrase SSH key passphrase
username SSH username
password SSH password
sync Enable synchronous execution if multiple hosts false
use_insecure_cipher Include more ciphers with use_insecure_cipher false
cipher Allowed cipher algorithms. If unspecified, a sensible default
timeout Timeout duration for SSH to host 30s
command_timeout Timeout duration for SSH command 10m
key Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa
key_path Path of SSH private key
fingerprint SHA256 fingerprint of the host public key
proxy_host SSH proxy host
proxy_port SSH proxy port 22
proxy_username SSH proxy username
proxy_password SSH proxy password
proxy_passphrase SSH proxy key passphrase
proxy_timeout Timeout for SSH to proxy host 30s
proxy_key Content of SSH proxy private key
proxy_key_path Path of SSH proxy private key
proxy_fingerprint SHA256 fingerprint of the proxy host public key
proxy_cipher Allowed cipher algorithms for the proxy
proxy_use_insecure_cipher Include more ciphers with use_insecure_cipher for the proxy false
script Execute commands
script_stop Stop script after first failure false
envs Pass environment variables to shell script
envs_format Flexible configuration of environment value transfer
debug Enable debug mode false
allenvs Pass all environment variables to shell script false

Usage

Executing remote ssh commands.

name: remote ssh command
on: [push]
jobs:

  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
    - name: executing remote ssh commands using password
      uses: appleboy/[email protected]
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        password: ${{ secrets.PASSWORD }}
        port: ${{ secrets.PORT }}
        script: whoami

output:

======CMD======
whoami
======END======
out: ***
==============================================
✅ Successfully executed commands to all host.
==============================================

Setting up a SSH Key

Make sure to follow the below steps while creating SSH Keys and using them. The best practice is create the SSH Keys on local machine not remote machine. Login with username specified in Github Secrets. Generate a RSA Key-Pair:

Generate rsa key

ssh-keygen -t rsa -b 4096 -C "[email protected]"

Generate ed25519 key

ssh-keygen -t ed25519 -a 200 -C "[email protected]"

Add newly generated key into Authorized keys. Read more about authorized keys here.

Add rsa key into Authorized keys

cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'

Add ed25519 key into Authorized keys

cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'

Copy Private Key content and paste in Github Secrets.

Copy rsa Private key

clip < ~/.ssh/id_rsa

Copy ed25519 Private key

clip < ~/.ssh/id_ed25519

See the detail information about SSH login without password.

A note from one of our readers: Depending on your version of SSH you might also have to do the following changes:

  • Put the public key in .ssh/authorized_keys2
  • Change the permissions of .ssh to 700
  • Change the permissions of .ssh/authorized_keys2 to 640

If you are using OpenSSH

If you are currently using OpenSSH and are getting the following error:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]

Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either /etc/ssh/sshd_config or a drop-in file under /etc/ssh/sshd_config.d/):

CASignatureAlgorithms +ssh-rsa

Alternatively, ed25519 keys are accepted by default in OpenSSH. You could use this instead of rsa if needed:

ssh-keygen -t ed25519 -a 200 -C "[email protected]"

Example

Executing remote ssh commands using password

- name: executing remote ssh commands using password
  uses: appleboy/[email protected]
  with:
    host: ${{ secrets.HOST }}
    username: ${{ secrets.USERNAME }}
    password: ${{ secrets.PASSWORD }}
    port: ${{ secrets.PORT }}
    script: whoami

Using private key

- name: executing remote ssh commands using ssh key
  uses: appleboy/[email protected]
  with:
    host: ${{ secrets.HOST }}
    username: ${{ secrets.USERNAME }}
    key: ${{ secrets.KEY }}
    port: ${{ secrets.PORT }}
    script: whoami

Multiple Commands

- name: multiple command
  uses: appleboy/[email protected]
  with:
    host: ${{ secrets.HOST }}
    username: ${{ secrets.USERNAME }}
    key: ${{ secrets.KEY }}
    port: ${{ secrets.PORT }}
    script: |
      whoami
      ls -al

result

Multiple Hosts

  - name: multiple host
    uses: appleboy/[email protected]
    with:
-     host: "foo.com"
+     host: "foo.com,bar.com"
      username: ${{ secrets.USERNAME }}
      key: ${{ secrets.KEY }}
      port: ${{ secrets.PORT }}
      script: |
        whoami
        ls -al

Multiple hosts with different port

  - name: multiple host
    uses: appleboy/[email protected]
    with:
-     host: "foo.com"
+     host: "foo.com:1234,bar.com:5678"
      username: ${{ secrets.USERNAME }}
      key: ${{ secrets.KEY }}
      script: |
        whoami
        ls -al

