{"id":24537430,"url":"https://github.com/apter-tech/ssh-agent","last_synced_at":"2026-05-18T18:40:49.886Z","repository":{"id":270733339,"uuid":"911235562","full_name":"apter-tech/ssh-agent","owner":"apter-tech","description":"GitHub Action to setup `ssh-agent` with a private key and host verification","archived":false,"fork":false,"pushed_at":"2025-02-28T22:18:12.000Z","size":30,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-01T00:32:23.274Z","etag":null,"topics":["action","github-actions","known-hosts","ssh","ssh-agent","ssh-private-key","workflow"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apter-tech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-02T14:50:48.000Z","updated_at":"2025-01-03T14:38:36.000Z","dependencies_parsed_at":"2025-02-28T23:24:37.525Z","dependency_job_id":"47b1d84b-b406-40b5-9386-c161395b845a","html_url":"https://github.com/apter-tech/ssh-agent","commit_stats":null,"previous_names":["apter-tech/ssh-agent"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apter-tech%2Fssh-agent","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apter-tech%2Fssh-agent/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apter-tech%2Fssh-agent/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apter-tech%2Fssh-agent/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apter-tech","download_url":"https://codeload.github.com/apter-tech/ssh-agent/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243811072,"owners_count":20351649,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["action","github-actions","known-hosts","ssh","ssh-agent","ssh-private-key","workflow"],"created_at":"2025-01-22T14:12:39.399Z","updated_at":"2026-05-18T18:40:49.805Z","avatar_url":"https://github.com/apter-tech.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# apter-tech/ssh-agent\n\nAn advanced extension of [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) that not only manages SSH private key loading but also handles SSH host verification by setting up and cleaning `known_hosts`. This action simplifies secure communication in your workflows by automating host key management with enhanced security checks.\n\n---\n\n## Features\n\n- **SSH Agent Integration**: Extends `webfactory/ssh-agent` to load SSH private keys seamlessly.\n- **Host Verification**:\n  - Automatically fetches SSH host keys using `ssh-keyscan`.\n  - Supports predefined `known_hosts` entries.\n  - Warns about potential security risks for unverified keys.\n- **Key Type Filtering**: Optionally specify the types of keys to fetch (`ecdsa`, `ed25519`, etc.).\n- **Post-Job Cleanup**: Automatically removes added host entries after the job completes.\n\n---\n\n## Usage\n\nHere’s how to integrate the `apter-tech/ssh-agent` action into your GitHub workflows:\n\n### Basic Example\n\n```yaml\nname: Example Workflow\non: [push, pull_request]\n\njobs:\n  example:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout repository\n        uses: actions/checkout@v4\n      - name: Setup SSH Agent and Host Verification\n        uses: apter-tech/ssh-agent@v1\n        with:\n          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}\n          ssh-host: github.com\n          ssh-key-type: ed25519\n```\n\n## Inputs\n\n### New Inputs\n\n| Name            \t| Description                                                                                             \t| Required \t| Default   \t|\n|-------------------|-----------------------------------------------------------------------------------------------------------|-----------|---------------|\n| ssh-host        \t| Hostname to fetch SSH keys from using `ssh-keyscan`.                                                    \t| No       \t|           \t|\n| ssh-key-type    \t| Specify the type of key to fetch. Possible values: `ecdsa`, `ed25519`, `ecdsa-sk`, `ed25519-sk`, `rsa`. \t| No       \t| All types \t|\n| ssh-known-hosts \t| Predefined `known_hosts` entries. If provided, skips `ssh-keyscan`.                                     \t| No       \t|           \t|\n\n### Inherited Inputs from `webfactory/ssh-agent`\n\n| Name               | Description                                     | Required | Default |\n|--------------------|-------------------------------------------------|----------|---------|\n| `ssh-private-key`  | Private SSH key to register in the SSH agent.   | Yes      |         |\n| `ssh-auth-sock`    | Location of the SSH agent auth socket.          | No       |         |\n| `log-public-key`   | Log public key fingerprints.                    | No       | true    |\n| `ssh-agent-cmd`    | Command to start the SSH agent.                 | No       |         |\n| `ssh-add-cmd`      | Command to add the SSH key to the agent.        | No       |         |\n| `git-cmd`          | Command to use for Git operations.              | No       |         |\n\n## Security Considerations\n\n### Host Key Verification\n- **Recommended:** Always verify host keys manually before using `ssh-keyscan`.\n- **Warnings:** The action emits warnings if unverified host keys are used, as they pose a risk of man-in-the-middle attacks.\n\n## How It Works\n\n**1. Main Workflow:**\n\n- Loads the SSH private key using `webfactory/ssh-agent`.\n- Configures `known_hosts`:\n  - Uses predefined entries if `ssh-known-hosts` is set.\n  - Fetches host keys using `ssh-keyscan` if `ssh-host` is provided.\n\n**2.\tPost-Job Cleanup:**\n\n- Removes the last added entry from known_hosts to keep the environment clean.\n\n## Example with Predefined Known Hosts\n\n```yaml\n- name: Setup SSH Agent with Predefined Known Hosts\n  uses: apter-tech/ssh-agent@v1\n  with:\n    ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}\n    ssh-known-hosts: |\n      github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGh4DoiJkCQJklXG3zjGhheklNSklai38skjdjz89\n```\n\n## Development\n\n### Scripts Overview\n- `action.sh`: Main script for handling SSH host setup.\n- `post_action.sh`: Cleanup script to remove temporary host entries.\n\n## Contributing\n\nContributions are welcome! Please open issues or submit pull requests to improve the functionality or documentation.\n\n## License\n\nThis project is licensed under the MIT License. See [LICENSE](LICENSE) for details.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapter-tech%2Fssh-agent","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapter-tech%2Fssh-agent","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapter-tech%2Fssh-agent/lists"}