docs: add passphrase example

This commit is contained in:
Bo-Yi Wu 2019-12-30 19:54:28 +08:00
parent e5c07fceef
commit 73767290ca
1 changed files with 18 additions and 0 deletions

View File

@ -49,6 +49,7 @@ See [action.yml](./action.yml) for more detailed information.
* port - remote port, default is `22`
* username - ssh username
* password - ssh password
* passphrase - the passphrase is usually to encrypt the private key
* timeout - timeout for ssh to remote host, default is `30s`
* command_timeout - timeout for ssh command, default is `10m`
* key - content of ssh private key. ex raw content of ~/.ssh/id_rsa
@ -64,6 +65,7 @@ SSH Proxy Setting:
* proxy_port - proxy port, default is `22`
* proxy_username - proxy username
* proxy_password - proxy password
* proxy_passphrase - the passphrase is usually to encrypt the private key
* proxy_timeout - timeout for ssh to proxy host, default is `30s`
* proxy_key - content of ssh proxy private key.
* proxy_key_path - path of ssh proxy private key
@ -219,3 +221,19 @@ How to convert to YAML format of GitHubActions.
mkdir abc/def
ls -al
```
Protecting a Private Key. The purpose of the passphrase is usually to encrypt the private key. This makes the key file by itself useless to an attacker. It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems.
```diff
- name: ssh key passphrase
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ passphrase: ${{ secrets.PASSPHRASE }}
script: |
whoami
ls -al
```