Synchronous execution on multiple hosts

  - name: multiple host
    uses: appleboy/[email protected]
    with:
      host: "foo.com,bar.com"
+     sync: true
      username: ${{ secrets.USERNAME }}
      key: ${{ secrets.KEY }}
      port: ${{ secrets.PORT }}
      script: |
        whoami
        ls -al

Pass environment variable to shell script

  - name: pass environment
    uses: appleboy/[email protected]
+   env:
+     FOO: "BAR"
+     BAR: "FOO"
+     SHA: ${{ github.sha }}
    with:
      host: ${{ secrets.HOST }}
      username: ${{ secrets.USERNAME }}
      key: ${{ secrets.KEY }}
      port: ${{ secrets.PORT }}
+     envs: FOO,BAR,SHA
      script: |
        echo "I am $FOO"
        echo "I am $BAR"
        echo "sha: $SHA"

Inside env object, you need to pass every environment variable as a string, passing Integer data type or any other may output unexpected results.

Stop script after first failure

ex: missing abc folder

  - name: stop script if command error
    uses: appleboy/[email protected]
    with:
      host: ${{ secrets.HOST }}
      username: ${{ secrets.USERNAME }}
      key: ${{ secrets.KEY }}
      port: ${{ secrets.PORT }}
+     script_stop: true
      script: |
        mkdir abc/def
        ls -al

output:

======CMD======
mkdir abc/def
ls -al

======END======
2019/11/21 01:16:21 Process exited with status 1
err: mkdir: cannot create directory ‘abc/def’: No such file or directory
##[error]Docker run failed with exit code 1

How to connect remote server using ProxyCommand?

+--------+       +----------+      +-----------+
| Laptop | <-->  | Jumphost | <--> | FooServer |
+--------+       +----------+      +-----------+

in your ~/.ssh/config, you will see the following.

Host Jumphost
  HostName Jumphost
  User ubuntu
  Port 22
  IdentityFile ~/.ssh/keys/jump_host.pem

Host FooServer
  HostName FooServer
  User ubuntu
  Port 22
  ProxyCommand ssh -q -W %h:%p Jumphost

How to convert to YAML format of GitHubActions

  - name: ssh proxy command
    uses: appleboy/[email protected]
    with:
      host: ${{ secrets.HOST }}
      username: ${{ secrets.USERNAME }}
      key: ${{ secrets.KEY }}
      port: ${{ secrets.PORT }}
+     proxy_host: ${{ secrets.PROXY_HOST }}
+     proxy_username: ${{ secrets.PROXY_USERNAME }}
+     proxy_key: ${{ secrets.PROXY_KEY }}
+     proxy_port: ${{ secrets.PROXY_PORT }}
      script: |
        mkdir abc/def
        ls -al

Protecting a Private Key

The purpose of the passphrase is usually to encrypt the private key. This makes the key file by itself useless to an attacker. It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems.

  - name: ssh key passphrase
    uses: appleboy/[email protected]
    with:
      host: ${{ secrets.HOST }}
      username: ${{ secrets.USERNAME }}
      key: ${{ secrets.KEY }}
      port: ${{ secrets.PORT }}
+     passphrase: ${{ secrets.PASSPHRASE }}
      script: |
        whoami
        ls -al

Using host fingerprint verification

Setting up SSH host fingerprint verification can help to prevent Person-in-the-Middle attacks. Before setting this up, run the command below to get your SSH host fingerprint. Remember to replace ed25519 with your appropriate key type (rsa, dsa, etc.) that your server is using and example.com with your host.

In modern OpenSSH releases, the default key types to be fetched are rsa (since version 5.1), ecdsa (since version 6.0), and ed25519 (since version 6.7).

ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2

Now you can adjust you config:

  - name: ssh key passphrase
    uses: appleboy/[email protected]
    with:
      host: ${{ secrets.HOST }}
      username: ${{ secrets.USERNAME }}
      key: ${{ secrets.KEY }}
      port: ${{ secrets.PORT }}
+     fingerprint: ${{ secrets.FINGERPRINT }}
      script: |
        whoami
        ls -al

Contributing

We would love for you to contribute to appleboy/ssh-action, pull requests are welcome!

License

The scripts and documentation in this project are released under the MIT License

More Repositories

1

gorush

A push notification server written in Go (Golang).
Go
7,213
star
2

gin-jwt

JWT Middleware for Gin framework
Go
2,545
star
3

scp-action

GitHub Action that copy files and artifacts via SSH.
Shell
824
star
4

telegram-action

GitHub Action that sends a Telegram message.
Dockerfile
660
star
5

react-recaptcha

A react.js reCAPTCHA for Google
JavaScript
633
star
6

CodeGPT

A CLI written in Go language that writes git commit messages or do a code review brief for you using ChatGPT AI (gpt-4, gpt-3.5-turbo model) and automatically installs a git prepare-commit-msg hook.
Go
521
star
7

gofight

Testing API Handler written in Golang.
Go
437
star
8

lambda-action

GitHub Action for Deploying Lambda code to an existing function
Go
315
star
9

easyssh-proxy

easyssh-proxy provides a simple implementation of some SSH protocol features in Go
Go
287
star
10

drone-ssh

Drone plugin for executing remote ssh commands
Go
222
star
11

go-fcm

Firebase Cloud Messaging Library for Golang
Go
212
star
12

gulp-compass

Compass plugin for gulp
JavaScript
174
star
13

golang-graphql-benchmark

benchmark of golang GraphQL framework.
Go
127
star
14

drone-scp

Copy files and artifacts via SSH using a binary, docker or Drone CI.
Go
117
star
15

CodeIgniter-reCAPTCHA

reCAPTCHA library for CodeIgniter
PHP
106
star
16

drone-on-kubernetes

Examples of how to run Drone on Kubernetes (AWS && GKE)
Shell
101
star
17

flutter-gorush

flutter demo app with gorush (push notification server)
Dart
95
star
18

docker-backup-database

Docker image to periodically backup your database (MySQL, Postgres, or MongoDB) to S3 or local disk.
Go
93
star
19

drone-telegram

Drone plugin for sending Telegram notifications
Go
89
star
20

jenkins-action

GitHub Action that trigger Jenkins job.
Dockerfile
83
star
21

CodeIgniter-Native-Session

codeigniter native session
PHP
82
star
22

nginx-image-resizer

Docker Container of real time image resizing and caching
Shell
81
star
23

html5-template-engine

html5 template engine with CoffeeScript, Compass, RequireJS.
CoffeeScript
80
star
24

drone-line

Sending line notifications using a binary, docker or Drone CI.
Go
79
star
25

discord-action

GitHub Action that sends a Discord message.
Dockerfile
76
star
26

npm-vs-yarn

npm vs yarn install speed testing.
Dockerfile
70
star
27

gin-lambda

running golang using gin framework in AWS Lambda & API Gateway
Go
65
star
28

drone-git-push

Drone plugin for deploying code using git push
Go
62
star
29

gitlab-ci-action

GitHub Action that trigger gitlab CI build.
Dockerfile
61
star
30

facebook-action

GitHub Action that sends a Facebook message.
Dockerfile
61
star
31

CodeIgniter-Log-Library

Store php error or exception logs into database.
PHP
60
star
32

macbook

Some tips and command for my MacOS.
59
star
33

CodeIgniter-Nexmo-Message

Class Nexmo Message handles the methods and properties of sending an SMS message.
PHP
48
star
34

graceful

graceful shutdown package when a service is turned off by software function
Go
48
star
35

drone-terraform-in-aws

drone infrastructure in AWS
HCL
47
star
36

Shell-Script

Shell Script on FreeBSD or Ubuntu
Shell
37
star
37

PHP-Git-Deploy

Git Deployment with PHP
PHP
36
star
38

drone-jenkins

Drone plugin for trigger Jenkins jobs.
Go
36
star
39

drone-discord

Drone plugin for sending message to Discord channel using Webhook
Go
35
star
40

CodeIgniter-App

Integrate RESTfull API, Base Model, Ion Auth module and template module
PHP
35
star
41

dotfiles

Bootstrap for your terminal on Linux or FreeBSD
Shell
33
star
42

golang-testing

Docker image includes golang coverage tools for testing.
Roff
29
star
43

codeigniter-docker

Like Laravel Homestead but for Docker with CodeIgniter Framework.
Shell
28
star
44

gh-pages-action

A GitHub Action to deploy a static site on GitHub Pages.
Shell
28
star
45

drone-lambda

Deploying Lambda code with drone CI to an existing function
Go
25
star
46

loadbalancer-algorithms

Load balancer Algorithms
Go
24
star
47

gin-status-api

Golang cpu, memory, gc, etc information api handler written in Go (Golang) for gin framework
Go
23
star
48

docker-multi-stage-build

Multi-Stage Docker Builds for Creating Tiny Go Images
Makefile
23
star
49

linkit-smart-7688-golang

Build static binary using golang for MT7688.
22
star
50

CodeIgniter-Google-URL-Shortener-API

CodeIgniter Google URL Shortener API
PHP
22
star
51

CodeIgniter-Template

A Lightweight Codeigniter Template Libray
PHP
21
star
52

codeigniter-facebook-php-sdk-v4

Intergrate facebook php sdk v4 with CodeIgniter Framewrok.
PHP
20
star
53

docker-ecr-action

Publish Docker Images to the Amazon Elastic Container Registry (ECR)
Dockerfile
19
star
54

