appleboy / Ssh Action
Licence: mit
GitHub Actions for executing remote ssh commands.
Stars: ✭ 1,095
Labels
Projects that are alternatives of or similar to Ssh Action
Sshoogr
A Groovy-based DSL for working with remote SSH servers.
Stars: ✭ 327 (-70.14%)
Mutual labels: ssh, ssh-client
Goph
🤘 The native golang ssh client to execute your commands over ssh connection. 🚀🚀
Stars: ✭ 734 (-32.97%)
Mutual labels: ssh, ssh-client
sshtools
Java SSH tools - easier SSH & SFTP in Java
Stars: ✭ 15 (-98.63%)
Mutual labels: ssh, ssh-client
Autossh
Password-free automatic login SSH(免密登陆SSH)
Stars: ✭ 294 (-73.15%)
Mutual labels: ssh, ssh-client
Hss
An interactive parallel ssh client featuring autocomplete and asynchronous execution.
Stars: ✭ 248 (-77.35%)
Mutual labels: ssh, ssh-client
Bastillion Ec2
A web-based SSH console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS).
Stars: ✭ 410 (-62.56%)
Mutual labels: ssh, ssh-client
Ssb
Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server
Stars: ✭ 832 (-24.02%)
Mutual labels: ssh, ssh-client
piping-ssh-web
SSH over HTTPS via Piping Server on Web browser
Stars: ✭ 60 (-94.52%)
Mutual labels: ssh, ssh-client
sshcon
Quick and simple SSH config management tool
Stars: ✭ 29 (-97.35%)
Mutual labels: ssh, ssh-client
ssh-rs
In addition to encryption library, pure RUST implementation of SSH-2.0 client protocol (除加密库之外 纯rust实现的 ssh-2.0 client 协议)
Stars: ✭ 18 (-98.36%)
Mutual labels: ssh, ssh-client
Autossh
No password ssh client for Mac/Linux, one key login remote server. 一个SSH远程客户端,可一键登录远程服务器,主要用来弥补Mac/Linux Terminal SSH无法保存密码的不足。
Stars: ✭ 273 (-75.07%)
Mutual labels: ssh, ssh-client
Bastillion
Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys.
Stars: ✭ 2,730 (+149.32%)
Mutual labels: ssh, ssh-client
Ssh Mitm
ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation
Stars: ✭ 335 (-69.41%)
Mutual labels: ssh, ssh-client
Kitty
💻 KiTTY, a free telnet/ssh client for Windows
Stars: ✭ 791 (-27.76%)
Mutual labels: ssh, ssh-client
🚀 SSH for GitHub Actions
GitHub Action for executing remote ssh commands.
Important: Only support Linux docker container.
Usage
Executing remote ssh commands.
name: remote ssh command
on: [push]
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: executing remote ssh commands using password
uses: appleboy/[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
script: whoami
output:
======CMD======
whoami
======END======
out: ***
==============================================
✅ Successfully executed commands to all host.
==============================================
Input variables
See action.yml for more detailed information.
- host - ssh host
- port - ssh port, default is
22 - username - ssh username
- password - ssh password
- passphrase - the passphrase is usually to encrypt the private key
- sync - synchronous execution if multiple hosts, default is false
- timeout - timeout for ssh to remote host, default is
30s - command_timeout - timeout for ssh command, default is
10m - key - content of ssh private key. ex raw content of ~/.ssh/id_rsa
- key_path - path of ssh private key
- fingerprint - fingerprint SHA256 of the host public key, default is to skip verification
- script - execute commands
- script_stop - stop script after first failure
- envs - pass environment variable to shell script
- debug - enable debug mode
- use_insecure_cipher - include more ciphers with use_insecure_cipher (see #56)
- cipher - the allowed cipher algorithms. If unspecified then a sensible
SSH Proxy Setting:
- proxy_host - proxy host
- proxy_port - proxy port, default is
22 - proxy_username - proxy username
- proxy_password - proxy password
- proxy_passphrase - the passphrase is usually to encrypt the private key
- proxy_timeout - timeout for ssh to proxy host, default is
30s - proxy_key - content of ssh proxy private key.
