starred/act
1
0
Fork 0
mirror of https://github.com/nektos/act.git synced 2026-04-26 09:25:54 +03:00
Code Issues 289 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #2039] Incorrect GitHub SSH keys (or missing new ones) #976

New issue
Closed
opened 2026-03-01 21:47:52 +03:00 by kerem · 12 comments
kerem commented 2026-03-01 21:47:52 +03:00
Owner
Copy link

Originally created by @andrewvaughan on GitHub (Oct 9, 2023).
Original GitHub issue: https://github.com/nektos/act/issues/2039

Bug report info

15:25:30 ~/Repositories/Personal/template-core main $ act --bug-report
act version:            0.2.52
GOOS:                   darwin
GOARCH:                 arm64
NumCPU:                 8
Docker host:            DOCKER_HOST environment variable is not set
Sockets found:
        /var/run/docker.sock
        $HOME/.docker/run/docker.sock
Config files:           
        /Users/andrew/.actrc:
                -P ubuntu-latest=catthehacker/ubuntu:act-latest
                -P ubuntu-22.04=catthehacker/ubuntu:act-22.04
                -P ubuntu-20.04=catthehacker/ubuntu:act-20.04
                -P ubuntu-18.04=catthehacker/ubuntu:act-18.04
Build info:
        Go version:            go1.21.1
        Module path:           command-line-arguments
        Main version:          
        Main path:             
        Main checksum:         
        Build settings:
                -buildmode:           exe
                -compiler:            gc
                -ldflags:             -X main.version=0.2.52
                DefaultGODEBUG:       panicnil=1
                CGO_ENABLED:          1
                CGO_CFLAGS:           
                CGO_CPPFLAGS:         
                CGO_CXXFLAGS:         
                CGO_LDFLAGS:          
                GOARCH:               arm64
                GOOS:                 darwin
Docker Engine:
        Engine version:        23.0.5
        Engine runtime:        runc
        Cgroup version:        2
        Cgroup driver:         cgroupfs
        Storage driver:        overlay2
        Registry URI:          https://index.docker.io/v1/
        OS:                    Docker Desktop
        OS type:               linux
        OS version:            
        OS arch:               aarch64
        OS kernel:             5.15.49-linuxkit
        OS CPU:                4
        OS memory:             7951 MB
        Security options:
                name=seccomp,profile=builtin
                name=cgroupns

Command used with act

Anything.

Describe issue

Most of my problem information is at https://github.com/nektos/act/discussions/2035

But generally, I'm getting this error when running act locally:

The authenticity of host 'github.com (140.82.112.3)' can't be established.
| ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
| This key is not known by any other names.

I used Docker to enter the machine and check the available keys:

docker exec -it act-MegaLinter-MegaLinte... /bin/bash

When I entered, I noticed there was no user SSH key, so I checked the global one:

cat /etc/.ssh/ssh_known_hosts
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H

Sure enough, the known hosts are missing a number of GitHub's more secure SSH key fingerprints, as published here:
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints

It should look like this:

$ ssh-keyscan github.com
# github.com:22 SSH-2.0-babeld-dd067d10
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
# github.com:22 SSH-2.0-babeld-dd067d10
# github.com:22 SSH-2.0-babeld-70f1bac9
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
# github.com:22 SSH-2.0-babeld-dd067d10
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
# github.com:22 SSH-2.0-babeld-dd067d10

My system is configured to use ED25519, which is significantly more secure and becoming the standard encryption for keys moving forward for most systems. Not including the ED25519 key in the SSH keys for the container is going to cause more and more people to have issues.

I'm hoping this can be hotfixed, because I'm completely blocked until this can be fixed.

Link to GitHub repository

No response

Workflow content

N/A

Relevant log output

See above.

Additional information

No response

Originally created by @andrewvaughan on GitHub (Oct 9, 2023). Original GitHub issue: https://github.com/nektos/act/issues/2039 ### Bug report info ```plain text 15:25:30 ~/Repositories/Personal/template-core main $ act --bug-report act version: 0.2.52 GOOS: darwin GOARCH: arm64 NumCPU: 8 Docker host: DOCKER_HOST environment variable is not set Sockets found: /var/run/docker.sock $HOME/.docker/run/docker.sock Config files: /Users/andrew/.actrc: -P ubuntu-latest=catthehacker/ubuntu:act-latest -P ubuntu-22.04=catthehacker/ubuntu:act-22.04 -P ubuntu-20.04=catthehacker/ubuntu:act-20.04 -P ubuntu-18.04=catthehacker/ubuntu:act-18.04 Build info: Go version: go1.21.1 Module path: command-line-arguments Main version: Main path: Main checksum: Build settings: -buildmode: exe -compiler: gc -ldflags: -X main.version=0.2.52 DefaultGODEBUG: panicnil=1 CGO_ENABLED: 1 CGO_CFLAGS: CGO_CPPFLAGS: CGO_CXXFLAGS: CGO_LDFLAGS: GOARCH: arm64 GOOS: darwin Docker Engine: Engine version: 23.0.5 Engine runtime: runc Cgroup version: 2 Cgroup driver: cgroupfs Storage driver: overlay2 Registry URI: https://index.docker.io/v1/ OS: Docker Desktop OS type: linux OS version: OS arch: aarch64 OS kernel: 5.15.49-linuxkit OS CPU: 4 OS memory: 7951 MB Security options: name=seccomp,profile=builtin name=cgroupns ``` ### Command used with act ```sh Anything. ``` ### Describe issue Most of my problem information is at https://github.com/nektos/act/discussions/2035 But generally, I'm getting this error when running `act` locally: ``` The authenticity of host 'github.com (140.82.112.3)' can't be established. | ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU. | This key is not known by any other names. ``` I used Docker to enter the machine and check the available keys: ``` docker exec -it act-MegaLinter-MegaLinte... /bin/bash ``` When I entered, I noticed there was no user SSH key, so I checked the global one: ``` cat /etc/.ssh/ssh_known_hosts github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H ``` Sure enough, the known hosts are missing a number of GitHub's more secure SSH key fingerprints, as published here: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints It should look like this: ``` $ ssh-keyscan github.com # github.com:22 SSH-2.0-babeld-dd067d10 github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= # github.com:22 SSH-2.0-babeld-dd067d10 # github.com:22 SSH-2.0-babeld-70f1bac9 github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= # github.com:22 SSH-2.0-babeld-dd067d10 github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl # github.com:22 SSH-2.0-babeld-dd067d10 ``` My system is configured to use ED25519, which is significantly more secure and becoming the standard encryption for keys moving forward for most systems. Not including the ED25519 key in the SSH keys for the container is going to cause more and more people to have issues. I'm hoping this can be hotfixed, because I'm completely blocked until this can be fixed. ### Link to GitHub repository _No response_ ### Workflow content ```yml N/A ``` ### Relevant log output ```sh See above. ``` ### Additional information _No response_
kerem 2026-03-01 21:47:52 +03:00
kerem commented 2026-03-01 21:47:53 +03:00
Author
Owner
Copy link

@andrewvaughan commented on GitHub (Oct 9, 2023):

This may be an issue with https://github.com/oxsecurity/megalinter - I've opened the issue above to help dive in. I'm leaving this open in case someone wants to confirm.

<!-- gh-comment-id:1753681184 --> @andrewvaughan commented on GitHub (Oct 9, 2023): This may be an issue with https://github.com/oxsecurity/megalinter - I've opened the issue above to help dive in. I'm leaving this open in case someone wants to confirm.
kerem commented 2026-03-01 21:47:53 +03:00
Author
Owner
Copy link

@andrewvaughan commented on GitHub (Oct 17, 2023):

So I've been running megalinter manually since opening this - no issues with them. That said, I can access GitHub via SSH

My best guess is this all lies in the fact that the Docker container purposely only pulls the RSA fingerprints from GitHub, which is deprectated, per https://github.com/catthehacker/docker_images/issues/115

<!-- gh-comment-id:1766806910 --> @andrewvaughan commented on GitHub (Oct 17, 2023): So I've been running megalinter manually since opening this - no issues with them. That said, I can access GitHub via SSH My best guess is this all lies in the fact that the Docker container purposely only pulls the `RSA` fingerprints from GitHub, which is deprectated, per https://github.com/catthehacker/docker_images/issues/115
kerem commented 2026-03-01 21:47:53 +03:00
Author
Owner
Copy link

@ChristopherHX commented on GitHub (Oct 22, 2023):

My system is configured to use ED25519, which is significantly more secure and becoming the standard encryption for keys moving forward for most systems. Not including the ED25519 key in the SSH keys for the container is going to cause more and more people to have issues.

I'm hoping this can be hotfixed, because I'm completely blocked until this can be fixed.

Since you are the first one reporting this kind of issue and didn't gain any thumbs up, we have a sightly different opinion how important your problem is. I will merge your PR now.

act allows to use custom images and extending it with cached known hosts is only a two line dockerfile, so I'm kinda surprised this would be a blocking issue for you.

<!-- gh-comment-id:1774076779 --> @ChristopherHX commented on GitHub (Oct 22, 2023): > My system is configured to use ED25519, which is significantly more secure and becoming the standard encryption for keys moving forward for most systems. Not including the ED25519 key in the SSH keys for the container is going to cause more and more people to have issues. > > I'm hoping this can be hotfixed, because I'm completely blocked until this can be fixed. Since you are the first one reporting this kind of issue and didn't gain any thumbs up, we have a sightly different opinion how important your problem is. I will merge your PR now. act allows to use custom images and extending it with cached known hosts is only a two line dockerfile, so I'm kinda surprised this would be a blocking issue for you.
kerem commented 2026-03-01 21:47:53 +03:00
Author
Owner
Copy link

@andrewvaughan commented on GitHub (Oct 23, 2023):

Thanks @ChristopherHX - honestly I'm not confident this is even my issue. I've just hit a wall with the tool as to how I can debug it further with the given images.

It's certainly a two-line Dockerfile... followed by a plethora of entrypoint logic, so unfortunately it's not that trivial.

<!-- gh-comment-id:1775328382 --> @andrewvaughan commented on GitHub (Oct 23, 2023): Thanks @ChristopherHX - honestly I'm not confident this is even my issue. I've just hit a wall with the tool as to how I can debug it further with the given images. It's certainly a two-line Dockerfile... followed by a plethora of entrypoint logic, so unfortunately it's not that trivial.
kerem commented 2026-03-01 21:47:53 +03:00
Author
Owner
Copy link

@m477r1x commented on GitHub (Oct 30, 2023):

Thought i'd give the issue its first thumbs up since i just tried to use act for the first time and i have been banging my head against a wall with my action for an entire day, found this tool to try to alleviate some of the time consuming process of testing the action, only to be faced with something ELSE to fix first. I agree that this is trivial but when you have been working all day with a headache like me, something like this cropping up just when you think you've found a tool that might help you, sad times 😭

<!-- gh-comment-id:1785594954 --> @m477r1x commented on GitHub (Oct 30, 2023): Thought i'd give the issue its first thumbs up since i just tried to use act for the first time and i have been banging my head against a wall with my action for an entire day, found this tool to try to alleviate some of the time consuming process of testing the action, only to be faced with something ELSE to fix first. I agree that this is trivial but when you have been working all day with a headache like me, something like this cropping up just when you think you've found a tool that might help you, sad times 😭
kerem commented 2026-03-01 21:47:53 +03:00
Author
Owner
Copy link

@andrewvaughan commented on GitHub (Oct 30, 2023):

Thought i'd give the issue its first thumbs up since i just tried to use act for the first time and i have been banging my head against a wall with my action for an entire day, found this tool to try to alleviate some of the time consuming process of testing the action, only to be faced with something ELSE to fix first. I agree that this is trivial but when you have been working all day with a headache like me, something like this cropping up just when you think you've found a tool that might help you, sad times 😭

Hah - I appreciate the affirmation. I mentioned in the original discussion, this is an issue that will become more prevelant as users start using the new standard GitHub switched to - thumbs up isn't always a great way to determine importance. It's not often people create new keys, but this is an issue that will certainly become more common as people rotate keys and new users come on board, and it completely blocks use of the tool. All it takes is one new member joining a team at a company and the tool is incompatible with GitHub for them.

Unfortunately for me, our Chief Architect raised their eyebrows at the response - we've had to strip act from our entire pipeline, as it was placed on our OSS blacklist. There was quite some surprise at the response and a loss of confidence the utility would continuously be maintained in a way we tied our training/infrastructure standards to. Too much risk of having to rip it out later, apparently.

<!-- gh-comment-id:1785637873 --> @andrewvaughan commented on GitHub (Oct 30, 2023): > Thought i'd give the issue its first thumbs up since i just tried to use act for the first time and i have been banging my head against a wall with my action for an entire day, found this tool to try to alleviate some of the time consuming process of testing the action, only to be faced with something ELSE to fix first. I agree that this is trivial but when you have been working all day with a headache like me, something like this cropping up just when you think you've found a tool that might help you, sad times 😭 Hah - I appreciate the affirmation. I mentioned in the original discussion, this is an issue that will become more prevelant as users start using the new standard GitHub switched to - thumbs up isn't always a great way to determine importance. It's not often people create new keys, but this is an issue that will certainly become more common as people rotate keys and new users come on board, and it completely blocks use of the tool. All it takes is one new member joining a team at a company and the tool is incompatible with GitHub for them. Unfortunately for me, our Chief Architect raised their eyebrows at the response - we've had to strip `act` from our entire pipeline, as it was placed on our OSS blacklist. There was quite some surprise at the response and a loss of confidence the utility would continuously be maintained in a way we tied our training/infrastructure standards to. Too much risk of having to rip it out later, apparently.
kerem commented 2026-03-01 21:47:53 +03:00
Author
Owner
Copy link

@ChristopherHX commented on GitHub (Oct 30, 2023):

a loss of confidence the utility would continuously be maintained in a way we tied our training/infrastructure standards to

I have also a loss of confidence, because PR reviews take too long in nektos/act.

Still wondering why act was hyped, it was even worse in compatibility at the time I found it so I decided to build my own tool to use actions/runner locally instead of act.

The only reason I contributed to act is, it works flawless on non standard OS/arch. In that context is compatibility with GitHub Hosted Runners less important.

<!-- gh-comment-id:1785811674 --> @ChristopherHX commented on GitHub (Oct 30, 2023): > a loss of confidence the utility would continuously be maintained in a way we tied our training/infrastructure standards to I have also a loss of confidence, because PR reviews take too long in nektos/act. Still wondering why act was hyped, it was even worse in compatibility at the time I found it so I decided to build my own tool to use actions/runner locally instead of act. The only reason I contributed to act is, it works flawless on non standard OS/arch. In that context is compatibility with GitHub Hosted Runners less important.
kerem commented 2026-03-01 21:47:54 +03:00
Author
Owner
Copy link

@ChristopherHX commented on GitHub (Oct 30, 2023):

BTW this was my own opinion

Since you are the first one reporting this kind of issue and didn't gain any thumbs up, we have a sightly different opinion how important your problem is.

If you look at https://github.com/actions/runner/issues/2009 you can even loose confidence in GitHub Actions, not even a single response within a year. That's how it works in GitHub.

<!-- gh-comment-id:1785818887 --> @ChristopherHX commented on GitHub (Oct 30, 2023): BTW this was my own opinion > Since you are the first one reporting this kind of issue and didn't gain any thumbs up, we have a sightly different opinion how important your problem is. If you look at https://github.com/actions/runner/issues/2009 you can even loose confidence in GitHub Actions, not even a single response within a year. That's how it works in GitHub.
kerem commented 2026-03-01 21:47:54 +03:00
Author
Owner
Copy link

@VincentTanguayCasgrain commented on GitHub (Dec 19, 2023):

Using webfactory/ssh-agent solved the issue for me.

<!-- gh-comment-id:1863021453 --> @VincentTanguayCasgrain commented on GitHub (Dec 19, 2023): Using [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) solved the issue for me.
kerem commented 2026-03-01 21:47:54 +03:00
Author
Owner
Copy link

@MiltiadisKoutsokeras commented on GitHub (Feb 7, 2024):

With act version 0.2.57, the run stops and hangs in the step of validating GitHub SSH Host keys:

The authenticity of host 'github.com (140.82.121.4)' can't be established.

Getting a shell in the container that runs the Action, showcases that there is not known hosts setup for Github:

System

# ls -laR /etc/ssh/
/etc/ssh/:
total 16
drwxr-xr-x  3 root root 4096 Jan 31 23:24 .
drwxr-xr-x 48 root root 4096 Feb  7 09:05 ..
-rw-r--r--  1 root root 1650 Dec 21 16:09 ssh_config
drwxr-xr-x  2 root root 4096 Dec 21 16:09 ssh_config.d

/etc/ssh/ssh_config.d:
total 8
drwxr-xr-x 2 root root 4096 Dec 21 16:09 .
drwxr-xr-x 3 root root 4096 Jan 31 23:24 ..

User

# ls -la ${HOME}/.ssh
total 20
drwxr-xr-x 2 root root 4096 Feb  7 09:05 .
drwx------ 4 root root 4096 Feb  7 09:05 ..
-rw-r--r-- 1 root root  460 Feb  7 09:05 config
-rw------- 1 root root  132 Feb  7 09:05 key-3a9c3d6391e0f4e1619bdffd1194e33d1b589fd1177bb0b9d26a0dbd3efe38d6
-rw------- 1 root root  609 Feb  7 09:05 key-c15940041a28ed9eef76aa49af2554baa458b51da38c5a23b654226cad012eca

Also testing GitHub SSH connection also stops and asks for host key acceptance:

# ssh -T git@github.com
The authenticity of host 'github.com (140.82.121.3)' can't be established.
ECDSA key fingerprint is SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

I use webfactory/ssh-agent@v0.9.0 and it does not solve the issue as @VincentTanguayCasgrain mentioned.

What our Action does is that is adds SSH private keys of Github repos with webfactory/ssh-agent@v0.9.0 and then use pip install for installing the private Github repo projects via a requirement of type git+ssh://git@github.com/REPO.git@BRANCH#egg=REPO

<!-- gh-comment-id:1931592089 --> @MiltiadisKoutsokeras commented on GitHub (Feb 7, 2024): With act version 0.2.57, the run stops and hangs in the step of validating GitHub SSH Host keys: ```Text The authenticity of host 'github.com (140.82.121.4)' can't be established. ``` Getting a shell in the container that runs the Action, showcases that there is not known hosts setup for Github: **System** ``` # ls -laR /etc/ssh/ /etc/ssh/: total 16 drwxr-xr-x 3 root root 4096 Jan 31 23:24 . drwxr-xr-x 48 root root 4096 Feb 7 09:05 .. -rw-r--r-- 1 root root 1650 Dec 21 16:09 ssh_config drwxr-xr-x 2 root root 4096 Dec 21 16:09 ssh_config.d /etc/ssh/ssh_config.d: total 8 drwxr-xr-x 2 root root 4096 Dec 21 16:09 . drwxr-xr-x 3 root root 4096 Jan 31 23:24 .. ``` **User** ``` # ls -la ${HOME}/.ssh total 20 drwxr-xr-x 2 root root 4096 Feb 7 09:05 . drwx------ 4 root root 4096 Feb 7 09:05 .. -rw-r--r-- 1 root root 460 Feb 7 09:05 config -rw------- 1 root root 132 Feb 7 09:05 key-3a9c3d6391e0f4e1619bdffd1194e33d1b589fd1177bb0b9d26a0dbd3efe38d6 -rw------- 1 root root 609 Feb 7 09:05 key-c15940041a28ed9eef76aa49af2554baa458b51da38c5a23b654226cad012eca ``` Also testing GitHub SSH connection also stops and asks for host key acceptance: ``` # ssh -T git@github.com The authenticity of host 'github.com (140.82.121.3)' can't be established. ECDSA key fingerprint is SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM. Are you sure you want to continue connecting (yes/no/[fingerprint])? ``` I use `webfactory/ssh-agent@v0.9.0` and it does not solve the issue as @VincentTanguayCasgrain mentioned. What our Action does is that is adds SSH private keys of Github repos with `webfactory/ssh-agent@v0.9.0` and then use `pip install` for installing the private Github repo projects via a requirement of type `git+ssh://git@github.com/REPO.git@BRANCH#egg=REPO`
kerem commented 2026-03-01 21:47:54 +03:00
Author
Owner
Copy link

@MiltiadisKoutsokeras commented on GitHub (Feb 7, 2024):

I have updated Node.js to 20.x in our Github Action container and still the known hosts are not setup properly by webfactory/ssh-agent. I have a workaround for people wishing to use Act for testing Github Actions, just add this step before any SSH related step:

# Setup GitHub known hosts
- name: GitHub SSH known hosts
  shell: bash
  run: mkdir -p ~/.ssh && ssh-keyscan github.com > ~/.ssh/known_hosts

UPDATE: It does not work when run by Github instead of Act locally:

Host key verification failed.
  fatal: Could not read from remote repository.

I am starting to get the feeling there are major issues in general between Act, Github runners and Actions integration. The inconsistencies are too many to ignore.