flutter-docker

Unit testing for flutter in Docker
Dockerfile
19
star
55

com

This is an open source project for commonly used functions for the Go programming language.
Go
18
star
56

drone-gitlab-ci

Drone plugin for trigger gitlab-ci jobs.
Go
18
star
57

CodeIgniter-Gearman-Library

Gearman library for CodeIgniter PHP Framework
PHP
18
star
58

go-kkbox

KKBOX Open API SDK for Golang.
Go
17
star
59

jquery-migrate

shim repo for jQuery Migrate package
16
star
60

go-storage

storage interface for local disk or AWS S3 (or Minio) platform
Go
15
star
61

minify-tool

minify all html, css, js and optimize image files for web project.
Shell
15
star
62

drone-facebook

Drone plugin for sending Facebook notifications
Go
15
star
63

ansible-drone

Ansible role to configure drone (server and agent)
Jsonnet
15
star
64

server-configs

Linux Server Config
Nginx
14
star
65

drone-packer

drone plugin for build Automated Machine Images
Go
14
star
66

database-backup-action

GitHub Actions for periodically backup your database (MySQL, Postgres, or MongoDB) to S3 or local disk.
Roff
14
star
67

PHP-CodeIgniter-Framework-Taiwan

CodeIgniter 是一套小巧但功能强大的 PHP 框架,做為一個簡單而“優雅”的工具包,它是一套專為 PHP 開發者建立功能完善的 Web 應用程序。如果你是一個使用虛擬主機,並且為客戶所要求的期限而煩惱的開發人員,如果你已經厭倦那些難而且效率不高的框架
JavaScript
14
star
68

drone-sftp-cache

Drone plugin for caching artifacts to a central server using sftp
Go
13
star
69

jquery.slideShow

This simple slideshow plugin will provide your effect gallery
JavaScript
10
star
70

js-video-player

Integrate Dailymotion, Vimeo, Youtube API.
JavaScript
10
star
71

jquery-twzipcode

在網頁建立多組 3 碼台灣郵遞區號表單元素的 jQuery Plugin ─ 讀取快速、不需使用資料庫。
JavaScript
10
star
72

slush-html5-template

html5 template engine generator (RequireJS/CoffeeScript/Compass/jQuery/Mocha) for Slush.
CSS
10
star
73

go-spgateway

智付通金流串接
Go
9
star
74

drone-on-docker-compose

Drone running on docker-compose
9
star
75

php-i18n

PHP i18n Library
PHP
9
star
76

CodeIgniter-i18n

i18n library for CodeIgniter 2.1.x
PHP
8
star
77

go-jwt-server

JWT Token Server written in Go (Golang)
Go
8
star
78

git-hooks

Parse PHP error on php files and detect "console syntax" on javascript or coffee files before commit.
Shell
8
star
79

go-hello

hello world for go lang
Makefile
8
star
80

Codeigniter-Base-Model

CodeIgniter base CRUD model to remove repetition and increase productivity
PHP
7
star
81

livescript-gulp

A tiny wrapper around Gulp to run your gulpfile.ls.
JavaScript
7
star
82

appleboy.github.com

My Home Page
HTML
7
star
83

CodeIgniter-TextMagic-API

CodeIgniter Library for TextMagic API
PHP
7
star
84

backbone-template-engine

Backbone template engine with CoffeeScript, Compass, RequireJS.
ApacheConf
7
star
85

blog

My Chinese Blog
PHP
6
star
86

codegpt-action

GitHub Action for generating code review brief using ChatGPT AI (gpt-4, gpt-3.5-turbo model)
Shell
6
star
87

go-myallocator

Golang SDK for OTA's to easily integrate with the MyAllocator OTA BuildToUs API
Go
6
star
88

CodeIgniter-Plurk-API

A Plurk API Module for CodeIgniter
PHP
6
star
89

line-action

GitHub Action that sends a Line message.
Dockerfile
5
star
90

appleboy

5
star
91

go-mailer

send email package
Go
5
star
92

android-docker

Android Docker image
Shell
5
star
93

gin-revision-middleware

Revision middleware for Gin framework written in Go (Golang).
Go
5
star
94

sails-auth-ldap-example

Example SailsJS application with ldap authentication.
JavaScript
5
star
95

drone-minio

Drone plugin to upload or remove filesystems and object storage.
Go
5
star
96

detect

Golang library to detect the device platform given an user agent.
Go
4
star
97

laravel-elixir-cssfmt

Laravel Elixir CSSfmt Extension
JavaScript
4
star
98

golang-cli-example

CLI Example for Golang
Go
4
star
99

cacheman-promise

cacheman library with a promise interface
JavaScript
4
star
100

CodeIgniter-MY-Model

CodeIgniter base CRUD model
PHP
4
star