[GH-ISSUE #554] Issue: .ssh directory not parity with Github Actions

kerem commented

2026-03-01 21:42:48 +03:00

Owner

Originally created by @justindoody on GitHub (Mar 6, 2021).
Original GitHub issue: https://github.com/nektos/act/issues/554

Act version

act version 0.2.20

Expected behaviour

Typically and on github actions ssh will read files such as config, known_hosts, etc from ~/.ssh/ directory.

Actual behaviour

When using act these files are only read from /root/.ssh. This likely has something to do with act modifying the $HOME directory in some order or timing differently than github actions. SSH does not necessarily read the current $HOME/.ssh if home has been modified. See https://serverfault.com/a/951783 for additional context.

Steps to reproduce

Expected to work and works on github actions but fails on act with host verification failed because ssh is not picking up the known_hosts file:

 jobs:
  ssh_test:
    runs-on: ubuntu-latest
    steps:
      -
        name: SSH Agent
        uses: webfactory/ssh-agent@v0.5.0
        with:
          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
      -
        name: Setup SSH Known Hosts
        run: |
          mkdir -p -m 0700 ~/.ssh

          echo "Add domain to known hosts"
          ssh-keyscan -t rsa -p 22 <domain or ip> > ~/.ssh/known_hosts
          chmod 600 ~/.ssh/known_hosts
      -
        name: Test ssh
        run: ssh <domain or ip> ps

Works on act but fails on github actions:

jobs:
  ssh_test:
    runs-on: ubuntu-latest
    steps:
      -
        name: SSH Agent
        uses: webfactory/ssh-agent@v0.5.0
        with:
          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
      -
        name: Setup SSH Known Hosts
        run: |
          mkdir -p -m 0700 /root/.ssh

          echo "Add domain to known hosts"
          ssh-keyscan -t rsa -p 22 <domain or ip> > /root/.ssh/known_hosts
          chmod 600 /root/.ssh/known_hosts
      -
        name: Test ssh
        run: ssh <domain or ip> ps

This breaks most usage of ssh on act and in such a way that is quite painful and not obvious to debug as the overwhelming online references around ssh assume ~/.ssh/ is going to get picked up.

Originally created by @justindoody on GitHub (Mar 6, 2021). Original GitHub issue: https://github.com/nektos/act/issues/554  ## Act version ```none act version 0.2.20 ``` ## Expected behaviour Typically and on github actions ssh will read files such as config, known_hosts, etc from `~/.ssh/` directory. ## Actual behaviour When using act these files are only read from `/root/.ssh`. This likely has something to do with `act` modifying the `$HOME` directory in some order or timing differently than github actions. SSH does not necessarily read the current `$HOME/.ssh` if home has been modified. See https://serverfault.com/a/951783 for additional context. ## Steps to reproduce Expected to work and works on github actions but fails on act with host verification failed because ssh is not picking up the `known_hosts` file: ```none jobs: ssh_test: runs-on: ubuntu-latest steps: - name: SSH Agent uses: webfactory/ssh-agent@v0.5.0 with: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Setup SSH Known Hosts run: | mkdir -p -m 0700 ~/.ssh echo "Add domain to known hosts" ssh-keyscan -t rsa -p 22 <domain or ip> > ~/.ssh/known_hosts chmod 600 ~/.ssh/known_hosts - name: Test ssh run: ssh <domain or ip> ps ``` Works on `act` but fails on github actions: ```none jobs: ssh_test: runs-on: ubuntu-latest steps: - name: SSH Agent uses: webfactory/ssh-agent@v0.5.0 with: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Setup SSH Known Hosts run: | mkdir -p -m 0700 /root/.ssh echo "Add domain to known hosts" ssh-keyscan -t rsa -p 22 <domain or ip> > /root/.ssh/known_hosts chmod 600 /root/.ssh/known_hosts - name: Test ssh run: ssh <domain or ip> ps ``` This breaks most usage of ssh on `act` and in such a way that is quite painful and not obvious to debug as the overwhelming online references around ssh assume `~/.ssh/` is going to get picked up.

kerem

2026-03-01 21:42:48 +03:00

closed this issue
added the
stale

kind/bug
labels

kerem commented

2026-03-01 21:42:49 +03:00

Author

Owner

@catthehacker commented on GitHub (Mar 6, 2021):

