Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix known_hosts not working (#14) #19

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix known_hosts not working (#14) #19

wants to merge 1 commit into from
+2 −2

Conversation

simtrami
Copy link

Use absolute path for git config options

Replace ~ with /github/home when used for a file path in the options of a git configuration. For some reason, git does not resolve it and ignores the errors (probably just defaults too) as the files do not exist.
Passing it ~/.ssh/id_rsa was not an issue though as it already is the default private key file ssh uses.

Tested and approved

I temporarily published it to the actions marketplace in order to try it with my non-working workflow and it fixed it.

@simtrami
Use absolute path for git config options
1beed1a 
Replace `~` with `/github/home` when used for a file path in the options of a git configuration. For some reason, git does not resolve it and ignores the errors (probably just defaults) when the files do not exist.
Passing it `~/.ssh/id_rsa` was not an issue though as it is the default SSH PK file.
@simtrami simtrami mentioned this pull request Aug 21, 2021
Open
@simtrami
Copy link
Author

BEFORE MERGING

You might want to put the resolution of ~ in a variable and concatenate it instead of hard coding /github/home as I did: Github could change the home path and therefore break the script anytime.

@ldeluigi
Copy link

@spyoungtech

@DanielKotik DanielKotik mentioned this pull request Dec 28, 2022
Merged
marcvanandel added a commit to kadaster-labs/secured-sparql-endpoint-subgraph that referenced this pull request Dec 11, 2023
@marcvanandel
disable check known_hosts
421d28a 
Bug reported and PR to resolve:
yesolutions/mirror-action#19
@marcvanandel
Copy link

Probably the .github/workflows/main.yml should be updated to check whether this feature is actually operational by replacing:

        GIT_SSH_NO_VERIFY_HOST: "true"

with:

        GIT_SSH_KNOWN_HOSTS: ${{ secrets.GIT_SSH_KNOWN_HOSTS }}

elementalvoid
elementalvoid reviewed Dec 22, 2023
View reviewed changes
entrypoint.sh
@@ -45,15 +45,15 @@ if [[ "${GIT_SSH_PRIVATE_KEY}" != "" ]]; then
chmod 600 ~/.ssh/id_rsa
if [[ "${GIT_SSH_KNOWN_HOSTS}" != "" ]]; then
echo "${GIT_SSH_KNOWN_HOSTS}" > ~/.ssh/known_hosts
git config --global core.sshCommand "ssh -i ~/.ssh/id_rsa -o IdentitiesOnly=yes -o UserKnownHostsFile=~/.ssh/known_hosts"
git config --global core.sshCommand "ssh -i /github/home/.ssh/id_rsa -o IdentitiesOnly=yes -o UserKnownHostsFile=/github/home/.ssh/known_hosts"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👋 New user of the action here and running into this issue.

To simplify things, I would suggest not setting the -i and -o UserKnownHostsFile arguments at all. The action is already writing the key and known_hosts to the default locations, so the default settings should be sufficient.

Suggested change
git config --global core.sshCommand "ssh -i /github/home/.ssh/id_rsa -o IdentitiesOnly=yes -o UserKnownHostsFile=/github/home/.ssh/known_hosts"
git config --global core.sshCommand "ssh -o IdentitiesOnly=yes"

Of course, to ignore host fingerprints, you will still set StrictHostKeyChecking below:

        git config --global core.sshCommand "ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no"

In both cases, you should be able to drop the -i and -o UserKnownHostsFile.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update: In addition, you don't need the -o IdentitiesOnly=yes option either. So, you'd only need to define core.sshCommand in the case where you want to ignore fingerprints.

@Malix-Labs
Copy link

Any update ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elementalvoid elementalvoid elementalvoid left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@simtrami @ldeluigi @marcvanandel @Malix-Labs @elementalvoid