Skip to content

Commit c2c0edb

Browse files
authored
docs: update version badge and clarify testing section headings (#29)
1 parent b0d8082 commit c2c0edb

2 files changed

Lines changed: 11 additions & 8 deletions

File tree

README.md

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
[![CI Status](https://img.shields.io/github/actions/workflow/status/locus313/ssh-key-sync/ci.yml?style=flat-square&label=CI)](https://github.com/locus313/ssh-key-sync/actions)
44
[![License](https://img.shields.io/badge/License-MIT-blue?style=flat-square)](LICENSE)
55
[![Bash](https://img.shields.io/badge/Bash-5.0+-green?style=flat-square&logo=gnu-bash)](https://www.gnu.org/software/bash/)
6-
[![Version](https://img.shields.io/badge/Version-0.1.8-orange?style=flat-square)](https://github.com/locus313/ssh-key-sync/releases)
6+
[![Version](https://img.shields.io/github/v/release/locus313/ssh-key-sync?style=flat-square&label=Version&color=orange)](https://github.com/locus313/ssh-key-sync/releases)
77

88
*Synchronize SSH authorized_keys for multiple users from various sources*
99

@@ -244,6 +244,9 @@ For accessing private repositories, you'll need a GitHub Personal Access Token:
244244
245245
## Automation
246246

247+
> [!NOTE]
248+
> The script loads `users.conf` from the same directory as `sync-ssh-keys.sh`. When deploying to a path like `/opt/ssh-key-sync/`, ensure `users.conf` is placed in that same directory.
249+
247250
### Production Deployment with Cron
248251

249252
Set up automated synchronization for production environments:
@@ -282,8 +285,8 @@ Create a robust systemd service with automatic restart and monitoring:
282285
# Security settings
283286
NoNewPrivileges=true
284287
ProtectSystem=strict
285-
ProtectHome=true
286-
ReadWritePaths=/home /root
288+
ProtectHome=true # Makes home directories inaccessible by default
289+
ReadWritePaths=/home /root # Re-opens /home and /root so the script can write authorized_keys
287290

288291
[Install]
289292
WantedBy=multi-user.target
@@ -340,9 +343,12 @@ jobs:
340343

341344
- name: Sync SSH keys on target servers
342345
run: |
346+
# Add the server's host key to known_hosts before connecting
347+
mkdir -p ~/.ssh
348+
ssh-keyscan -H "${{ secrets.SERVER_HOST }}" >> ~/.ssh/known_hosts
343349
# Download and run ssh-key-sync
344350
curl -fsSL https://raw.githubusercontent.com/locus313/ssh-key-sync/main/sync-ssh-keys.sh | \
345-
ssh -o StrictHostKeyChecking=no deploy@${{ secrets.SERVER_HOST }} 'cat > sync-ssh-keys.sh && chmod +x sync-ssh-keys.sh && sudo ./sync-ssh-keys.sh'
351+
ssh deploy@${{ secrets.SERVER_HOST }} 'cat > sync-ssh-keys.sh && chmod +x sync-ssh-keys.sh && sudo ./sync-ssh-keys.sh'
346352
env:
347353
GITHUB_TOKEN: ${{ secrets.SSH_SYNC_TOKEN }}
348354
```
@@ -544,9 +550,6 @@ bash -n sync-ssh-keys.sh
544550

545551
# With ShellCheck (recommended)
546552
shellcheck sync-ssh-keys.sh
547-
548-
# Test with dry-run mode (if implemented)
549-
./sync-ssh-keys.sh --dry-run
550553
```
551554

552555
### Test Coverage

TESTING.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ Various test configurations are used:
119119
- Empty user arrays
120120
- Error-inducing configurations
121121

122-
### Mock Endpoints
122+
### External Test Endpoints
123123
Tests use real but safe endpoints:
124124
- `https://github.com/octocat.keys` - GitHub's mascot user
125125
- GitHub API endpoints for public repositories

0 commit comments

Comments
 (0)