Correct, HOME is modified here: github.com/nektos/act@8de7b956b7/pkg/runner/run_context.go (L578)

@catthehacker commented on GitHub (Mar 6, 2021): Correct, `HOME` is modified here: https://github.com/nektos/act/blob/8de7b956b781bd4bb97bf6136d30e789501b17b4/pkg/runner/run_context.go#L578

kerem commented

2026-03-01 21:42:49 +03:00

Author

Owner

@catthehacker commented on GitHub (Mar 7, 2021):

@justindoody could you check if the issue is still present using -P ubuntu-latest=catthehacker/ubuntu:act-dev?

@catthehacker commented on GitHub (Mar 7, 2021): @justindoody could you check if the issue is still present using `-P ubuntu-latest=catthehacker/ubuntu:act-dev`?

kerem commented

2026-03-01 21:42:49 +03:00

Author

Owner

@irealva commented on GitHub (Apr 1, 2021):

I'm having this problem too. Would be great to hear about a solution.

@irealva commented on GitHub (Apr 1, 2021): I'm having this problem too. Would be great to hear about a solution.

kerem commented

2026-03-01 21:42:49 +03:00

Author

Owner

@catthehacker commented on GitHub (Apr 1, 2021):

Hi @irealva, proper solution will be removing below line and implementing #398
github.com/nektos/act@8de7b956b7/pkg/runner/run_context.go (L578)

But workaround have been added in catthehacker/ubuntu:act-dev image.

@catthehacker commented on GitHub (Apr 1, 2021): Hi @irealva, proper solution will be removing below line and implementing #398 https://github.com/nektos/act/blob/8de7b956b781bd4bb97bf6136d30e789501b17b4/pkg/runner/run_context.go#L578 But workaround have been added in `catthehacker/ubuntu:act-dev` image.

kerem commented

2026-03-01 21:42:49 +03:00

Author

Owner

@irealva commented on GitHub (Apr 1, 2021):

So you mean I should be able to run act -P ubuntu-18.04=catthehacker/ubuntu:act-dev without the "SSH Agent" and "Setup SSH Known Hosts" steps? That doesn't seem to work for me either.

Thanks again!

@irealva commented on GitHub (Apr 1, 2021): So you mean I should be able to run `act -P ubuntu-18.04=catthehacker/ubuntu:act-dev` without the "SSH Agent" and "Setup SSH Known Hosts" steps? That doesn't seem to work for me either. Thanks again!

kerem commented

2026-03-01 21:42:49 +03:00

Author

Owner

@catthehacker commented on GitHub (Apr 1, 2021):

@irealva ssh agent and known hosts are required since it's not viable to included known hosts in docker image because it would get outdated.

@catthehacker commented on GitHub (Apr 1, 2021): @irealva ssh agent and known hosts are required since it's not viable to included known hosts in docker image because it would get outdated.

kerem commented

2026-03-01 21:42:49 +03:00

Author

Owner

@irealva commented on GitHub (Apr 1, 2021):

Got it, I misunderstood you. For others then I also solved the original poster's question with the act standard image by using continue-on-error:

name: Copy Known Hosts
    continue-on-error: true
    run: |
       mkdir -p -m 0700 /root/.ssh
       echo "Add domain to known hosts"
       ssh-keyscan github.com > /root/.ssh/known_hosts
       chmod 600 /root/.ssh/known_hosts

@irealva commented on GitHub (Apr 1, 2021): Got it, I misunderstood you. For others then I also solved the original poster's question with the `act` standard image by using `continue-on-error`: ``` name: Copy Known Hosts continue-on-error: true run: | mkdir -p -m 0700 /root/.ssh echo "Add domain to known hosts" ssh-keyscan github.com > /root/.ssh/known_hosts chmod 600 /root/.ssh/known_hosts ```

kerem referenced this issue

2026-03-01 21:51:08 +03:00

[PR #375] [MERGED] Fix test target #1428

Rows
Columns

[GH-ISSUE #554] Issue: .ssh directory not parity with Github Actions #375

Act version

Expected behaviour

Actual behaviour

Steps to reproduce