docs: add new section: Setting up a SSH Key
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
This commit is contained in:
parent
2ce642f289
commit
7f8a7c1019
105
README.md
105
README.md
|
@ -66,6 +66,111 @@ SSH Proxy Setting:
|
|||
* proxy_fingerprint - fingerprint SHA256 of the host public key, default is to skip verification
|
||||
* proxy_use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#15](https://github.com/appleboy/scp-action/issues/15))
|
||||
|
||||
### Setting up a SSH Key
|
||||
|
||||
Make sure to follow the below steps while creating SSH Keys and using them.
|
||||
The best practice is create the SSH Keys on local machine not remote machine.
|
||||
Login with username specified in Github Secrets. Generate a RSA Key-Pair:
|
||||
|
||||
<details>
|
||||
<summary>rsa</summary>
|
||||
<p>
|
||||
|
||||
```bash
|
||||
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
|
||||
```
|
||||
|
||||
</p>
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>ed25519</summary>
|
||||
<p>
|
||||
|
||||
```bash
|
||||
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
||||
```
|
||||
|
||||
</p>
|
||||
</details>
|
||||
|
||||
Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/).
|
||||
|
||||
<details>
|
||||
<summary>rsa</summary>
|
||||
<p>
|
||||
|
||||
```bash
|
||||
cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
|
||||
```
|
||||
|
||||
</p>
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>ed25519</summary>
|
||||
<p>
|
||||
|
||||
```bash
|
||||
cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'
|
||||
```
|
||||
|
||||
</p>
|
||||
</details>
|
||||
|
||||
Copy Private Key content and paste in Github Secrets.
|
||||
|
||||
<details>
|
||||
<summary>rsa</summary>
|
||||
<p>
|
||||
|
||||
```bash
|
||||
clip < ~/.ssh/id_rsa
|
||||
```
|
||||
|
||||
</p>
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>ed25519</summary>
|
||||
<p>
|
||||
|
||||
```bash
|
||||
clip < ~/.ssh/id_ed25519
|
||||
```
|
||||
|
||||
</p>
|
||||
</details>
|
||||
|
||||
See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html).
|
||||
|
||||
**A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes:
|
||||
|
||||
* Put the public key in `.ssh/authorized_keys2`
|
||||
* Change the permissions of `.ssh` to 700
|
||||
* Change the permissions of `.ssh/authorized_keys2` to 640
|
||||
|
||||
### If you are using OpenSSH
|
||||
|
||||
If you are currently using OpenSSH and are getting the following error:
|
||||
|
||||
```bash
|
||||
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
|
||||
```
|
||||
|
||||
Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under
|
||||
`/etc/ssh/sshd_config.d/`):
|
||||
|
||||
```bash
|
||||
CASignatureAlgorithms +ssh-rsa
|
||||
```
|
||||
|
||||
Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed:
|
||||
|
||||
```bash
|
||||
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
|
||||
```
|
||||
|
||||
### Example
|
||||
|
||||
Copy file via a SSH password:
|
||||
|
|
Loading…
Reference in New Issue