Home > Net >  Limit AllowUsers to specific IPs from Github actions
Limit AllowUsers to specific IPs from Github actions

Time:03-24

As a security measure, I have on my server:

AllowUsers username@myip

On

/etc/ssh/sshd_config

So only me, or someone with my ip, can login.

Now I need to use an action on github to start making an automated deploy (rsync).

I can just comment that line and it works fine, but I believe a good practice would be to set something like this:

AllowUsers username@myip username@githubip

Since they probably have a ton of ips, I don't know exactly what to do.

Any help would be appreciated.

CodePudding user response:

According to the documentation you should be able to use

AllowUsers username@myip [email protected]

which will, of course, introduce a DNS lookup penalty. But that may be preferable to adding a plethora of IP addresses. Alternatively you could maken entries for each IP in /etc/hosts as you go when you encounter problems.

CodePudding user response:

GitHub publishes the IP addresses it uses for various systems in its API. You can therefore download the entries for Actions and use them if you like.

However, I should point out that this list is subject to change at any time, and it also contains over 2100 entries, so adding all of those in your config file may not be the best choice, since it might impact performance. If you do decide to do this, scripting it would be prudent.

My recommendation would be to adopt a different approach for login that isn't IP based.

  • Related