Github Actions SSH Setup

As a reminder for my future self and anyone that might find it useful, here’s a quick look at setting up ssh for GitHub actions. In this case I’m using my portfolio as an example.

Background#

The portfolio site is build in Gatsby, primarily because I found a beautiful template by Brittany Chiang and was interested in trying out a little react.

The build of the site is outputted to a subfolder named public and I have this set up as a git submodule of the site repo.

In a previous post I wrote about setting up the GitHub actions, here I want a quick reminder of how to set up the ssh keys needed.

Secrets needed#

I’m looking to create these values to use as variables in the .gihub/workflow/main.yml file. They’ll all be added to the GitHub secrets for the public repo.

VPS_SSH_HOST — this the host IP address of my server.
VPS_SSH_USERNAME — this is the username from my user@ipaddress login.
VPS_SSH_SECRET — this is the private SSH key that you set up for GitHub access on your server.
VPS_SSH_PORT — this is the port number for SSH access. A typical choice is port 22.
SSH_PASSPHRASE — this is the passphrase I supplied during creation of the SSH key.
PROJECT_PATH — This is the full project path of my project’s root directory on the server. `pwd` to find this when in the directory.

SSH Keys#

I generated the keys on my local machine (not the server), using the following command.

ssh-keygen -b 4096 -f /path/to/my/ssh/folder/.ssh/name_i_want_for_the_key_pair

This generates both the private, which I need for VPS_SSH_SECRET and the public key which I need to add to my server.

I choose to use a passphrase during the key generation process, as I found the GitHub actions workflow didn’t work without it.

Moving the keys#

To get my public key to the VPS server, I used

scp /path_to_ssh_public_key/name_of_key.pub user@ssh_IP_address:/tmp/key_name.pub

Then when logged into my VPS, I used the following commands to add the public key to the authorized keys on my server.

cd /tmp/
cat key_name.pub >> ~/.ssh/authorized_keys

There are neater and more concise ways to do this, and I believe entirely from my local machine, but this worked for me and also served a clear indicator of what I was trying to do.

Private SSH key#

To get my private key data into GitHub, I used:

cat ~/.ssh/key_name | pbcopy

This copies the contents of the file into my clipboard and allowed me to simply paste in the key.

The rest#

The rest was filling out the details for the other secrets. Running a few tests, and ensuring I was using the correct passphrase, it worked.

Hope that helps future David, and anyone else that stumbles across these posts.