UPDATE #2: It works in Github runner if you add the host keys to system file instead of user known_hosts:

# Setup GitHub known hosts
- name: GitHub SSH known hosts
  shell: bash
  run: |
    ssh-keyscan github.com > /etc/ssh/ssh_known_hosts || exit 1
    exit 0
<!-- gh-comment-id:1931973153 --> @MiltiadisKoutsokeras commented on GitHub (Feb 7, 2024): I have updated Node.js to 20.x in our Github Action container and still the known hosts are not setup properly by `webfactory/ssh-agent`. I have a workaround for people wishing to use Act for testing Github Actions, just add this step before any SSH related step: ```Yaml # Setup GitHub known hosts - name: GitHub SSH known hosts shell: bash run: mkdir -p ~/.ssh && ssh-keyscan github.com > ~/.ssh/known_hosts ``` **UPDATE**: It does not work when run by Github instead of Act locally: ``` Host key verification failed. fatal: Could not read from remote repository. ``` I am starting to get the feeling there are major issues in general between Act, Github runners and Actions integration. The inconsistencies are too many to ignore. **UPDATE #2**: It works in Github runner if you add the host keys to system file instead of user known_hosts: ```Yaml # Setup GitHub known hosts - name: GitHub SSH known hosts shell: bash run: | ssh-keyscan github.com > /etc/ssh/ssh_known_hosts || exit 1 exit 0 ```
kerem commented 2026-03-01 21:47:54 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Aug 6, 2024):

Issue is stale and will be closed in 14 days unless there is new activity

<!-- gh-comment-id:2270130746 --> @github-actions[bot] commented on GitHub (Aug 6, 2024): Issue is stale and will be closed in 14 days unless there is new activity
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/go_modules/github.com/go-git/go-git/v5-5.18.0
dependabot/go_modules/dependencies-08815e2262
mergify/configuration-deprecated-update
dependabot/github_actions/dependencies-a3a104477f
chore/simplify-ci-and-makefile
dependabot/go_modules/golang.org/x/crypto-0.45.0
dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0
panekj/ci/improve-jobs
fix-skip-non-yaml-files-in-dir
normalize-pull-rebuild-flags
fix-no-recurse-by-default
2517-poor-error-for-incomplete-action-step
2472-make-use-new-action-cache-the-new-default-for-downloading-actions
act-tart
act-lxc
act-oidc
act-dind
avoid-slash-in-actor
dependabot/go_modules/github.com/docker/docker-26.1.4incompatible
meta-keep-filetime
local-repository-action-cache
pr-merger
update-docker-deps
follow_local_action_symlink
boltdb-lock-in-handler
use-socket-path
no-pull-no-rebuild
path-issues
fix/env
feat/podman
refactor/testdata
v0.2.87
v0.2.86
v0.2.85
v0.2.84
v0.2.83
v0.2.82
v0.2.81
v0.2.80
v0.2.79
v0.2.78
v0.2.77
v0.2.76
v0.2.75
v0.2.74
v0.2.73
v0.2.72
v0.2.71
v0.2.70
v0.2.69
v0.2.68
v0.2.67
v0.2.66
v0.2.65
v0.2.64
v0.2.63
v0.2.62
v0.2.61
v0.2.60
v0.2.59
v0.2.58
v0.2.57
v0.2.56
v0.2.55
v0.2.54
v0.2.53
v0.2.52
v0.2.51
v0.2.50
v0.2.49
v0.2.48
v0.2.47
v0.2.46
v0.2.45
v0.2.44
v0.2.43
v0.2.42
v0.2.41
v0.2.40
v0.2.39
v0.2.38
v0.2.37
v0.2.36
v0.2.35
v0.2.34
v0.2.33
v0.2.32
v0.2.31
v0.2.30
v0.2.29
v0.2.28
v0.2.27
v0.2.26
v0.2.25
v0.2.24
v0.2.23
v0.2.22
v0.2.21
v0.2.20
v0.2.19
v0.2.18
v0.2.17
v0.2.16
v0.2.15
v0.2.14
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels   
area/action

   
area/cli

   
area/docs

   
area/image

   
area/runner

   
area/workflow

   
backlog

   
confirmed/not-planned

   
kind/bug

   
kind/discussion

   
kind/external

   
kind/feature-request

   
kind/question

   
meta/duplicate

   
meta/invalid

   
meta/need-more-info

   
meta/resolved

   
meta/wontfix

   
meta/workaround

   
needs-work

   
pull-request

Mirrored from GitHub Pull Request

  
review/not-planned

   
size/M

   
size/XL

   
size/XXL

   
stale

   
stale-exempt
No labels
area/action
area/cli
area/docs
area/image
area/runner
area/workflow
backlog
confirmed/not-planned
kind/bug
kind/discussion
kind/external
kind/feature-request
kind/question
meta/duplicate
meta/invalid
meta/need-more-info
meta/resolved
meta/wontfix
meta/workaround
needs-work
pull-request
review/not-planned
size/M
size/XL
size/XXL
stale
stale-exempt
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/act#976
No description provided.