-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect GitHub SSH keys (or missing new ones) #2039
Comments
This may be an issue with https://github.com/oxsecurity/megalinter - I've opened the issue above to help dive in. I'm leaving this open in case someone wants to confirm. |
So I've been running megalinter manually since opening this - no issues with them. That said, I can access GitHub via SSH My best guess is this all lies in the fact that the Docker container purposely only pulls the |
Since you are the first one reporting this kind of issue and didn't gain any thumbs up, we have a sightly different opinion how important your problem is. I will merge your PR now. act allows to use custom images and extending it with cached known hosts is only a two line dockerfile, so I'm kinda surprised this would be a blocking issue for you. |
Thanks @ChristopherHX - honestly I'm not confident this is even my issue. I've just hit a wall with the tool as to how I can debug it further with the given images. It's certainly a two-line Dockerfile... followed by a plethora of entrypoint logic, so unfortunately it's not that trivial. |
Thought i'd give the issue its first thumbs up since i just tried to use act for the first time and i have been banging my head against a wall with my action for an entire day, found this tool to try to alleviate some of the time consuming process of testing the action, only to be faced with something ELSE to fix first. I agree that this is trivial but when you have been working all day with a headache like me, something like this cropping up just when you think you've found a tool that might help you, sad times 😭 |
Hah - I appreciate the affirmation. I mentioned in the original discussion, this is an issue that will become more prevelant as users start using the new standard GitHub switched to - thumbs up isn't always a great way to determine importance. It's not often people create new keys, but this is an issue that will certainly become more common as people rotate keys and new users come on board, and it completely blocks use of the tool. All it takes is one new member joining a team at a company and the tool is incompatible with GitHub for them. Unfortunately for me, our Chief Architect raised their eyebrows at the response - we've had to strip |
I have also a loss of confidence, because PR reviews take too long in nektos/act. Still wondering why act was hyped, it was even worse in compatibility at the time I found it so I decided to build my own tool to use actions/runner locally instead of act. The only reason I contributed to act is, it works flawless on non standard OS/arch. In that context is compatibility with GitHub Hosted Runners less important. |
BTW this was my own opinion
If you look at actions/runner#2009 you can even loose confidence in GitHub Actions, not even a single response within a year. That's how it works in GitHub. |
Using webfactory/ssh-agent solved the issue for me. |
With act version 0.2.57, the run stops and hangs in the step of validating GitHub SSH Host keys:
Getting a shell in the container that runs the Action, showcases that there is not known hosts setup for Github: System
User
Also testing GitHub SSH connection also stops and asks for host key acceptance:
I use What our Action does is that is adds SSH private keys of Github repos with |
I have updated Node.js to 20.x in our Github Action container and still the known hosts are not setup properly by # Setup GitHub known hosts
- name: GitHub SSH known hosts
shell: bash
run: mkdir -p ~/.ssh && ssh-keyscan github.com > ~/.ssh/known_hosts UPDATE: It does not work when run by Github instead of Act locally:
I am starting to get the feeling there are major issues in general between Act, Github runners and Actions integration. The inconsistencies are too many to ignore. UPDATE #2: It works in Github runner if you add the host keys to system file instead of user known_hosts: # Setup GitHub known hosts
- name: GitHub SSH known hosts
shell: bash
run: |
ssh-keyscan github.com > /etc/ssh/ssh_known_hosts || exit 1
exit 0 |
Issue is stale and will be closed in 14 days unless there is new activity |
Bug report info
Command used with act
Describe issue
Most of my problem information is at #2035
But generally, I'm getting this error when running
act
locally:I used Docker to enter the machine and check the available keys:
When I entered, I noticed there was no user SSH key, so I checked the global one:
Sure enough, the known hosts are missing a number of GitHub's more secure SSH key fingerprints, as published here:
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
It should look like this:
My system is configured to use ED25519, which is significantly more secure and becoming the standard encryption for keys moving forward for most systems. Not including the ED25519 key in the SSH keys for the container is going to cause more and more people to have issues.
I'm hoping this can be hotfixed, because I'm completely blocked until this can be fixed.
Link to GitHub repository
No response
Workflow content
N/A
Relevant log output
Additional information
No response
The text was updated successfully, but these errors were encountered: