From f553408cc43c9cf7ff159687fb48ae284cd55223 Mon Sep 17 00:00:00 2001 From: happybell80 Date: Mon, 7 Jul 2025 22:51:18 +0900 Subject: [PATCH] Fix SSH authentication issues in GitHub Actions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add SSH key verification step with ssh-add -l - Properly configure known_hosts with ssh-keyscan - Add SSH connection test before rsync - Remove StrictHostKeyChecking=no from rsync and remote commands - Follow webfactory/ssh-agent best practices Resolves SSH key authentication failures during deployment 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- .github/workflows/deploy.yml | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 10a5397..22a5052 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -18,14 +18,27 @@ jobs: with: ssh-private-key: ${{ secrets.NAS_SSH_KEY_ADMIN }} + - name: Check SSH key loaded + run: ssh-add -l + + - name: Add NAS host to known_hosts + run: | + mkdir -p ~/.ssh + ssh-keyscan -p ${{ secrets.NAS_PORT }} ${{ secrets.NAS_HOST }} >> ~/.ssh/known_hosts + + - name: Test SSH connection + run: | + ssh -o StrictHostKeyChecking=no -p ${{ secrets.NAS_PORT }} \ + ${{ secrets.NAS_USER }}@${{ secrets.NAS_HOST }} echo "SSH connection successful" + - name: Rsync to NAS run: | - rsync -avz -e "ssh -o StrictHostKeyChecking=no -p ${{ secrets.NAS_PORT }}" ./ \ + rsync -avz -e "ssh -p ${{ secrets.NAS_PORT }}" ./ \ ${{ secrets.NAS_USER }}@${{ secrets.NAS_HOST }}:/volume1/homes/admin/nginx-infra/ - name: Remote docker-compose up run: | - ssh -o StrictHostKeyChecking=no -p ${{ secrets.NAS_PORT }} ${{ secrets.NAS_USER }}@${{ secrets.NAS_HOST }} << 'EOF' + ssh -p ${{ secrets.NAS_PORT }} ${{ secrets.NAS_USER }}@${{ secrets.NAS_HOST }} << 'EOF' cd /volume1/homes/admin/nginx-infra docker-compose up -d --build EOF \ No newline at end of file