Search code examples
amazon-ec2sshgithub-actionscicd

ssh-keyscan fails on github-actions

I`m trying to automate deploys to ec2 instance instance with github actions, but ssh-keyscan seems to fail for no reason. On my local machine it works totally fine.

here is my workflow file:

name: Deploy

on:
  push:
    branches:
      - 'main'

env:
  SERVER_HOST: x.x.x.xx
  SERVER_USER: username
  SERVER_PATH: ~/folder-name/

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3

      - name: Install SSH Key
        uses: shimataro/[email protected]
        with:
          key: "${{ secrets.SSH_PRIVATE_KEY }}"
          known_hosts: "just-a-placeholder-so-we-dont-get-errors"

      - name: Generate auth hosts
        run: ssh-keyscan -H ${{ env.SERVER_HOST }} >> ~/.ssh/known_hosts

      # Deploy
      - run: rsync -rv --delete . ${{ env.SERVER_USER }}@${{ env.SERVER_HOST }}:${{ env.SERVER_PATH }}

Notes:

  • secrets.SSH_PRIVATE_KEY contains my private openssh key generated with ssh-keygen -t rsa -b 4096 -C "[email protected]" where [email protected] is the actual email of a github account where the workflow is triggered.
  • yes, I have added .pub key to ~/.ssh/authorized_keys on my server machine

here is the actual error

Solution

  • The problem was that I mistakenly added inbound rules only for ip addresses listed here.

    So the solution was to add inbound ssh rule for 0.0.0.0/0 and use private key created along with ec2 instance.