Problem:
You need to push some artifacts from a Github Actions runner into a folder in a server where you only have SSH enabled.
Create a new user
This is a basic safety measure. It limits the directories the SSH/SCP connection can access.
In this case we will create a user called dummy
bash
sudo adduser dummy
# follow the commands Do not add it to the sudo group.
Test the new user account:
bash
su dummy
# try the new password
cd Generate an SSH keypair
bash
ssh-keygen
# change the defaults if necessary but keep it without a keyphraseYou’ll end up with two new files in ~/.ssh:
id_{algorithm}: private keyid_{algorithm}.pub: public key
For now add the public key to the authorized_keys file
bash
cat id_{algorithm}.pub >> authorized_keysGithub actions
You can now add them to your repository secrets.
Horizontal navigation bar: “Settings”
Left Navigation bar: “Security” -> “Secrete and variables” -> “Actions”
“Secrets” -> “Repository secrets” -> “New Repository Secret”
Fill:
- Name:
SSH_PRIVATE_KEY - Secret: The content of
id_{algorithm}obtained from before.bash
cd ~/.ssh cat id_{algorithm}
- Name:
“Add Secret”
In your YAML recipe:
yaml
- name: load priv key
run: |
mkdir $HOME/.ssh/
touch $HOME/.ssh/known_hosts
ssh-keyscan -H "{ip_address_of_your_server}" > $HOME/.ssh/known_hosts
echo "${{ secrets.SSH_PRIVATE_KEY }}" > $HOME/.ssh/id_{algorithm}
chmod 400 $HOME/.ssh/id_{algorithm}
- name: do work
run: rm -rf /
- name: upload to vps
run: scp -i $HOME/.ssh/id_{algorithm} -r {artifact} dummy@${ ip_address_of_your_server }:{destination_path}Remenber to change id_{algorithm} and {ip_address_of_your_server}