Skip to content

Fix known_hosts not working (#14)#19

Open
simtrami wants to merge 1 commit intoyesolutions:masterfrom
simtrami:fix_known_hosts
Open

Fix known_hosts not working (#14)#19
simtrami wants to merge 1 commit intoyesolutions:masterfrom
simtrami:fix_known_hosts

Conversation

@simtrami
Copy link

@simtrami simtrami commented Aug 21, 2021

Use absolute path for git config options

Replace ~ with /github/home when used for a file path in the options of a git configuration. For some reason, git does not resolve it and ignores the errors (probably just defaults too) as the files do not exist.
Passing it ~/.ssh/id_rsa was not an issue though as it already is the default private key file ssh uses.

Tested and approved

I temporarily published it to the actions marketplace in order to try it with my non-working workflow and it fixed it.

@simtrami
Use absolute path for git config options
1beed1a 
Replace `~` with `/github/home` when used for a file path in the options of a git configuration. For some reason, git does not resolve it and ignores the errors (probably just defaults) when the files do not exist.
Passing it `~/.ssh/id_rsa` was not an issue though as it is the default SSH PK file.
@simtrami simtrami mentioned this pull request Aug 21, 2021
Open
@simtrami
Copy link
Author

simtrami commented Aug 21, 2021

BEFORE MERGING

You might want to put the resolution of ~ in a variable and concatenate it instead of hard coding /github/home as I did: Github could change the home path and therefore break the script anytime.

@ldeluigi
Copy link

ldeluigi commented Feb 10, 2022

@spyoungtech

@DanielKotik DanielKotik mentioned this pull request Dec 28, 2022
Merged
marcvanandel added a commit to kadaster-labs/secured-sparql-endpoint-subgraph that referenced this pull request Dec 11, 2023
@marcvanandel
disable check known_hosts
421d28a 
Bug reported and PR to resolve:
yesolutions/mirror-action#19
@marcvanandel
Copy link

marcvanandel commented Dec 11, 2023

Probably the .github/workflows/main.yml should be updated to check whether this feature is actually operational by replacing:

        GIT_SSH_NO_VERIFY_HOST: "true"

with:

        GIT_SSH_KNOWN_HOSTS: ${{ secrets.GIT_SSH_KNOWN_HOSTS }}

elementalvoid
elementalvoid reviewed Dec 22, 2023
View reviewed changes
entrypoint.sh
if [[ "${GIT_SSH_KNOWN_HOSTS}" != "" ]]; then
echo "${GIT_SSH_KNOWN_HOSTS}" > ~/.ssh/known_hosts
git config --global core.sshCommand "ssh -i ~/.ssh/id_rsa -o IdentitiesOnly=yes -o UserKnownHostsFile=~/.ssh/known_hosts"
git config --global core.sshCommand "ssh -i /github/home/.ssh/id_rsa -o IdentitiesOnly=yes -o UserKnownHostsFile=/github/home/.ssh/known_hosts"
Copy link

@elementalvoid elementalvoid Dec 22, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👋 New user of the action here and running into this issue.

To simplify things, I would suggest not setting the -i and -o UserKnownHostsFile arguments at all. The action is already writing the key and known_hosts to the default locations, so the default settings should be sufficient.

Suggested change
git config --global core.sshCommand "ssh -i /github/home/.ssh/id_rsa -o IdentitiesOnly=yes -o UserKnownHostsFile=/github/home/.ssh/known_hosts"
git config --global core.sshCommand "ssh -o IdentitiesOnly=yes"

Of course, to ignore host fingerprints, you will still set StrictHostKeyChecking below:

        git config --global core.sshCommand "ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no"

In both cases, you should be able to drop the -i and -o UserKnownHostsFile.

Copy link

@elementalvoid elementalvoid Dec 22, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update: In addition, you don't need the -o IdentitiesOnly=yes option either. So, you'd only need to define core.sshCommand in the case where you want to ignore fingerprints.

@Malix-Labs
Copy link

Malix-Labs commented Aug 10, 2024

Any update ?

cynicsketch added a commit to cynicsketch/mirror-action that referenced this pull request Oct 26, 2025
@cynicsketch
Fix known hosts per yesolutions#19
b1e3c96
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@elementalvoid elementalvoid elementalvoid left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@simtrami @ldeluigi @marcvanandel @Malix-Labs @elementalvoid