- proxy_key_path - path of ssh proxy private key
- proxy_fingerprint - fingerprint SHA256 of the proxy host public key, default is to skip verification
- proxy_use_insecure_cipher - include more ciphers with use_insecure_cipher (see #56)
- proxy_cipher - the allowed cipher algorithms. If unspecified then a sensible
Setting up SSH Key
Make sure to follow the below steps while creating SSH Keys and using them. The best practice is create the SSH Keys on local machine not remote machine. Login with username specified in Github Secrets. Generate a RSA Key-Pair:
ssh-keygen -t rsa -b 4096 -C "[email protected]"
Add newly generated key into Authorized keys. Read more about authorized keys here.
cat .ssh/id_rsa.pub | ssh [email protected] 'cat >> .ssh/authorized_keys'
Copy Private Key content and paste in Github Secrets.
clip < ~/.ssh/id_rsa
See the detail information about SSH login without password
Example
Executing remote ssh commands using password.
- name: executing remote ssh commands using password
uses: appleboy/[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
script: whoami
Using private key
- name: executing remote ssh commands using ssh key
uses: appleboy/[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: whoami
Multiple Commands
- name: multiple command
uses: appleboy/[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: |
whoami
ls -al
Multiple Hosts
- name: multiple host
uses: appleboy/[email protected]
with:
- host: "foo.com"
+ host: "foo.com,bar.com"
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: |
whoami
ls -al
Multiple hosts with different port
- name: multiple host
uses: appleboy/[email protected]
with:
- host: "foo.com"
+ host: "foo.com:1234,bar.com:5678"
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
script: |
whoami
ls -al
Synchronous execution on multiple hosts
- name: multiple host
uses: appleboy/[email protected]
with:
host: "foo.com,bar.com"
+ sync: true
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: |
whoami
ls -al
Pass environment variable to shell script
- name: pass environment
uses: appleboy/[email protected]
+ env:
+ FOO: "BAR"
+ BAR: "FOO"
+ SHA: ${{ github.sha }}
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ envs: FOO,BAR
script: |
echo "I am $FOO"
echo "I am $BAR"
echo "sha: $SHA"
Inside env object, you need to pass every environment variable as a string, passing Integer data type or any other may output unexpected results.
Stop script after first failure. ex: missing abc folder
- name: stop script if command error
uses: appleboy/[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ script_stop: true
script: |
mkdir abc/def
ls -al
output:
======CMD======
mkdir abc/def
ls -al
======END======
2019/11/21 01:16:21 Process exited with status 1
err: mkdir: cannot create directory ‘abc/def’: No such file or directory
##[error]Docker run failed with exit code 1
How to connect remote server using ProxyCommand?
+--------+ +----------+ +-----------+
| Laptop | <--> | Jumphost | <--> | FooServer |
+--------+ +----------+ +-----------+
in your ~/.ssh/config, you will see the following.
Host Jumphost
HostName Jumphost
User ubuntu
Port 22
IdentityFile ~/.ssh/keys/jump_host.pem
Host FooServer
HostName FooServer
User ubuntu
Port 22
ProxyCommand ssh -q -W %h:%p Jumphost
How to convert to YAML format of GitHubActions.
- name: ssh proxy command
uses: appleboy/[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ proxy_host: ${{ secrets.PROXY_HOST }}
+ proxy_username: ${{ secrets.PROXY_USERNAME }}
+ proxy_key: ${{ secrets.PROXY_KEY }}
+ proxy_port: ${{ secrets.PROXY_PORT }}
script: |
mkdir abc/def
ls -al
Protecting a Private Key. The purpose of the passphrase is usually to encrypt the private key. This makes the key file by itself useless to an attacker. It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems.
- name: ssh key passphrase
uses: appleboy/[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ passphrase: ${{ secrets.PASSPHRASE }}
script: |
whoami
ls -al
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].