Comments (8)
kiweezi
commented on May 24, 2024
1
Is it safe to leave private ssh keys on github cloud runners?
According to this document, it seems to be safe because decommissioned automatically.
When the job has finished, the VM is automatically decommissioned.
I think we need to remove not only SSH keys but also all source codes if VM is reused by someone 🤔
Thanks for the response!
That is for GitHub's own runners. I agree that it's likely safe to leave the key on them.
In my org's case, we use hosted runners. removing the ssh key would be beneficial to us as we use these VMs for lots of different kinds of workflows. It's also a risk leaving all our keys on one VM!
from ssh-key-action.
shimataro
commented on May 24, 2024
1
@kiweezi
Thanks for your supplementary comments!
Unfortunately, ssh-key-action cannot remove keys by itself after workflow finishes.
You might want to append below lines to step in your YAML file.
- name: remove SSH keys
run: rm -rf ~/.ssh
if: ${{ always() }}from ssh-key-action.
shimataro
commented on May 24, 2024
1
Is it not possible for this feature to be added to the action?
Probably not.
From what I read the document, it seems that there are no way to cleanup after action is done.
Pleas let me know if you find a good way!
Or maybe your example should be added to the readme?
It's a good idea! I will add to "Q&A" section later. thanks!
from ssh-key-action.
shimataro
commented on May 24, 2024
1
Hi,
I found a good way and released new version.
Please try using!
from ssh-key-action.
DavraYoung
commented on May 24, 2024
I am also interested in this question. Is it safe to leave private ssh keys on github cloud runners?
from ssh-key-action.
kiweezi
commented on May 24, 2024
Likewise!
from ssh-key-action.
shimataro
commented on May 24, 2024
Is it safe to leave private ssh keys on github cloud runners?
According to this document, it seems to be safe because decommissioned automatically.
When the job has finished, the VM is automatically decommissioned.
I think we need to remove not only SSH keys but also all source codes if VM is reused by someone 🤔
from ssh-key-action.
kiweezi
commented on May 24, 2024
@shimataro
Thanks for your prompt response!
We've been using something similar to your suggestion for a while now, so thanks for sharing!
Is it not possible for this feature to be added to the action?
Or maybe your example should be added to the readme?
That way people with hosted runners will be more likely to use this action :).
Either way, appreciate your response and discussion on it!
from ssh-key-action.
Related Issues (20)
- Feature Request: Allow multiple keys to be setup for a single remote host HOT 1
- Permission denied (publickey) for git clone HOT 1
- Error loading key "/home/runner/.ssh/deploy_key": invalid format while format is RSA HOT 1
- python2 error HOT 2
- Update Node.js warning HOT 6
- Node 12 is deprecated HOT 2
- Make known_hosts optional HOT 2
- Deleting .ssh directory on self hosted runner is terrible HOT 5
- Remove only specific ssh key after execution HOT 6
- Rsync fails Permission denied (publickey) HOT 2
- Github SSH key has not been updated HOT 1
- Feature Request: strip cr/lf endings from ssh key HOT 1
- panic: ssh tcp to server: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
- Cannot connect to SSH via Github action HOT 4
- Error on run `ssh-keyscan` HOT 1
- Syntax for known_hosts HOT 1
- Node.js 16 actions are deprecated HOT 1
- ssh-key-action step failing with GLIBC not found error HOT 2
- Host key verification failed. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ssh-key-action.