[GH-ISSUE #554] Issue: .ssh directory not parity with Github Actions #375

Closed
opened 2026-03-01 21:42:48 +03:00 by kerem · 7 comments
Owner

Originally created by @justindoody on GitHub (Mar 6, 2021).
Original GitHub issue: https://github.com/nektos/act/issues/554

Act version

act version 0.2.20

Expected behaviour

Typically and on github actions ssh will read files such as config, known_hosts, etc from ~/.ssh/ directory.

Actual behaviour

When using act these files are only read from /root/.ssh. This likely has something to do with act modifying the $HOME directory in some order or timing differently than github actions. SSH does not necessarily read the current $HOME/.ssh if home has been modified. See https://serverfault.com/a/951783 for additional context.

Steps to reproduce

Expected to work and works on github actions but fails on act with host verification failed because ssh is not picking up the known_hosts file:

 jobs:
  ssh_test:
    runs-on: ubuntu-latest
    steps:
      -
        name: SSH Agent
        uses: webfactory/ssh-agent@v0.5.0
        with:
          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
      -
        name: Setup SSH Known Hosts
        run: |
          mkdir -p -m 0700 ~/.ssh

          echo "Add domain to known hosts"
          ssh-keyscan -t rsa -p 22 <domain or ip> > ~/.ssh/known_hosts
          chmod 600 ~/.ssh/known_hosts
      -
        name: Test ssh
        run: ssh <domain or ip> ps

Works on act but fails on github actions:

jobs:
  ssh_test:
    runs-on: ubuntu-latest
    steps:
      -
        name: SSH Agent
        uses: webfactory/ssh-agent@v0.5.0
        with:
          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
      -
        name: Setup SSH Known Hosts
        run: |
          mkdir -p -m 0700 /root/.ssh

          echo "Add domain to known hosts"
          ssh-keyscan -t rsa -p 22 <domain or ip> > /root/.ssh/known_hosts
          chmod 600 /root/.ssh/known_hosts
      -
        name: Test ssh
        run: ssh <domain or ip> ps

This breaks most usage of ssh on act and in such a way that is quite painful and not obvious to debug as the overwhelming online references around ssh assume ~/.ssh/ is going to get picked up.

Originally created by @justindoody on GitHub (Mar 6, 2021). Original GitHub issue: https://github.com/nektos/act/issues/554 <!-- - Make sure you are able to reproduce it on the [latest version](https://github.com/nektos/act/releases) - Search the existing issues. - Refer to [README](https://github.com/nektos/act/blob/master/README.md). --> ## Act version ```none act version 0.2.20 ``` ## Expected behaviour Typically and on github actions ssh will read files such as config, known_hosts, etc from `~/.ssh/` directory. ## Actual behaviour When using act these files are only read from `/root/.ssh`. This likely has something to do with `act` modifying the `$HOME` directory in some order or timing differently than github actions. SSH does not necessarily read the current `$HOME/.ssh` if home has been modified. See https://serverfault.com/a/951783 for additional context. ## Steps to reproduce Expected to work and works on github actions but fails on act with host verification failed because ssh is not picking up the `known_hosts` file: ```none jobs: ssh_test: runs-on: ubuntu-latest steps: - name: SSH Agent uses: webfactory/ssh-agent@v0.5.0 with: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Setup SSH Known Hosts run: | mkdir -p -m 0700 ~/.ssh echo "Add domain to known hosts" ssh-keyscan -t rsa -p 22 <domain or ip> > ~/.ssh/known_hosts chmod 600 ~/.ssh/known_hosts - name: Test ssh run: ssh <domain or ip> ps ``` Works on `act` but fails on github actions: ```none jobs: ssh_test: runs-on: ubuntu-latest steps: - name: SSH Agent uses: webfactory/ssh-agent@v0.5.0 with: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Setup SSH Known Hosts run: | mkdir -p -m 0700 /root/.ssh echo "Add domain to known hosts" ssh-keyscan -t rsa -p 22 <domain or ip> > /root/.ssh/known_hosts chmod 600 /root/.ssh/known_hosts - name: Test ssh run: ssh <domain or ip> ps ``` This breaks most usage of ssh on `act` and in such a way that is quite painful and not obvious to debug as the overwhelming online references around ssh assume `~/.ssh/` is going to get picked up.
kerem 2026-03-01 21:42:48 +03:00
Author
Owner

@catthehacker commented on GitHub (Mar 6, 2021):

Correct, HOME is modified here: github.com/nektos/act@8de7b956b7/pkg/runner/run_context.go (L578)

<!-- gh-comment-id:792052800 --> @catthehacker commented on GitHub (Mar 6, 2021): Correct, `HOME` is modified here: https://github.com/nektos/act/blob/8de7b956b781bd4bb97bf6136d30e789501b17b4/pkg/runner/run_context.go#L578
Author
Owner

@catthehacker commented on GitHub (Mar 7, 2021):

@justindoody could you check if the issue is still present using -P ubuntu-latest=catthehacker/ubuntu:act-dev?

<!-- gh-comment-id:792367360 --> @catthehacker commented on GitHub (Mar 7, 2021): @justindoody could you check if the issue is still present using `-P ubuntu-latest=catthehacker/ubuntu:act-dev`?
Author
Owner

@irealva commented on GitHub (Apr 1, 2021):

I'm having this problem too. Would be great to hear about a solution.

<!-- gh-comment-id:812090740 --> @irealva commented on GitHub (Apr 1, 2021): I'm having this problem too. Would be great to hear about a solution.
Author
Owner

@catthehacker commented on GitHub (Apr 1, 2021):

Hi @irealva, proper solution will be removing below line and implementing #398
github.com/nektos/act@8de7b956b7/pkg/runner/run_context.go (L578)

But workaround have been added in catthehacker/ubuntu:act-dev image.

<!-- gh-comment-id:812093562 --> @catthehacker commented on GitHub (Apr 1, 2021): Hi @irealva, proper solution will be removing below line and implementing #398 https://github.com/nektos/act/blob/8de7b956b781bd4bb97bf6136d30e789501b17b4/pkg/runner/run_context.go#L578 But workaround have been added in `catthehacker/ubuntu:act-dev` image.
Author
Owner

@irealva commented on GitHub (Apr 1, 2021):

So you mean I should be able to run act -P ubuntu-18.04=catthehacker/ubuntu:act-dev without the "SSH Agent" and "Setup SSH Known Hosts" steps? That doesn't seem to work for me either.

Thanks again!

<!-- gh-comment-id:812127558 --> @irealva commented on GitHub (Apr 1, 2021): So you mean I should be able to run `act -P ubuntu-18.04=catthehacker/ubuntu:act-dev` without the "SSH Agent" and "Setup SSH Known Hosts" steps? That doesn't seem to work for me either. Thanks again!
Author
Owner

@catthehacker commented on GitHub (Apr 1, 2021):

@irealva ssh agent and known hosts are required since it's not viable to included known hosts in docker image because it would get outdated.

<!-- gh-comment-id:812129258 --> @catthehacker commented on GitHub (Apr 1, 2021): @irealva ssh agent and known hosts are required since it's not viable to included known hosts in docker image because it would get outdated.
Author
Owner

@irealva commented on GitHub (Apr 1, 2021):

Got it, I misunderstood you. For others then I also solved the original poster's question with the act standard image by using continue-on-error:

name: Copy Known Hosts
    continue-on-error: true
    run: |
       mkdir -p -m 0700 /root/.ssh
       echo "Add domain to known hosts"
       ssh-keyscan github.com > /root/.ssh/known_hosts
       chmod 600 /root/.ssh/known_hosts
<!-- gh-comment-id:812133465 --> @irealva commented on GitHub (Apr 1, 2021): Got it, I misunderstood you. For others then I also solved the original poster's question with the `act` standard image by using `continue-on-error`: ``` name: Copy Known Hosts continue-on-error: true run: | mkdir -p -m 0700 /root/.ssh echo "Add domain to known hosts" ssh-keyscan github.com > /root/.ssh/known_hosts chmod 600 /root/.ssh/known_hosts ```
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/act#375
No description provided.