Skip to main content
← Back to workflows

How to Execute Commands over SSH with GitHub Actions?

appleboy/ssh-action -
GitHub Action
v1.0.3
4,686
Contributors
Contributor - appleboyContributor - akleandrovContributor - a-maccormack
Categories
CICUBE ANALYTICS INSIGHTS
Engineering Velocity: 25% Team Time Lost to CI Issues
View Platform →
3.5h
Time Saved/Dev/Week
40%
Faster Releases
Click for next insight
Usage
name: remote ssh command
on: [push]
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: executing remote ssh commands using password
uses: appleboy/ssh-[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
script: whoami

ssh action logo

SSH Remote Commands

SSH for GitHub Action


What is Remote SSH Commands?

The GitHub Remote Commands action supports those using a Linux operating system within a Docker container. It involves a few steps, such as accessing the main computer, providing a username and password, among others. There are also examples of how to accomplish this using SSH keys.

To delve a bit deeper, key parameters include the main computer address, port number, username, password, and SSH key. By using the action, we can log in with a specific username and password to execute commands at a specific address.

Additionally, besides logging in with SSH keys, it's essential to create a private key and copy it from where it was generated to another location. This is crucial for security purposes and should be done using GitHub Secrets.

Overall, this action provides GitHub Actions users with the flexibility to execute SSH commands on remote servers within their projects. It also offers guidance on securely creating and using SSH keys.

Tabii, işte her bir "How to" başlığı altındaki kodları yorumlayarak eklemiş olduğum geliştirilmiş açıklamalar:

How to execute remote ssh commands using password?

- name: executing remote ssh commands using password
uses: appleboy/ssh-[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
script: whoami

This action allows executing SSH commands on a remote server using password-based authentication. It's essential for scenarios where using SSH keys isn't feasible or preferred due to security reasons or system configurations.

How to use private key in GitHub Actions SSH?

- name: executing remote ssh commands using ssh key
uses: appleboy/ssh-[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: whoami

This action demonstrates executing SSH commands using a private key for authentication. Using SSH keys provides a more secure and convenient method compared to passwords, especially in automated workflows.

Multiple Commands

- name: multiple command
uses: appleboy/ssh-[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: |
whoami
ls -al

Demonstrates executing multiple commands sequentially on the remote server via SSH. This feature is useful for performing complex tasks or executing scripts on the target system.

How to use multiple hosts in GitHub Actions ssh?

  - name: multiple host
uses: appleboy/ssh-[email protected]
with:
- host: "foo.com"
+ host: "foo.com,bar.com"
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: |
whoami
ls -al

Shows how to execute commands on multiple hosts using SSH within GitHub Actions workflows. This capability is valuable for distributed systems or environments requiring management across various servers.

How to use multiple hosts with different port in GitHub Actions ssh?

  - name: multiple host
uses: appleboy/ssh-[email protected]
with:
- host: "foo.com"
+ host: "foo.com:1234,bar.com:5678"
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
script: |
whoami
ls -al

Illustrates executing commands on multiple hosts with different port numbers using SSH. This flexibility is crucial for scenarios where servers use non-standard SSH port configurations.

Synchronous execution on multiple hosts

  - name: multiple host
uses: appleboy/ssh-[email protected]
with:
host: "foo.com,bar.com"
+ sync: true
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: |
whoami
ls -al

Demonstrates executing commands synchronously on multiple hosts using SSH. Synchronous execution ensures that each command is completed before proceeding to the next, which can be crucial for certain tasks or dependencies.

Pass environment variable to shell script

  - name: pass environment
uses: appleboy/ssh-[email protected]
+ env:
+ FOO: "BAR"
+ BAR: "FOO"
+ SHA: ${{ github.sha }}
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ envs: FOO,BAR,SHA
script: |
echo "I am $FOO"
echo "I am $BAR"
echo "sha: $SHA"

Illustrates passing environment variables to a shell script executed via SSH. This feature enables customization and dynamic behavior within remote command executions, enhancing flexibility and automation capabilities.

How to connect remote server using ProxyCommand?

+--------+       +----------+      +-----------+
| Laptop | <--> | Jumphost | <--> | FooServer |
+--------+ +----------+ +-----------+

Explains how to connect to a remote server via an intermediate "Jump host" using ProxyCommand in SSH configurations. This setup is common in network architectures where direct access to target servers isn't allowed or practical.

How to convert to YAML format of GitHubActions

  - name: ssh proxy command
uses: appleboy/ssh-[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ proxy_host: ${{ secrets.PROXY_HOST }}
+ proxy_username: ${{ secrets.PROXY_USERNAME }}
+ proxy_key: ${{ secrets.PROXY_KEY }}
+ proxy_port: ${{ secrets.PROXY_PORT }}
script: |
mkdir abc/def
ls -al

Shows how to convert SSH configurations to YAML format for GitHub Actions, facilitating easier integration and maintenance of SSH-based workflows within GitHub Actions pipelines.

How to protect a Private Key in GitHub Actions SSH?

The purpose of the passphrase is usually to encrypt the private key. This makes the key file by itself useless to an attacker. It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems.

  - name: ssh key passphrase
uses: appleboy/ssh-[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ passphrase: ${{ secrets.PASSPHRASE }}
script: |
whoami
ls -al

Demonstrates protecting a private key with a passphrase when using SSH. Adding a passphrase enhances the security of SSH keys, especially in scenarios where the keys might be exposed or compromised.

How to use host fingerprint verification?

Configuring SSH host fingerprint verification is essential for enhancing security and preventing Person-in-the-Middle attacks. Before implementing this measure, you need to retrieve the SSH host fingerprint by running the following command. Ensure to substitute ed25519 with the appropriate key type used by your server and example.com with your server's hostname.

ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2

After obtaining the fingerprint, you can update your SSH configuration accordingly:

  - name: ssh key passphrase
uses: appleboy/ssh-[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ fingerprint: ${{ secrets.FINGERPRINT }}
script: |
whoami
ls -al

By including the SSH host fingerprint in your configuration, you ensure that connections are established securely, mitigating the risk of unauthorized access or tampering.