Skip to content

What to know about SSH PEM file in Github Action Workflow? #24698

What to know about SSH PEM file in Github Action Workflow? #24698
Oct 1, 2021 · 5 answers

Hi All,

echo "${{ secrets.SSH_KEY }}" | tr -d '\r' > key.pem
         chmod 400 key.pem
 ssh -i key.pem  -o "StrictHostKeyChecking no" root@server.com <<'ENDSSH'
         pwd
         ls
     ENDSSH

One of my friend has send me above commands.

Actually i want to add azure vm in github action yaml file to execute docker container in that vm above command work for me but i want to know what above command actually do from where he got any website or links please let me know

See the tr manual page. In short, that command deletes all \r (carriage return) characters from the input. Those are likely present if the key file was created on Windows.

Replies

5 suggested answers
MohdRashid01:

ssh -i key.pem -o "StrictHostKeyChecking no" root@server.com

Let’s disassemble that SSH command.

The -i parameter sets an identity file. That means the key.pem file must hold a private key that will be used to authenticate to the server. This is good, just make sure to keep that key safe.

The -o parameter lets you set configuration options that’d usually go into the SSH configuration file on the command. The option StrictHostKeyChecking no is dangerous, though, and I strongly advise you to remove it. ⚠️ It disables checking if the server is actually the one you want to connect to. Instead you should add the public key of the server to your workflow (for example using another secret), and write it to ~/.ssh/known_hosts before connecting. That way SSH can properly check if you are connecting to the right server. See ssh(1) - OpenBSD manual pages for details about how SSH authentication works.

root@server.com means to log in as the root user to the server at server.com. Check if you really need root (administrator) access for what you are doing, and if not use a regular user.

The stuff between <<'ENDSSH' and ENDSSH are commands to run on the server.

0 replies

Ok but can u give me any link where i can find all this command so that i can also learn it

0 replies

Which command(s) do mean? The links in my post all go to the SSH documentation, if you want to know what an SSH command (or setting) does that’s the best place to go.

0 replies
MohdRashid01:

echo "${{ secrets.SSH_KEY }}" | tr -d '\r' > key.pem

what about above command please explain those also secret i can understand but what about tr -d \r

0 replies

See the tr manual page. In short, that command deletes all \r (carriage return) characters from the input. Those are likely present if the key file was created on Windows.

0 replies
Answer selected
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants