docs: remove FAQ section

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

.github/FUNDING.yml

@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: ssh-action
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: ['https://www.paypal.me/appleboy46']

.github/workflows/ci.yml

@@ -1,13 +1,21 @@
 name: remote ssh command
 on: [push]
+
+env:
+  FOO: "BAR"
+  BAR: "FOO"
+
 jobs:
 
   build:
     name: Build
     runs-on: ubuntu-latest
     steps:
+    - name: checkout
+      uses: actions/checkout@v1
+
     - name: executing remote ssh commands using password
-      uses: appleboy/ssh-action@master
+      uses: ./
       with:
         host: ${{ secrets.HOST }}
         username: ${{ secrets.USERNAME }}
@@ -16,7 +24,7 @@ jobs:
         script: whoami
 
     - name: executing remote ssh commands using ssh key
-      uses: appleboy/ssh-action@master
+      uses: ./
       with:
         host: ${{ secrets.HOST }}
         username: ${{ secrets.USERNAME }}
@@ -25,7 +33,7 @@ jobs:
         script: whoami
 
     - name: multiple command
-      uses: appleboy/ssh-action@master
+      uses: ./
       with:
         host: ${{ secrets.HOST }}
         username: ${{ secrets.USERNAME }}
@@ -36,17 +44,20 @@ jobs:
           ls -al
 
     # - name: stop script if command error
-    #   uses: appleboy/ssh-action@master
+    #   if: always()
+    #   uses: ./
     #   with:
     #     host: ${{ secrets.HOST }}
     #     username: ${{ secrets.USERNAME }}
     #     key: ${{ secrets.KEY }}
     #     port: ${{ secrets.PORT }}
     #     script_stop: true
-    #     script: "mkdir abc/def,ls -al"
+    #     script: |
+    #       mkdir abc/def
+    #       ls -al
 
     - name: pass environment
-      uses: appleboy/ssh-action@master
+      uses: ./
       env:
         FOO: "BAR"
       with:
@@ -56,5 +67,85 @@ jobs:
         port: ${{ secrets.PORT }}
         envs: FOO
         script: |
-          echo "I am $FOO"
-          echo "I am $BAR"
+          echo "I am $FOO, thanks"
+          echo "I am $BAR, thanks"
+
+    - name: pass multiple environment
+      uses: ./
+      env:
+        FOO: "BAR"
+        BAR: "FOO"
+        SHA: ${{ github.sha }}
+        PORT: ${{ secrets.PORT }}
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.KEY }}
+        port: ${{ secrets.PORT }}
+        envs: FOO,BAR,SHA,PORT
+        script: |
+          echo "I am $FOO, thanks"
+          echo "I am $BAR, thanks"
+          echo "sha: $SHA"
+          echo "port: $PORT"
+
+    - name: ssh key passphrase
+      uses: ./
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.SSH2 }}
+        port: ${{ secrets.PORT }}
+        passphrase: ${{ secrets.PASSPHRASE }}
+        script: |
+          whoami
+          ls -al
+
+    - name: use insecure cipher
+      uses: ./
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        password: ${{ secrets.PASSWORD }}
+        port: ${{ secrets.PORT }}
+        script: |
+            ls \
+              -lah
+        use_insecure_cipher: true
+
+    # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271
+    - name: Multiline SSH commands interpreted as single lines
+      uses: ./
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        password: ${{ secrets.PASSWORD }}
+        port: ${{ secrets.PORT }}
+        script_stop: true
+        script: |
+            ls \
+              -lah
+        use_insecure_cipher: true
+
+    # https://github.com/appleboy/ssh-action/issues/85
+    - name: Deployment to multiple hosts with different ports
+      uses: ./
+      with:
+        host: "${{ secrets.HOST }}:${{ secrets.PORT }}"
+        username: ${{ secrets.USERNAME }}
+        password: ${{ secrets.PASSWORD }}
+        port: 1024
+        script_stop: true
+        script: |
+            ls \
+              -lah
+        use_insecure_cipher: true
+
+    - name: SSH ED25519 Private Key
+      uses: ./
+      with:
+        host: ${{ secrets.TUNNEL_HOST }}
+        username: ${{ secrets.TUNNEL_USERNAME }}
+        key: ${{ secrets.ID_ED25519 }}
+        port: ${{ secrets.TUNNEL_PORT }}
+        script: whoami

