Skip to content

Commit 7376729

Browse files
committed
docs: add passphrase example
1 parent e5c07fc commit 7376729

File tree

1 file changed

+18
-0
lines changed

1 file changed

+18
-0
lines changed

README.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@ See [action.yml](./action.yml) for more detailed information.
4949
* port - remote port, default is `22`
5050
* username - ssh username
5151
* password - ssh password
52+
* passphrase - the passphrase is usually to encrypt the private key
5253
* timeout - timeout for ssh to remote host, default is `30s`
5354
* command_timeout - timeout for ssh command, default is `10m`
5455
* key - content of ssh private key. ex raw content of ~/.ssh/id_rsa
@@ -64,6 +65,7 @@ SSH Proxy Setting:
6465
* proxy_port - proxy port, default is `22`
6566
* proxy_username - proxy username
6667
* proxy_password - proxy password
68+
* proxy_passphrase - the passphrase is usually to encrypt the private key
6769
* proxy_timeout - timeout for ssh to proxy host, default is `30s`
6870
* proxy_key - content of ssh proxy private key.
6971
* proxy_key_path - path of ssh proxy private key
@@ -219,3 +221,19 @@ How to convert to YAML format of GitHubActions.
219221
mkdir abc/def
220222
ls -al
221223
```
224+
225+
Protecting a Private Key. The purpose of the passphrase is usually to encrypt the private key. This makes the key file by itself useless to an attacker. It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems.
226+
227+
```diff
228+
- name: ssh key passphrase
229+
uses: appleboy/ssh-action@master
230+
with:
231+
host: ${{ secrets.HOST }}
232+
username: ${{ secrets.USERNAME }}
233+
key: ${{ secrets.KEY }}
234+
port: ${{ secrets.PORT }}
235+
+ passphrase: ${{ secrets.PASSPHRASE }}
236+
script: |
237+
whoami
238+
ls -al
239+
```

0 commit comments

Comments
 (0)