Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does the ssh key get left on the runner? #199

Closed
menasheh opened this issue May 9, 2022 · 8 comments · Fixed by #224
Closed

Does the ssh key get left on the runner? #199

menasheh opened this issue May 9, 2022 · 8 comments · Fixed by #224

Comments

@menasheh
Copy link

menasheh commented May 9, 2022

Will the ssh-key and authorized keys be removed from the runner at the end of workflow execution?
@DavraYoung
Copy link

I am also interested in this question. Is it safe to leave private ssh keys on github cloud runners?

@kiweezi
Copy link

kiweezi commented Oct 10, 2022

Likewise!

@shimataro
Copy link
Owner

Is it safe to leave private ssh keys on github cloud runners?

According to this document, it seems to be safe because decommissioned automatically.

When the job has finished, the VM is automatically decommissioned.

I think we need to remove not only SSH keys but also all source codes if VM is reused by someone 🤔

@kiweezi
Copy link

kiweezi commented Nov 4, 2022

Is it safe to leave private ssh keys on github cloud runners?

According to this document, it seems to be safe because decommissioned automatically.

When the job has finished, the VM is automatically decommissioned.

I think we need to remove not only SSH keys but also all source codes if VM is reused by someone 🤔

Thanks for the response!
That is for GitHub's own runners. I agree that it's likely safe to leave the key on them.

In my org's case, we use hosted runners. removing the ssh key would be beneficial to us as we use these VMs for lots of different kinds of workflows. It's also a risk leaving all our keys on one VM!

@shimataro
Copy link
Owner

@kiweezi
Thanks for your supplementary comments!

Unfortunately, ssh-key-action cannot remove keys by itself after workflow finishes.
You might want to append below lines to step in your YAML file.

    - name: remove SSH keys
      run: rm -rf ~/.ssh
      if: ${{ always() }}

@kiweezi
Copy link

kiweezi commented Nov 7, 2022

@shimataro
Thanks for your prompt response!
We've been using something similar to your suggestion for a while now, so thanks for sharing!

Is it not possible for this feature to be added to the action?
Or maybe your example should be added to the readme?
That way people with hosted runners will be more likely to use this action :).

Either way, appreciate your response and discussion on it!

@shimataro
Copy link
Owner

@kiweezi

Is it not possible for this feature to be added to the action?

Probably not.
From what I read the document, it seems that there are no way to cleanup after action is done.
Pleas let me know if you find a good way!

Or maybe your example should be added to the readme?

It's a good idea! I will add to "Q&A" section later. thanks!

@shimataro shimataro mentioned this issue Dec 17, 2022
Merged
@shimataro
Copy link
Owner

Hi,
I found a good way and released new version.

Please try using!

@menasheh menasheh mentioned this issue Dec 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add cleanup process shimataro/ssh-key-action
4 participants
@menasheh @shimataro @DavraYoung @kiweezi