Dockerfile

@@ -1,5 +1,5 @@
-FROM appleboy/drone-ssh:1.5.2-linux-amd64
+FROM appleboy/drone-ssh:1.6.4-linux-amd64
 
-ADD entrypoint.sh /entrypoint.sh
+COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -6,6 +6,44 @@
 
 [![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions)
 
+**Important**: Only support **Linux** [docker](https://www.docker.com/) container.
+
+## Input variables
+
+See [action.yml](./action.yml) for more detailed information.
+
+* `host` - ssh host
+* `port` - ssh port, default is `22`
+* `username` - ssh username
+* `password` - ssh password
+* `passphrase` - the passphrase is usually to encrypt the private key
+* `sync` - synchronous execution if multiple hosts, default is false
+* `timeout` - timeout for ssh to remote host, default is `30s`
+* `command_timeout` - timeout for ssh command, default is `10m`
+* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa
+* `key_path` - path of ssh private key
+* `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification
+* `script` - execute commands
+* `script_stop` - stop script after first failure
+* `envs` - pass environment variable to shell script
+* `debug` - enable debug mode
+* `use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56))
+* `cipher` - the allowed cipher algorithms. If unspecified then a sensible
+
+SSH Proxy Setting:
+
+* `proxy_host` - proxy host
+* `proxy_port` - proxy port, default is `22`
+* `proxy_username` - proxy username
+* `proxy_password` - proxy password
+* `proxy_passphrase` - the passphrase is usually to encrypt the private key
+* `proxy_timeout` - timeout for ssh to proxy host, default is `30s`
+* `proxy_key` - content of ssh proxy private key.
+* `proxy_key_path` - path of ssh proxy private key
+* `proxy_fingerprint` - fingerprint SHA256 of the proxy host public key, default is to skip verification
+* `proxy_use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56))
+* `proxy_cipher` - the allowed cipher algorithms. If unspecified then a sensible
+
 ## Usage
 
 Executing remote ssh commands.
@@ -36,31 +74,119 @@ output:
 whoami
 ======END======
 out: ***
-==========================================
-Successfully executed commands to all host.
-==========================================
+==============================================
+✅ Successfully executed commands to all host.
+==============================================
 ```
 
-## Input variables
+### Setting up a SSH Key
 
-see the [action.yml](./action.yml) file for more detail imformation.
+Make sure to follow the below steps while creating SSH Keys and using them.
+The best practice is create the SSH Keys on local machine not remote machine.
+Login with username specified in Github Secrets. Generate a RSA Key-Pair:
 
-* host - scp remote host
-* port - scp remote port, default is `22`
-* username - scp username
-* password - scp password
-* timeout - timeout for ssh to remote host, default is `30s`
-* command_timeout - timeout for scp command, default is `1m`
-* key - content of ssh private key. ex raw content of ~/.ssh/id_rsa
-* key_path - path of ssh private key
-* script - execute commands
-* script_stop - stop script after first failure
-* envs - pass environment variable to shell script
-* debug - enable debug mode
+<details>
+<summary>rsa</summary>
+<p>
+
+```bash
+ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
+```
+
+</p>
+</details>
+
+<details>
+<summary>ed25519</summary>
+<p>
+
+```bash
+ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
+```
+
+</p>
+</details>
+
+Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/).
+
+<details>
+<summary>rsa</summary>
+<p>
+
+```bash
+cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
+```
+
+</p>
+</details>
+
+<details>
+<summary>ed25519</summary>
+<p>
+
+```bash
+cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'
+```
+
+</p>
+</details>
+
+Copy Private Key content and paste in Github Secrets.
+
+<details>
+<summary>rsa</summary>
+<p>
+
+```bash
+clip < ~/.ssh/id_rsa
+```
+
+</p>
+</details>
+
+<details>
+<summary>ed25519</summary>
+<p>
+
+```bash
+clip < ~/.ssh/id_ed25519
+```
+
+</p>
+</details>
+
+See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html).
+
+**A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes:
+
+* Put the public key in `.ssh/authorized_keys2`
+* Change the permissions of `.ssh` to 700
+* Change the permissions of `.ssh/authorized_keys2` to 640
+
+### If you are using OpenSSH
+
+If you are currently using OpenSSH and are getting the following error:
+
+```bash
+ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
+```
+
+Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under 
+`/etc/ssh/sshd_config.d/`):
+
+```bash
+CASignatureAlgorithms +ssh-rsa
+```
+
+Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed:
+
+```bash
+ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
+```
 
 ### Example
 
-Executing remote ssh commands using password.
+#### Executing remote ssh commands using password
 
 ```yaml
 - name: executing remote ssh commands using password
@@ -73,7 +199,7 @@ Executing remote ssh commands using password.
     script: whoami
 ```
 
-Using private key
+#### Using private key
 
 ```yaml
 - name: executing remote ssh commands using ssh key
@@ -86,7 +212,7 @@ Using private key
     script: whoami
 ```
 
-Multiple Commands
+#### Multiple Commands
 
 ```yaml
 - name: multiple command
@@ -103,9 +229,10 @@ Multiple Commands
 
 ![result](./images/output-result.png)
 
-Multiple Hosts
+#### Multiple Hosts
 
 ```diff
+  - name: multiple host
     uses: appleboy/ssh-action@master
     with:
 -     host: "foo.com"
@@ -118,26 +245,65 @@ Multiple Hosts
         ls -al
 ```
 
-Pass environment variable to shell script
+#### Multiple hosts with different port
 
 ```diff
+  - name: multiple host
+    uses: appleboy/ssh-action@master
+    with:
+-     host: "foo.com"
++     host: "foo.com:1234,bar.com:5678"
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      script: |
+        whoami
+        ls -al
+```
+
+#### Synchronous execution on multiple hosts
+
+```diff
+  - name: multiple host
+    uses: appleboy/ssh-action@master
+    with:
+      host: "foo.com,bar.com"
++     sync: true
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
+      script: |
+        whoami
+        ls -al
+```
+
+#### Pass environment variable to shell script
+
+```diff
+  - name: pass environment
     uses: appleboy/ssh-action@master
 +   env:
 +     FOO: "BAR"
++     BAR: "FOO"
++     SHA: ${{ github.sha }}
     with:
       host: ${{ secrets.HOST }}
       username: ${{ secrets.USERNAME }}
       key: ${{ secrets.KEY }}
       port: ${{ secrets.PORT }}
-+   envs: FOO
++     envs: FOO,BAR,SHA
       script: |
         echo "I am $FOO"
         echo "I am $BAR"
+        echo "sha: $SHA"
 ```
 
-Stop script after first failure. ex: missing `abc` folder
+_Inside `env` object, you need to pass every environment variable as a string, passing `Integer` data type or any other may output unexpected results._
 
-```yaml
+#### Stop script after first failure
+
+> ex: missing `abc` folder
+
+```diff
   - name: stop script if command error
     uses: appleboy/ssh-action@master
     with:
@@ -145,6 +311,118 @@ Stop script after first failure. ex: missing `abc` folder
       username: ${{ secrets.USERNAME }}
       key: ${{ secrets.KEY }}
       port: ${{ secrets.PORT }}
-    script_stop: true
-    script: "mkdir abc/def,ls -al"
++     script_stop: true
+      script: |
+        mkdir abc/def
+        ls -al
 ```
+
+output:
+
+```sh
+======CMD======
+mkdir abc/def
+ls -al
+
+======END======
+2019/11/21 01:16:21 Process exited with status 1
+err: mkdir: cannot create directory ‘abc/def’: No such file or directory
+##[error]Docker run failed with exit code 1
+```
+
+#### How to connect remote server using `ProxyCommand`?
+
+```bash
++--------+       +----------+      +-----------+
+| Laptop | <-->  | Jumphost | <--> | FooServer |
++--------+       +----------+      +-----------+
+```
+
+in your `~/.ssh/config`, you will see the following.
+
+```bash
+Host Jumphost
+  HostName Jumphost
+  User ubuntu
+  Port 22
+  IdentityFile ~/.ssh/keys/jump_host.pem
+
+Host FooServer
+  HostName FooServer
+  User ubuntu
+  Port 22
+  ProxyCommand ssh -q -W %h:%p Jumphost
+```
+
+#### How to convert to YAML format of GitHubActions
+
+```diff
+  - name: ssh proxy command
+    uses: appleboy/ssh-action@master
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     proxy_host: ${{ secrets.PROXY_HOST }}
++     proxy_username: ${{ secrets.PROXY_USERNAME }}
++     proxy_key: ${{ secrets.PROXY_KEY }}
++     proxy_port: ${{ secrets.PROXY_PORT }}
+      script: |
+        mkdir abc/def
+        ls -al
+```
+
+#### Protecting a Private Key
+
+The purpose of the passphrase is usually to encrypt the private key.
+This makes the key file by itself useless to an attacker.
+It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems.
+
+```diff
+  - name: ssh key passphrase
+    uses: appleboy/ssh-action@master
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     passphrase: ${{ secrets.PASSPHRASE }}
+      script: |
+        whoami
+        ls -al
+```
+
+#### Using host fingerprint verification
+
+Setting up SSH host fingerprint verification can help to prevent Person-in-the-Middle attacks. Before setting this up, run the command below to get your SSH host fingerprint. Remember to replace `ed25519` with your appropriate key type (`rsa`, `dsa`, etc.) that your server is using and `example.com` with your host.
+
+In modern OpenSSH releases, the _default_ key types to be fetched are `rsa` (since version 5.1), `ecdsa` (since version 6.0), and `ed25519` (since version 6.7).
+
+```sh
+ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2
+```
+
+Now you can adjust you config:
+
+```diff
+  - name: ssh key passphrase
+    uses: appleboy/ssh-action@master
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     fingerprint: ${{ secrets.FINGERPRINT }}
+      script: |
+        whoami
+        ls -al
+```
+
+## Contributing
+
+We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome!
+
+## License
+
+The scripts and documentation in this project are released under the [MIT License](LICENSE)

action.yml

@@ -3,24 +3,61 @@ description: 'Executing remote ssh commands'
 author: 'Bo-Yi Wu'
 inputs:
   host:
-    description: 'ssh remote host'
+    description: 'ssh host'
   port:
-    description: 'ssh remote port'
+    description: 'ssh port'
     default: 22
+  passphrase:
+    description: 'ssh key passphrase'
   username:
     description: 'ssh username'
   password:
     description: 'ssh password'
+  sync:
+    description: 'synchronous execution if multiple hosts'
+    default: false
+  use_insecure_cipher:
+    description: 'include more ciphers with use_insecure_cipher'
+    default: false
+  cipher:
+    description: 'the allowed cipher algorithms. If unspecified then a sensible'
   timeout:
-    description: 'timeout for ssh to remote host'
+    description: 'timeout for ssh to host'
     default: "30s"
   command_timeout:
     description: 'timeout for ssh command'
-    default: "1m"
+    default: "10m"
   key:
     description: 'content of ssh private key. ex raw content of ~/.ssh/id_rsa'
   key_path:
     description: 'path of ssh private key'
+  fingerprint:
+    description: 'sha256 fingerprint of the host public key'
+  proxy_host:
+    description: 'ssh proxy host'
+  proxy_port:
+    description: 'ssh proxy port'
+    default: 22
+  proxy_username:
+    description: 'ssh proxy username'
+  proxy_password:
+    description: 'ssh proxy password'
+  proxy_passphrase:
+    description: 'ssh proxy key passphrase'
+  proxy_timeout:
+    description: 'timeout for ssh to proxy host'
+    default: "30s"
+  proxy_key:
+    description: 'content of ssh proxy private key. ex raw content of ~/.ssh/id_rsa'
+  proxy_key_path:
+    description: 'path of ssh proxy private key'
+  proxy_fingerprint:
+    description: 'sha256 fingerprint of the proxy host public key'
+  proxy_cipher:
+    description: 'the allowed cipher algorithms. If unspecified then a sensible'
+  proxy_use_insecure_cipher:
+    description: 'include more ciphers with use_insecure_cipher'
+    default: false
   script:
     description: 'execute commands'
   script_stop: