Please provide `ssh_known_hosts` for GH services in Actions

GitHub Actions
#1

Dear GitHub,

would it be possible to set up Action worker nodes in a way that we already have the SSH Host Keys for GitHub services (repos, Gists) etc. available in either /etc/ssh/ssh_known_hosts or ~/.ssh/known_hosts

That would make workflows somewhat more straightforward when we e. g. need to fetch dependencies.

Also, it would be more secure than having to run ssh-keyscan and just accept whatever keys we find. You should be in the best position to always provide the correct and up-to-date keys :wink:.

Thanks!

2 Likes
#2

Neat idea.  I can see how this could help.  We’ll take a look.

2 Likes
#3

Did this end up happening? I’m still finding that I have to run the following command from inside my workflows to use Swift Package Manager:

for ip in $(dig @8.8.8.8 github.com +short); do ssh-keyscan github.com,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts
1 Like