action-tmate icon indicating copy to clipboard operation
action-tmate copied to clipboard
verified publisher icon mxschmitt

[BUG] overwrites the authorized_keys file in self-hosted gh runner

Open yatharthranjan opened this issue 2 years ago • 1 comments

Hi,

We are using a self-hosted GH runner and seems like we lost SSH access to our instance because this action overwrites the authorized_keys files when limit-access-to-actor set to true. I think it is because of this line https://github.com/mxschmitt/action-tmate/blob/a283f9441d2d96eb62436dc46d7014f5d357ac22/src/index.js#L147

This might be fine on GH hosted runners as they are ephermeral, but for self-hosted runner we have a single instance which is re-used across multiple runs. For this we need SSH access to configure and administer the instance and overwriting SSH keys is not useful. For now we have changed to a new user specific for running the GH runner application so it does not interfere with our primary user account.

I think this should be updated to append to the authorized_keys file instead of replacing it. So any existing keys will also work. Thanks.

yatharthranjan avatar Oct 02 '23 16:10 yatharthranjan

happened to us too: after debugging workflow we lost access to the runner via ssh, as keys were overwritten.

🦺

paulz avatar Feb 01 '25 09:02 paulz