chore: update

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

.github/FUNDING.yml

@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: ssh-action
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: ['https://www.paypal.me/appleboy46']

.github/main.workflow

@@ -1,45 +0,0 @@
-workflow "Remote ssh commands" {
-  on = "push"
-  resolves = [
-    "Executing remote ssh commands",
-    "Support Private Key",
-    "Multiple Commands",
-  ]
-}
-
-action "Executing remote ssh commands" {
-  uses = "appleboy/ssh-action@master"
-  secrets = [
-    "HOST",
-    "PASSWORD",
-  ]
-  args = [
-    "--user", "actions",
-    "--script", "whoami",
-  ]
-}
-
-action "Support Private Key" {
-  uses = "appleboy/ssh-action@master"
-  secrets = [
-    "HOST",
-    "KEY",
-  ]
-  args = [
-    "--user", "actions",
-    "--script", "'ls -al'",
-  ]
-}
-
-action "Multiple Commands" {
-  uses = "appleboy/ssh-action@master"
-  secrets = [
-    "HOST",
-    "KEY",
-  ]
-  args = [
-    "--user", "actions",
-    "--script", "'whoami'",
-    "--script", "'ls -al'",
-  ]
-}

.github/workflows/ci.yml

@@ -0,0 +1,151 @@
+name: remote ssh command
+on: [push]
+
+env:
+  FOO: "BAR"
+  BAR: "FOO"
+
+jobs:
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout
+      uses: actions/checkout@v1
+
+    - name: executing remote ssh commands using password
+      uses: ./
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        password: ${{ secrets.PASSWORD }}
+        port: ${{ secrets.PORT }}
+        script: whoami
+
+    - name: executing remote ssh commands using ssh key
+      uses: ./
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.KEY }}
+        port: ${{ secrets.PORT }}
+        script: whoami
+
+    - name: multiple command
+      uses: ./
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.KEY }}
+        port: ${{ secrets.PORT }}
+        script: |
+          whoami
+          ls -al
+
+    # - name: stop script if command error
+    #   if: always()
+    #   uses: ./
+    #   with:
+    #     host: ${{ secrets.HOST }}
+    #     username: ${{ secrets.USERNAME }}
+    #     key: ${{ secrets.KEY }}
+    #     port: ${{ secrets.PORT }}
+    #     script_stop: true
+    #     script: |
+    #       mkdir abc/def
+    #       ls -al
+
+    - name: pass environment
+      uses: ./
+      env:
+        FOO: "BAR"
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.KEY }}
+        port: ${{ secrets.PORT }}
+        envs: FOO
+        script: |
+          echo "I am $FOO, thanks"
+          echo "I am $BAR, thanks"
+
+    - name: pass multiple environment
+      uses: ./
+      env:
+        FOO: "BAR"
+        BAR: "FOO"
+        SHA: ${{ github.sha }}
+        PORT: ${{ secrets.PORT }}
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.KEY }}
+        port: ${{ secrets.PORT }}
+        envs: FOO,BAR,SHA,PORT
+        script: |
+          echo "I am $FOO, thanks"
+          echo "I am $BAR, thanks"
+          echo "sha: $SHA"
+          echo "port: $PORT"
+
+    - name: ssh key passphrase
+      uses: ./
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.SSH2 }}
+        port: ${{ secrets.PORT }}
+        passphrase: ${{ secrets.PASSPHRASE }}
+        script: |
+          whoami
+          ls -al
+
+    - name: use insecure cipher
+      uses: ./
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        password: ${{ secrets.PASSWORD }}
+        port: ${{ secrets.PORT }}
+        script: |
+            ls \
+              -lah
+        use_insecure_cipher: true
+
+    # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271
+    - name: Multiline SSH commands interpreted as single lines
+      uses: ./
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        password: ${{ secrets.PASSWORD }}
+        port: ${{ secrets.PORT }}
+        script_stop: true
+        script: |
+            ls \
+              -lah
+        use_insecure_cipher: true
+
+    # https://github.com/appleboy/ssh-action/issues/85
+    - name: Deployment to multiple hosts with different ports
+      uses: ./
+      with:
+        host: "${{ secrets.HOST }}:${{ secrets.PORT }}"
+        username: ${{ secrets.USERNAME }}
+        password: ${{ secrets.PASSWORD }}
+        port: 1024
+        script_stop: true
+        script: |
+            ls \
+              -lah
+        use_insecure_cipher: true
+
+    # - name: SSH ED25519 Private Key
+    #   uses: ./
+    #   with:
+    #     host: ${{ secrets.TUNNEL_HOST }}
+    #     username: ${{ secrets.TUNNEL_USERNAME }}
+    #     key: ${{ secrets.ID_ED25519 }}
+    #     port: ${{ secrets.TUNNEL_PORT }}
+    #     script: whoami

.github/workflows/testing.yml

@@ -0,0 +1,31 @@
+name: Testing
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  testing:
+    runs-on: ubuntu-latest
+    container: golang:1.20-alpine
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: setup sshd server
+        run: |
+          apk add git make curl perl bash build-base zlib-dev ucl-dev
+          make ssh-server
+
+      - name: executing remote ssh commands using password
+        uses: ./
+        with:
+          host: 127.0.0.1
+          username: drone-ssh
+          password: 1234
+          port: 22
+          script: whoami
+
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v3

Dockerfile

@@ -1,16 +1,5 @@
-FROM appleboy/drone-ssh:1.5.0-linux-amd64
+FROM appleboy/drone-ssh:1.6.5-linux-amd64
 
-# Github labels
+COPY entrypoint.sh /entrypoint.sh
-LABEL "com.github.actions.name"="SSH Commands"
-LABEL "com.github.actions.description"="Executing remote ssh commands"
-LABEL "com.github.actions.icon"="terminal"
-LABEL "com.github.actions.color"="gray-dark"
-
-LABEL "repository"="https://github.com/appleboy/ssh-action"
-LABEL "homepage"="https://github.com/appleboy"
-LABEL "maintainer"="Bo-Yi Wu <appleboy.tw@gmail.com>"
-LABEL "version"="0.0.1"
-
-ADD entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]

Makefile

@@ -0,0 +1,15 @@
+ssh-server:
+	adduser -h /home/drone-ssh -s /bin/sh -D -S drone-ssh
+	echo drone-ssh:1234 | chpasswd
+	mkdir -p /home/drone-ssh/.ssh
+	chmod 700 /home/drone-ssh/.ssh
+	cat tests/.ssh/id_rsa.pub >> /home/drone-ssh/.ssh/authorized_keys
+	cat tests/.ssh/test.pub >> /home/drone-ssh/.ssh/authorized_keys
+	chmod 600 /home/drone-ssh/.ssh/authorized_keys
+	chown -R drone-ssh /home/drone-ssh/.ssh
+	# install ssh and start server
+	apk add --update openssh openrc
+	rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
+	sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
+	sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
+	./tests/entrypoint.sh /usr/sbin/sshd -D &

README.md

@@ -1,131 +1,428 @@
 # 🚀 SSH for GitHub Actions
 
-[GitHub Action](https://developer.github.com/actions/) for executing remote ssh commands.
+[GitHub Action](https://github.com/features/actions) for executing remote ssh commands.
 
-<img src="./images/ssh-workflow.png">
+![ssh workflow](./images/ssh-workflow.png)
+
+[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions)
+
+**Important**: Only support **Linux** [docker](https://www.docker.com/) container.
+
+## Input variables
+
+See [action.yml](./action.yml) for more detailed information.
+
+* `host` - ssh host
+* `port` - ssh port, default is `22`
+* `username` - ssh username
+* `password` - ssh password
+* `passphrase` - the passphrase is usually to encrypt the private key
+* `sync` - synchronous execution if multiple hosts, default is false
+* `timeout` - timeout for ssh to remote host, default is `30s`
+* `command_timeout` - timeout for ssh command, default is `10m`
+* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, remember include the BEGIN and END lines 
+* `key_path` - path of ssh private key
+* `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification
+* `script` - execute commands
+* `script_stop` - stop script after first failure
+* `envs` - pass environment variable to shell script
+* `debug` - enable debug mode
+* `use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56))
+* `cipher` - the allowed cipher algorithms. If unspecified then a sensible
+
+SSH Proxy Setting:
+
+* `proxy_host` - proxy host
+* `proxy_port` - proxy port, default is `22`
+* `proxy_username` - proxy username
+* `proxy_password` - proxy password
+* `proxy_passphrase` - the passphrase is usually to encrypt the private key
+* `proxy_timeout` - timeout for ssh to proxy host, default is `30s`
+* `proxy_key` - content of ssh proxy private key.
+* `proxy_key_path` - path of ssh proxy private key
+* `proxy_fingerprint` - fingerprint SHA256 of the proxy host public key, default is to skip verification
+* `proxy_use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56))
+* `proxy_cipher` - the allowed cipher algorithms. If unspecified then a sensible
 
 ## Usage
 
 Executing remote ssh commands.
 
-```
+```yaml
-action "Executing remote ssh commands" {
+name: remote ssh command
-  uses = "appleboy/ssh-action@master"
+on: [push]
-  secrets = [
+jobs:
-    "HOST",
+
-    "PASSWORD",
+  build:
-  ]
+    name: Build
-  args = [
+    runs-on: ubuntu-latest
-    "--user", "actions",
+    steps:
-    "--script", "whoami",
+    - name: executing remote ssh commands using password
-  ]
+      uses: appleboy/ssh-action@v0.1.6
-}
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        password: ${{ secrets.PASSWORD }}
+        port: ${{ secrets.PORT }}
+        script: whoami
 ```
 
-## Environment variables
+output:
 
-* HOST - ssh server host
+```sh
-* PORT - ssh server port
+======CMD======
-* USERNAME - ssh server username
+whoami
-* PASSWORD - ssh server password
+======END======
-* KEY - ssh server private key
+out: ***
-* SCRIPT - execute the scripts
+==============================================
+✅ Successfully executed commands to all host.
+==============================================
+```
+
+### Setting up a SSH Key
+
+Make sure to follow the below steps while creating SSH Keys and using them.
+The best practice is create the SSH Keys on local machine not remote machine.
+Login with username specified in Github Secrets. Generate a RSA Key-Pair:
+
+<details>
+<summary>rsa</summary>
+<p>
+
+```bash
+ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
+```
+
+</p>
+</details>
+
+<details>
+<summary>ed25519</summary>
+<p>
+
+```bash
+ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
+```
+
+</p>
+</details>
+
+Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/).
+
+<details>
+<summary>rsa</summary>
+<p>
+
+```bash
+cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
+```
+
+</p>
+</details>
+
+<details>
+<summary>ed25519</summary>
+<p>
+
+```bash
+cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'
+```
+
+</p>
+</details>
+
+Copy Private Key content and paste in Github Secrets.
+
+<details>
+<summary>rsa</summary>
+<p>
+
+```bash
+clip < ~/.ssh/id_rsa
+```
+
+</p>
+</details>
+
+<details>
+<summary>ed25519</summary>
+<p>
+
+```bash
+clip < ~/.ssh/id_ed25519
+```
+
+</p>
+</details>
+
+See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html).
+
+**A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes:
+
+* Put the public key in `.ssh/authorized_keys2`
+* Change the permissions of `.ssh` to 700
+* Change the permissions of `.ssh/authorized_keys2` to 640
+
+### If you are using OpenSSH
+
+If you are currently using OpenSSH and are getting the following error:
+
+```bash
+ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
+```
+
+Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under 
+`/etc/ssh/sshd_config.d/`):
+
+```bash
+CASignatureAlgorithms +ssh-rsa
+```
+
+Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed:
+
+```bash
+ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
+```
 
 ### Example
 
-Executing remote ssh commands.
+#### Executing remote ssh commands using password
 
-```
+```yaml
-action "Executing remote ssh commands" {
+- name: executing remote ssh commands using password
-  uses = "appleboy/ssh-action@master"
+  uses: appleboy/ssh-action@v0.1.6
-  secrets = [
+  with:
-    "PASSWORD",
+    host: ${{ secrets.HOST }}
-  ]
+    username: ${{ secrets.USERNAME }}
-  args = [
+    password: ${{ secrets.PASSWORD }}
-    "--host", "foo.com"
+    port: ${{ secrets.PORT }}
-    "--user", "bar",
+    script: whoami
-    "--script", "whoami",
-  ]
-}
 ```
 
-Using private key
+#### Using private key
 
-```
+```yaml
-action "Support Private Key" {
+- name: executing remote ssh commands using ssh key
-  uses = "appleboy/ssh-action@master"
+  uses: appleboy/ssh-action@v0.1.6
-  secrets = [
+  with:
-    "HOST",
+    host: ${{ secrets.HOST }}
-    "KEY",
+    username: ${{ secrets.USERNAME }}
-  ]
+    key: ${{ secrets.KEY }}
-  args = [
+    port: ${{ secrets.PORT }}
-    "--user", "actions",
+    script: whoami
-    "--script", "'ls -al'",
-  ]
-}
 ```
 
-Multiple Commands
+#### Multiple Commands
 
-```
+```yaml
-action "Multiple Commands" {
+- name: multiple command
-  uses = "appleboy/ssh-action@master"
+  uses: appleboy/ssh-action@v0.1.6
-  secrets = [
+  with:
-    "HOST",
+    host: ${{ secrets.HOST }}
-    "KEY",
+    username: ${{ secrets.USERNAME }}
-  ]
+    key: ${{ secrets.KEY }}
-  args = [
+    port: ${{ secrets.PORT }}
-    "--user", "actions",
+    script: |
-    "--script", "'whoami'",
+      whoami
-    "--script", "'ls -al'",
+      ls -al
-  ]
-}
 ```
 
-<img src="./images/multiple-command-result.png">
+![result](./images/output-result.png)
 
-Multiple Hosts
+#### Multiple Hosts
 
-```
+```diff
-action "Multiple Hosts" {
+  - name: multiple host
-  uses = "appleboy/ssh-action@master"
+    uses: appleboy/ssh-action@v0.1.6
-  secrets = [
+    with:
-    "KEY",
+-     host: "foo.com"
-  ]
++     host: "foo.com,bar.com"
-  args = [
+      username: ${{ secrets.USERNAME }}
-    "--host", "foo.com",
+      key: ${{ secrets.KEY }}
-    "--host", "bar.com",
+      port: ${{ secrets.PORT }}
-    "--user", "actions",
+      script: |
-    "--script", "'whoami'",
+        whoami
-    "--script", "'ls -al'",
+        ls -al
-  ]
-}
 ```
 
-see the detail of `drone-ssh` command
+#### Multiple hosts with different port
 
-```
+```diff
-   --ssh-key value                           private ssh key [$PLUGIN_SSH_KEY, $PLUGIN_KEY, $SSH_KEY, $KEY]
+  - name: multiple host
-   --key-path value, -i value                ssh private key path [$PLUGIN_KEY_PATH, $SSH_KEY_PATH, $PATH]
+    uses: appleboy/ssh-action@v0.1.6
-   --username value, --user value, -u value  connect as user (default: "root") [$PLUGIN_USERNAME, $PLUGIN_USER, $SSH_USERNAME, $USERNAME]
+    with:
-   --password value, -P value                user password [$PLUGIN_PASSWORD, $SSH_PASSWORD, $PASSWORD]
+-     host: "foo.com"
-   --host value, -H value                    connect to host [$PLUGIN_HOST, $SSH_HOST, $HOST]
++     host: "foo.com:1234,bar.com:5678"
-   --port value, -p value                    connect to port (default: 22) [$PLUGIN_PORT, $SSH_PORT, $PORT]
+      username: ${{ secrets.USERNAME }}
-   --sync                                    sync mode [$PLUGIN_SYNC, $SYNC]
+      key: ${{ secrets.KEY }}
-   --timeout value, -t value                 connection timeout (default: 0s) [$PLUGIN_TIMEOUT, $SSH_TIMEOUT, $TIMEOUT]
+      script: |
-   --command.timeout value, -T value         command timeout (default: 1m0s) [$PLUGIN_COMMAND_TIMEOUT, $SSH_COMMAND_TIMEOUT, $COMMAND_TIMEOUT]
+        whoami
-   --script value, -s value                  execute commands [$PLUGIN_SCRIPT, $SSH_SCRIPT, $SCRIPT]
+        ls -al
-   --script.stop                             stop script after first failure [$PLUGIN_SCRIPT_STOP, $STOP]
-   --proxy.ssh-key value                     private ssh key of proxy [$PLUGIN_PROXY_SSH_KEY, $PLUGIN_PROXY_KEY, $PROXY_SSH_KEY]
-   --proxy.key-path value                    ssh private key path of proxy [$PLUGIN_PROXY_KEY_PATH, $PROXY_SSH_KEY_PATH]
-   --proxy.username value                    connect as user of proxy (default: "root") [$PLUGIN_PROXY_USERNAME, $PLUGIN_PROXY_USER, $PROXY_SSH_USERNAME]
-   --proxy.password value                    user password of proxy [$PLUGIN_PROXY_PASSWORD, $PROXY_SSH_PASSWORD]
-   --proxy.host value                        connect to host of proxy [$PLUGIN_PROXY_HOST, $PROXY_SSH_HOST]
-   --proxy.port value                        connect to port of proxy (default: "22") [$PLUGIN_PROXY_PORT, $PROXY_SSH_PORT]
-   --proxy.timeout value                     proxy connection timeout (default: 0s) [$PLUGIN_PROXY_TIMEOUT, $PROXY_SSH_TIMEOUT]
 ```
 
-## Secrets
+#### Synchronous execution on multiple hosts
 
-* `PASSWORD` - ssh server password
+```diff
-* `KEY` - ssh server private key
+  - name: multiple host
+    uses: appleboy/ssh-action@v0.1.6
+    with:
+      host: "foo.com,bar.com"
++     sync: true
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
+      script: |
+        whoami
+        ls -al
+```
+
+#### Pass environment variable to shell script
+
+```diff
+  - name: pass environment
+    uses: appleboy/ssh-action@v0.1.6
++   env:
++     FOO: "BAR"
++     BAR: "FOO"
++     SHA: ${{ github.sha }}
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     envs: FOO,BAR,SHA
+      script: |
+        echo "I am $FOO"
+        echo "I am $BAR"
+        echo "sha: $SHA"
+```
+
+_Inside `env` object, you need to pass every environment variable as a string, passing `Integer` data type or any other may output unexpected results._
+
+#### Stop script after first failure
+
+> ex: missing `abc` folder
+
+```diff
+  - name: stop script if command error
+    uses: appleboy/ssh-action@v0.1.6
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     script_stop: true
+      script: |
+        mkdir abc/def
+        ls -al
+```
+
+output:
+
+```sh
+======CMD======
+mkdir abc/def
+ls -al
+
+======END======
+2019/11/21 01:16:21 Process exited with status 1
+err: mkdir: cannot create directory ‘abc/def’: No such file or directory
+##[error]Docker run failed with exit code 1
+```
+
+#### How to connect remote server using `ProxyCommand`?
+
+```bash
++--------+       +----------+      +-----------+
+| Laptop | <-->  | Jumphost | <--> | FooServer |
++--------+       +----------+      +-----------+
+```
+
+in your `~/.ssh/config`, you will see the following.
+
+```bash
+Host Jumphost
+  HostName Jumphost
+  User ubuntu
+  Port 22
+  IdentityFile ~/.ssh/keys/jump_host.pem
+
+Host FooServer
+  HostName FooServer
+  User ubuntu
+  Port 22
+  ProxyCommand ssh -q -W %h:%p Jumphost
+```
+
+#### How to convert to YAML format of GitHubActions
+
+```diff
+  - name: ssh proxy command
+    uses: appleboy/ssh-action@v0.1.6
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     proxy_host: ${{ secrets.PROXY_HOST }}
++     proxy_username: ${{ secrets.PROXY_USERNAME }}
++     proxy_key: ${{ secrets.PROXY_KEY }}
++     proxy_port: ${{ secrets.PROXY_PORT }}
+      script: |
+        mkdir abc/def
+        ls -al
+```
+
+#### Protecting a Private Key
+
+The purpose of the passphrase is usually to encrypt the private key.
+This makes the key file by itself useless to an attacker.
+It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems.
+
+```diff
+  - name: ssh key passphrase
+    uses: appleboy/ssh-action@v0.1.6
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     passphrase: ${{ secrets.PASSPHRASE }}
+      script: |
+        whoami
+        ls -al
+```
+
+#### Using host fingerprint verification
+
+Setting up SSH host fingerprint verification can help to prevent Person-in-the-Middle attacks. Before setting this up, run the command below to get your SSH host fingerprint. Remember to replace `ed25519` with your appropriate key type (`rsa`, `dsa`, etc.) that your server is using and `example.com` with your host.
+
+In modern OpenSSH releases, the _default_ key types to be fetched are `rsa` (since version 5.1), `ecdsa` (since version 6.0), and `ed25519` (since version 6.7).
+
+```sh
+ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2
+```
+
+Now you can adjust you config:
+
+```diff
+  - name: ssh key passphrase
+    uses: appleboy/ssh-action@v0.1.6
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     fingerprint: ${{ secrets.FINGERPRINT }}
+      script: |
+        whoami
+        ls -al
+```
+
+## Contributing
+
+We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome!
+
+## License
+
+The scripts and documentation in this project are released under the [MIT License](LICENSE)

action.yml

@@ -0,0 +1,77 @@
+name: 'SSH Remote Commands'
+description: 'Executing remote ssh commands'
+author: 'Bo-Yi Wu'
+inputs:
+  host:
+    description: 'ssh host'
+  port:
+    description: 'ssh port'
+    default: 22
+  passphrase:
+    description: 'ssh key passphrase'
+  username:
+    description: 'ssh username'
+  password:
+    description: 'ssh password'
+  sync:
+    description: 'synchronous execution if multiple hosts'
+    default: false
+  use_insecure_cipher:
+    description: 'include more ciphers with use_insecure_cipher'
+    default: false
+  cipher:
+    description: 'the allowed cipher algorithms. If unspecified then a sensible'
+  timeout:
+    description: 'timeout for ssh to host'
+    default: "30s"
+  command_timeout:
+    description: 'timeout for ssh command'
+    default: "10m"
+  key:
+    description: 'content of ssh private key. ex raw content of ~/.ssh/id_rsa'
+  key_path:
+    description: 'path of ssh private key'
+  fingerprint:
+    description: 'sha256 fingerprint of the host public key'
+  proxy_host:
+    description: 'ssh proxy host'
+  proxy_port:
+    description: 'ssh proxy port'
+    default: 22
+  proxy_username:
+    description: 'ssh proxy username'
+  proxy_password:
+    description: 'ssh proxy password'
+  proxy_passphrase:
+    description: 'ssh proxy key passphrase'
+  proxy_timeout:
+    description: 'timeout for ssh to proxy host'
+    default: "30s"
+  proxy_key:
+    description: 'content of ssh proxy private key. ex raw content of ~/.ssh/id_rsa'
+  proxy_key_path:
+    description: 'path of ssh proxy private key'
+  proxy_fingerprint:
+    description: 'sha256 fingerprint of the proxy host public key'
+  proxy_cipher:
+    description: 'the allowed cipher algorithms. If unspecified then a sensible'
+  proxy_use_insecure_cipher:
+    description: 'include more ciphers with use_insecure_cipher'
+    default: false
+  script:
+    description: 'execute commands'
+  script_stop:
+    description: 'stop script after first failure'
+    default: false
+  envs:
+    description: 'pass environment variable to shell script'
+  debug:
+    description: 'enable debug mode'
+    default: false
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+
+branding:
+  icon: 'terminal'
+  color: 'gray-dark'

tests/.ssh/id_rsa

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA4e2D/qPN08pzTac+a8ZmlP1ziJOXk45CynMPtva0rtK/RB26
+VbfAF0hIJji7ltvnYnqCU9oFfvEM33cTn7T96+od8ib/Vz25YU8ZbstqtIskPuwC
+bv3K0mAHgsviJyRD7yM+QKTbBQEgbGuW6gtbMKhiYfiIB4Dyj7AdS/fk3v26wDgz
+7SHI5OBqu9bv1KhxQYdFEnU3PAtAqeccgzNpbH3eYLyGzuUxEIJlhpZ/uU2G9ppj
+/cSrONVPiI8Ahi4RrlZjmP5l57/sq1ClGulyLpFcMw68kP5FikyqHpHJHRBNgU57
+1y0Ph33SjBbs0haCIAcmreWEhGe+/OXnJe6VUQIDAQABAoIBAH97emORIm9DaVSD
+7mD6DqA7c5m5Tmpgd6eszU08YC/Vkz9oVuBPUwDQNIX8tT0m0KVs42VVPIyoj874
+bgZMJoucC1G8V5Bur9AMxhkShx9g9A7dNXJTmsKilRpk2TOk7wBdLp9jZoKoZBdJ
+jlp6FfaazQjjKD6zsCsMATwAoRCBpBNsmT6QDN0n0bIgY0tE6YGQaDdka0dAv68G
+R0VZrcJ9voT6+f+rgJLoojn2DAu6iXaM99Gv8FK91YCymbQlXXgrk6CyS0IHexN7
+V7a3k767KnRbrkqd3o6JyNun/CrUjQwHs1IQH34tvkWScbseRaFehcAm6mLT93RP
+muauvMECgYEA9AXGtfDMse0FhvDPZx4mx8x+vcfsLvDHcDLkf/lbyPpu97C27b/z
+ia07bu5TAXesUZrWZtKA5KeRE5doQSdTOv1N28BEr8ZwzDJwfn0DPUYUOxsN2iIy
+MheO5A45Ko7bjKJVkZ61Mb1UxtqCTF9mqu9R3PBdJGthWOd+HUvF460CgYEA7QRf
+Z8+vpGA+eSuu29e0xgRKnRzed5zXYpcI4aERc3JzBgO4Z0er9G8l66OWVGdMfpe6
+CBajC5ToIiT8zqoYxXwqJgN+glir4gJe3mm8J703QfArZiQrdk0NTi5bY7+vLLG/
+knTrtpdsKih6r3kjhuPPaAsIwmMxIydFvATKjLUCgYEAh/y4EihRSk5WKC8GxeZt
+oiZ58vT4z+fqnMIfyJmD5up48JuQNcokw/LADj/ODiFM7GUnWkGxBrvDA3H67WQm
+49bJjs8E+BfUQFdTjYnJRlpJZ+7Zt1gbNQMf5ENw5CCchTDqEq6pN0DVf8PBnSIF
+KvkXW9KvdV5J76uCAn15mDkCgYA1y8dHzbjlCz9Cy2pt1aDfTPwOew33gi7U3skS
+RTerx29aDyAcuQTLfyrROBkX4TZYiWGdEl5Bc7PYhCKpWawzrsH2TNa7CRtCOh2E
+R+V/84+GNNf04ALJYCXD9/ugQVKmR1XfDRCvKeFQFE38Y/dvV2etCswbKt5tRy2p
+xkCe/QKBgQCkLqafD4S20YHf6WTp3jp/4H/qEy2X2a8gdVVBi1uKkGDXr0n+AoVU
+ib4KbP5ovZlrjL++akMQ7V2fHzuQIFWnCkDA5c2ZAqzlM+ZN+HRG7gWur7Bt4XH1
+7XC9wlRna4b3Ln8ew3q1ZcBjXwD4ppbTlmwAfQIaZTGJUgQbdsO9YA==
+-----END RSA PRIVATE KEY-----

tests/.ssh/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDh7YP+o83TynNNpz5rxmaU/XOIk5eTjkLKcw+29rSu0r9EHbpVt8AXSEgmOLuW2+dieoJT2gV+8QzfdxOftP3r6h3yJv9XPblhTxluy2q0iyQ+7AJu/crSYAeCy+InJEPvIz5ApNsFASBsa5bqC1swqGJh+IgHgPKPsB1L9+Te/brAODPtIcjk4Gq71u/UqHFBh0USdTc8C0Cp5xyDM2lsfd5gvIbO5TEQgmWGln+5TYb2mmP9xKs41U+IjwCGLhGuVmOY/mXnv+yrUKUa6XIukVwzDryQ/kWKTKoekckdEE2BTnvXLQ+HfdKMFuzSFoIgByat5YSEZ7785ecl7pVR drone-scp@localhost

tests/.ssh/test

@@ -0,0 +1,50 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAgX0UT5U
+dbd5qk/WLiRyDeAAAAEAAAAAEAAAIXAAAAB3NzaC1yc2EAAAADAQABAAACAQDojzlRtxSq
+AaOGaPHwCSRlsw870qwpc55W5AxlcOsbFZdtSwZ/dESBu5ql3dLsTB7WcqXoaA7Qp3w5GV
+RcFxn+5r2dL17MPe3zZrLNZulbnkXiaVgYLjWa0cAv9zD+0nR8/mtz2DbkpKCD8R3oLJ2B
+z5oscT2XLcPvIKZlw2eBErpSopLxfpPyhU8WNK9E38mUl2tjtiBVIoIJmtgYWY8XmIpEUR
+iiRjPidBJUVmLq9kKdUV62V/pMB2UDzqPJUiuABgzh8/9/qM81uMCwyqULzaVhPE+S9P7L
+dv1Npj5nqwOmUcGj0dhofi+F+qZ8WqGkQJ5JPam0LkGuMKGNJywrxo8XTXSpYCUvbKrTWo
+0/1GNLCcHpIcjhUUJGObOMk1YI0Tu52PGpzDf1kI+zzAgPqWxxzegQdLcPIgm4I6x6S48E
+V13THoAoU5T+rLrhE0i6FokGIwKv4SycDtFCvIdOr1jxJpw0CrKHqMG/kzeljtM1HOojD5
+gHwESwwsZL5P5/IWvnZlGZD0fAp/SPWpZIeMTeH12QANxX69RoQfKLRMYWSabDUvGKkIxQ
+CBaoVOmyVQIqyT5wTZ3msfGVLb729TlZcNo+8snG0k2W9skdlahx1TugzE096P+RzjUfov
+6g1NZKHCN8VSeu4+gmPIEiuN3tt99dKDNBMx/QYLfPpwAAB1DxxEspVRHEF4mTxw4+hFhe
+855+u3ffHmjgrK7IWZqrrze8bayRAVKPK7UMux4ZCOccc1ydtJFGUrZw8Q5gMe+Y+TusXE
+WB7LWZK5an/WrEVe1jNgxwrQKjXauKtTY33CFnnTvdE8dUixHr3AddYq1gQ4WcB7v08sj6
+f8V4yf80u294H5pjYxFMmTu4QldphV/mZcPQCyuzZKmkPLK2TzZWqGk615zJDd/W8Inm1c
+IJTQPH4tIA3X3daThxOMLC3eQXC2rvl7qaSz2k8ok7LnND8GrTU0CnE6XUMNjRjlxXO+6n
+XGVILifwk+bdLlE6aPIqhSuwx/TnbzHwj8DYnd5/Da/KdXpbc4T+925w6til98lyfRICol
+So6gXace2IK33LKEAaEIr3im+ZFgSIvWZdPu/ZPV7nlNcb/rbMsRF6fKAMFA/kpPr4z5tQ
+0pMJYfUmPCMdP7ahZ3km/Cpmee/VQ07s11myA2XeaEPov6yNrHJJtnAp5wsZ5s6ifLmoyl
+WEPKt8YoIIDib44ANoyhgf6+PA2i+367p5U55ynI6HTXOdB/xWqJ7k4Rah4BSbd1t73wyU
+kh04/9+YGDabwup7WzT07S7b+T5tGKAwMwK0cE/y5RyVI5JwT2b7fvbO6YH9ZFaNOMT+e0
+jBpsrEDkdqnVaFU5b6yWO4Gw6I4Myw+ByATlPM6rmAQoOgfmQmoI47UiTYPr4bLvB7w02B
+yQb2AxWDFdCJadZDTpFp5E5mXudt3JnfnKpR+9zDud4AahEU63ggJn0gpd51zRtqrTViob
+qnZ9UtMl9dzGReZFInS6Uq6ge4JJlsxhEVREr/RPUa4NldT7nRMnfxlnwiVcgrdNdeL2Ho
+5azXYMsDsACBR9rmz6h7JOpM/oyupbyitGtJMiBrR20UD264L4zZIBU4d6MXQADdOo+oKE
+OofB9Zj9ovIAGzb9SNAh7vEXE0X6C/EdRNI/DOlca15bd33r+HgKTIONqTws2wThLnSx1r
+W0voqE6SnhUhQ1FovxtBFYE1Ve8HR7BGyO6AJGQOpqivLry7W1BJyOiwSJ+DDUmcrnCyqJ
+IoDc9pHQ/9hBlJz2qeBNaSdwMZWKkTCnIYq1f8FAKdRqujFx81toUZw7Lb03JmKZBlALvU
+PvXcfxCDqSVy66SHVEtGvegFCeo0gQJS0BywQkushDVSoqGQppVoICNtyuzaMzpzkWj5tP
+iYJzm5VBDucWkCmmqzFVVVdeX4Vd5crQ08ZeuHHOAL61bKde7ji1XnvlmllpByeHA5uPef
+mGmgf/A1fM3MqioWW/C/Beffe5tJDKxoG7lavIg7F83c48wk+SeJ+2twNMySu1PDYmlRvb
+VUdy1LtjutFtvySYBDHTFUOkvTOCX01gMTaB8HhaZAA+cjt91jrdKkKBh8spQHg1En/oaR
+rmuqMWuMadxKIlzUBWLkAme78ce0SbpnGmBG1jz6kbjF3ZWWFJVj+3DHwE9dydfX4gCKT8
+iV3IuifJLGtmaQO5AgpquMWYKsdOI+HCsWN2+YngqScmfokMSR4bn8DmcLNVYzzNkfo2/o
+Oc/ZHtSJlXsY/5el+Bg4FBsvX3akyz32KJ9azsexjMFQl6dt5e6qAeV7kGKic8uaqXhWYW
+l/sKzuqXVqVP8QwfipH+SZB3b71canc2mnC3+eXroSgG9yYneGzxfP4ppABGRu/hSyLaaq
+tGyqgelrCXKSiWQs/Vgj46zEAoeIvLW9/NwnPkV3r499Ieh7kqMl2iZzpBXqab2ip6yt0+
+9GQuBwb3YNj7HO/a2YU0aMJrs6YofOa6/0h4ZvLYe6ndzDAAFIlUmqGiHUnjnDtChaUZLX
+E+9a8GkASVSizvMEpo/71uzOhn3Ta9ixDBqDQgA1DD0p3ko4bq7nYTNIfqghpJW2yTb8Sq
+Fw9yuZ7WRcS/SNmsVxCN8UsimixI4uugKgiU+YWLdZrlaQk7yCRUZ4Drris4FBW55AjVJ8
+nz3suOA+nh8JK0DN99hE9EAtgtMc1oKb76te1VCtd5tUfjN13qq5SvHMQp/dn+y+aVSIEg
+KrvhXVwxyncL7AC04yK0TJHVk83vXCK6hyFnPeFBPhY0yUtq1smWLrjotaW8ZRLMKG6Kz/
+cD69lsCnhFATfbBmKh6mRrBUaZV3nvZKKojJGnTguOQZodg0EEx/XR+aXFmJfKzyo4wdfK
+OQR/HeDLS+X1tAzEkZl3QtAgeNWwngXlov3wJgg0R5X4scJZlG9ns7UNrJG2D9E4LTLMvZ
+W1d9tnqAJprUdR9vvqUXGgbndzV+MuV/gY52jt2p7gvscBFVwLLuH7eTarrvqfBPAx+I33
+V79GEkDdc9rCpA6BGDEJGr/Xcpx2tDiSqLc8vELfpruROx4T4PuPZvKqqcvHNNUYUQi1+y
+7quwL7RgZj+i5hXGTRQ5Y+YfVYY+7sNgUxQpS5pC64s7bvwB0pHjgjn1KTXuyroPkV6pWA
+FfFEk1ETJhXcl7plxpmcLROyI=
+-----END OPENSSH PRIVATE KEY-----

tests/.ssh/test.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDojzlRtxSqAaOGaPHwCSRlsw870qwpc55W5AxlcOsbFZdtSwZ/dESBu5ql3dLsTB7WcqXoaA7Qp3w5GVRcFxn+5r2dL17MPe3zZrLNZulbnkXiaVgYLjWa0cAv9zD+0nR8/mtz2DbkpKCD8R3oLJ2Bz5oscT2XLcPvIKZlw2eBErpSopLxfpPyhU8WNK9E38mUl2tjtiBVIoIJmtgYWY8XmIpEURiiRjPidBJUVmLq9kKdUV62V/pMB2UDzqPJUiuABgzh8/9/qM81uMCwyqULzaVhPE+S9P7Ldv1Npj5nqwOmUcGj0dhofi+F+qZ8WqGkQJ5JPam0LkGuMKGNJywrxo8XTXSpYCUvbKrTWo0/1GNLCcHpIcjhUUJGObOMk1YI0Tu52PGpzDf1kI+zzAgPqWxxzegQdLcPIgm4I6x6S48EV13THoAoU5T+rLrhE0i6FokGIwKv4SycDtFCvIdOr1jxJpw0CrKHqMG/kzeljtM1HOojD5gHwESwwsZL5P5/IWvnZlGZD0fAp/SPWpZIeMTeH12QANxX69RoQfKLRMYWSabDUvGKkIxQCBaoVOmyVQIqyT5wTZ3msfGVLb729TlZcNo+8snG0k2W9skdlahx1TugzE096P+RzjUfov6g1NZKHCN8VSeu4+gmPIEiuN3tt99dKDNBMx/QYLfPpw== deploy@easyssh

tests/entrypoint.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+if [ ! -f "/etc/ssh/ssh_host_rsa_key" ]; then
+  # generate fresh rsa key
+  ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
+fi
+
+if [ ! -f "/etc/ssh/ssh_host_dsa_key" ]; then
+  # generate fresh dsa key
+  ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
+fi
+
+exec "$@"