8. Configure SSH connection to Mac home server

Open home server SSH

In home server, Go to System Settings - General - Sharing - Remote Login - On

This allows SSH, SFTP connection. Click i button, User and IP is there.

Connect from a development machine in the same network.

ssh [email protected]

ssh [email protected]

Enter password.

Create key files

SSH using password is okay. But in CI/CD Github Actions will connect to home server.

For that situation, I will use key file connection.

In development machine, (which is an SSH client)

cd ~/.ssh
ssh-keygen -t rsa -b 4096 -f ~/.ssh/mac_mini_key

-t is type. -b is byte. -f is file

It asks a passphase, I just entered blank.

Two files are created: mac_mini_key, mac_mini_key.pub

Configure using key in home server

In development machine, copy pub key to home server

scp mac_mini_key.pub [email protected]:~/.ssh/mac_mini_key.pub

Connect to home server using SSH, then insert pub key to authorized_keys file.

ssh [email protected]
cd ~/.ssh/
cat mac_mini_key.pub >> authorized_keys
chmod 600 authorized_keys
cat authorized_keys

"authorized_keys" filename is fixed.

This filename is set by default in "/etc/ssh/sshd-config".

To check,

cat /etc/ssh/sshd_config | grep AuthorizedKeysFile

Key registration in SSH client

In development machine,

vi ~/.ssh/config

Add below.

Host mac-mini
        HostName 172.30.1.91
        User marcel
        PreferredAuthentications publickey
        IdentityFile ~/.ssh/mac_mini_key # SSH client private key path
        AddKeysToAgent yes
        UseKeychain yes

Test the SSH connection

In development machine, connect to SSH using hostname.

ssh mac-mini

Now no need to enter password.

Github Actions secrets will have this private key file.

Configure github secret

Go to Github site - Settings - Secrets and variables - Actions - Repository Secrets

Add below key-value.

MAC_HOST: 12.34.56.78
MAC_USERNAME: marcel
SSH_PORT: 22
SSH_KEY: -----BEGIN OPENSSH...

MAC_HOST should be public ip, not private ip. Github actions server is outside of my home network.

To get SSH_KEY, enter below in home server machine,

cd ~/.ssh
cat mac_mini_key | pbcopy

Then paste it in SSH_KEY secret.

Check the workflow file snippet

Connect to SSH and run a script.

      - name: Connect SSH and run jar
        uses: appleboy/[email protected]
        env:
          FILENAME: ${{ github.sha }}
        with:
          host: ${{ secrets.MAC_HOST }}
          username: ${{ secrets.MAC_USERNAME }}
          key: ${{ secrets.SSH_KEY }}
          port: ${{ secrets.SSH_PORT }}
          envs: FILENAME
          script: |
            export PATH="/usr/local/bin/:$PATH" # aws command path
            pwd 
            aws s3 cp --profile marcel-ourcompanylunch --region ap-northeast-2 s3://${{ vars.S3_BUCKET_NAME }}/$FILENAME.zip ./$FILENAME.zip
            unzip -o -q $FILENAME.zip -d ~/web/ourcompanylunchauth/
            cd ~/web/ourcompanylunchauth
            scripts/startup_in_mac.sh

A SSH connection that an action opens doesn't have PATH that .zshrc or .zprofile configures. So the path is added in script.

The FILENAME env should be registered in envs, otherwise the script will not replace it.

I used appleboy/ssh-action.

There are many ssh actions in a marketplace, but this one has most stars I guess.

Previous7. Create a record in Route 53 Next9. Write startup script

Last updated 1 year ago

hashtagOpen home server SSH

hashtagCreate key files

hashtagConfigure using key in home server

hashtagKey registration in SSH client

hashtagTest the SSH connection

hashtagConfigure github secret

hashtagCheck the workflow file snippet