{"id":18028061,"url":"https://github.com/d3rhase/ssh-command-action","last_synced_at":"2025-10-10T15:46:29.163Z","repository":{"id":41870247,"uuid":"457935948","full_name":"D3rHase/ssh-command-action","owner":"D3rHase","description":"Action to run commands on remote server via ssh","archived":false,"fork":false,"pushed_at":"2025-06-02T00:06:26.000Z","size":18,"stargazers_count":40,"open_issues_count":1,"forks_count":12,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-06T13:08:01.606Z","etag":null,"topics":["action","command","remote-control","remote-execution","ssh"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/D3rHase.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-10T20:25:38.000Z","updated_at":"2025-06-14T21:52:43.000Z","dependencies_parsed_at":"2023-12-23T16:18:32.733Z","dependency_job_id":"62becbff-771f-4d20-b5bf-0b71335e20e8","html_url":"https://github.com/D3rHase/ssh-command-action","commit_stats":{"total_commits":10,"total_committers":4,"mean_commits":2.5,"dds":"0.30000000000000004","last_synced_commit":"bd87381ab3e92b0ffae4677448209e7d312039bd"},"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/D3rHase/ssh-command-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3rHase%2Fssh-command-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3rHase%2Fssh-command-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3rHase%2Fssh-command-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3rHase%2Fssh-command-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/D3rHase","download_url":"https://codeload.github.com/D3rHase/ssh-command-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3rHase%2Fssh-command-action/sbom","scorecard":{"id":34971,"data":{"date":"2025-08-11","repo":{"name":"github.com/D3rHase/ssh-command-action","commit":"36e5d63b8db905eaca2128e5943597fcd7727786"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.3,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":1,"reason":"Found 2/11 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:b6a6be0ff92ab6db8acd94f5d1b7a6c2f0f5d10ce3c24af348d333ac6da80685","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 13 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-14T20:06:44.310Z","repository_id":41870247,"created_at":"2025-08-14T20:06:44.310Z","updated_at":"2025-08-14T20:06:44.310Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279004571,"owners_count":26083736,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["action","command","remote-control","remote-execution","ssh"],"created_at":"2024-10-30T08:14:09.408Z","updated_at":"2025-10-10T15:46:29.126Z","avatar_url":"https://github.com/D3rHase.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# What is this? / How to use?\n\n![License](https://img.shields.io/badge/license-MIT-blue.svg)\n![Latest Release](https://img.shields.io/github/v/release/D3rHase/ssh-command-action?style=flat-square)\n\nThis is a GitHub Action designed to run commands on a remote server using SSH. It allows you to securely execute commands on a remote server from your GitHub workflow, making it ideal for deployment, server management, and other remote tasks.\n\n## Table of Contents\n\n- [Features](#features)\n- [Usage](#usage)\n  - [Action Example](#action-example)\n  - [Parameters](#parameters)\n  - [Secrets Configuration](#secrets-configuration)\n  - [Adding an SSH Key to your Server](#adding-an-ssh-key-to-your-server)\n  - [Getting the Host Fingerprint](#getting-the-host-fingerprint)\n- [How to implement in your workflow Example](#how-to-implement-in-your-workflow)\n- [License](#license)\n\n## Features\n\n- **Secure**: Uses SSH with key-based authentication to securely execute commands on remote servers.\n- **Flexible**: Run any command supported by the shell on the remote server.\n- **Easy Integration**: Simple to include in your GitHub Actions workflow.\n\n## Usage\n\n### Action Example\n\nHere's an action example of how to use this `ssh-command-action`.\n\n#### Single Command Example:\n```yaml\n    - name: Run remote command via SSH\n      uses: D3rHase/ssh-command-action@latest\n      with:\n        host: ${{ secrets.HOST }}\n        port: ${{ secrets.PORT }}\n        user: ${{ secrets.USER }}\n        private_key: ${{ secrets.PRIVATE_KEY }}\n        host_fingerprint: ${{ secrets.HOST_FINGERPRINT }}\n        command: echo 'Hello, World!'\n```\n\n#### Multiline Command Example:\n\n```yaml\n    - name: Run multiple remote commands via SSH\n      uses: D3rHase/ssh-command-action@latest\n      with:\n        host: ${{ secrets.HOST }}\n        port: ${{ secrets.PORT }}\n        user: ${{ secrets.USER }}\n        private_key: ${{ secrets.PRIVATE_KEY }}\n        host_fingerprint: ${{ secrets.HOST_FINGERPRINT }}\n        command: |\n          cd /path/to/your/directory\n          git pull origin main\n          npm install\n          npm run build\n```\n\n### Parameters\n\nYou can use plain text instead of the secrets for these values directly in your action, but it is highly recommended to use GitHub Secrets for sensitive information to ensure privacy and security. See [Secrets Configuration](#secrets-configuration).\n\n- `host`: The remote server address (IP or domain) - **Required**.\n- `port`: The port to connect to on the remote server - *Default: 22*.\n- `user`: The username for SSH access - **Required**.\n- `private_key`: The private SSH key to authenticate with the remote server - **Required**.\n- `host_fingerprint`: The public SSH key fingerprint of the remote server for verification - **Optional**.\n- `command`: The command to execute on the remote server - **Required**.\n\n## Secrets Configuration\n\nTo keep your credentials secure, store sensitive information like `host`, `port`, `user`, and `private_key` as [GitHub Secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets). You can add these secrets in your repository's settings under `Secrets and variables` \u003e `Actions` \u003e `Repository secrets`.\n\n## Adding an SSH Key to Your Server\n\nTo use this action, you'll need to set up an SSH key on your server. Here's how to do it:\n\n1. **Generate an SSH Key Pair** on your local machine (if you don't have one already):\n\n    ```sh\n    ssh-keygen -t rsa -b 4096\n    ```\n\n    This command creates a new SSH key using the RSA algorithm with a 4096-bit key length.\n\n2. **Add the SSH Key to the Server**:\n\n    Copy the public key (`~/.ssh/id_rsa.pub`) to your server using the `ssh-copy-id` command:\n\n    ```sh\n    ssh-copy-id user@your-server-ip\n    ```\n\n    Replace `user` with your server's username and `your-server-ip` with the IP address of your server. This command adds your public key to the `~/.ssh/authorized_keys` file on the server.\n\n3. **Test the SSH Connection**:\n\n    Verify that you can connect to your server using the SSH key:\n\n    ```sh\n    ssh user@your-server-ip\n    ```\n\n4. **Store the SSH Key in GitHub Secrets**:\n\n    Go to your repository on GitHub, navigate to `Settings` in your repository \u003e `Secrets and variables` \u003e `Actions`, and add a new repository secret named `PRIVATE_KEY`. Paste the contents of your private key (`~/.ssh/id_rsa`) into this secret.\n\n    **Note**: Ensure your private key remains confidential. Do not share it publicly.\n\n## Getting the Host Fingerprint\n\nTo ensure you're connecting to the correct server and to prevent man-in-the-middle attacks, you can verify the server's host fingerprint. Here's how to obtain it:\n\n1. **Connect to your server** using SSH from your local machine:\n\n    ```sh\n    ssh user@your-server-ip\n    ```\n\n2. **Get the SSH host key fingerprint**:\n\n    After connecting, run the following command on your server:\n\n    ```sh\n    ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub\n    ```\n\n    Replace `/etc/ssh/ssh_host_rsa_key.pub` with the path to your server's SSH public key file if it's different.\n\n3. **Copy the fingerprint** displayed by the command. It should look something like this:\n\n    ```\n    2048 SHA256:ABC123def456ghi789... (RSA)\n    ```\n\n4. **Store the Host Fingerprint in GitHub Secrets**:\n\n    Go to your repository on GitHub, navigate to `Settings` in your repository \u003e `Secrets and variables` \u003e `Actions`, and add a new repository secret named `HOST_FINGERPRINT`. Paste the fingerprint into this secret.\n\n## How to implement in your workflow\n\nThis is an example of how you could use it in your GitHub workflow YAML file.\n\n```yaml\nname: Example workflow file\n\non:\n  push:\n    branches:\n      - main\n\njobs:\n  remote-command:\n    runs-on: ubuntu-latest\n\n    steps:\n    - name: Checkout code\n      uses: actions/checkout@v2\n\n    - name: Run remote command via SSH\n      uses: D3rHase/ssh-command-action@latest\n      with:\n        host: ${{ secrets.HOST }}\n        port: ${{ secrets.PORT }}\n        user: ${{ secrets.USER }}\n        private_key: ${{ secrets.PRIVATE_KEY }}\n        host_fingerprint: ${{ secrets.HOST_FINGERPRINT }}\n        command: echo 'Hello, World!'\n\n    - name: Notify Command Success\n      run: echo \"Command executed on ${{ secrets.HOST }} successfully!\"\n```\n\n## License\n\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE) file for more details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd3rhase%2Fssh-command-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fd3rhase%2Fssh-command-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd3rhase%2Fssh-command-action/lists"}