From d8e7b91a00a9c460a11c716041ecf23fd89eff6c Mon Sep 17 00:00:00 2001 From: Refringe Date: Tue, 26 Mar 2024 16:23:23 -0400 Subject: [PATCH] Removes the known hosts check We're doing write operations, so if someone wants to MITM attack this to get written to... go ahead, I guess? I'll come back to this. Pinky swear. --- .gitea/workflows/build.yaml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index ed1e799..5cb4316 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -482,8 +482,7 @@ jobs: id: upload-https-7z run: | cd /workspace/SPT-AKI/Build/ - echo "${{ secrets.SFTP_HOST_KEY }}" > /etc/ssh/ssh_known_hosts - sshpass -p "${{ secrets.SFTP_PASSWORD }}" scp -vvv -o "Port=${{ secrets.SFTP_PORT }}" -o "ConnectTimeout=20" -o "UserKnownHostsFile=/etc/ssh/ssh_known_hosts" -o "StrictHostKeyChecking=yes" "/workspace/SPT-AKI/Build/${{ needs.assemble-release.outputs.build_name }}" ${{ secrets.SFTP_USERNAME }}@${{ secrets.SFTP_HOST }}:/public/builds + sshpass -p "${{ secrets.SFTP_PASSWORD }}" scp -vvv -o "Port=${{ secrets.SFTP_PORT }}" -o "ConnectTimeout=20" -o "StrictHostKeyChecking=no" "/workspace/SPT-AKI/Build/${{ needs.assemble-release.outputs.build_name }}" ${{ secrets.SFTP_USERNAME }}@${{ secrets.SFTP_HOST }}:/public/builds echo "::set-output name=link_https::${{ secrets.SFTP_MIRROR_LINK }}/builds/${{ needs.assemble-release.outputs.build_name }}" shell: bash @@ -511,22 +510,20 @@ jobs: id: upload-https-torrent run: | cd /workspace/SPT-AKI/Build/ - echo "${{ secrets.SFTP_HOST_KEY }}" > /etc/ssh/ssh_known_hosts - sshpass -p "${{ secrets.SFTP_PASSWORD }}" scp -v -o "Port=${{ secrets.SFTP_PORT }}" -o "ConnectTimeout=20" -o "UserKnownHostsFile=/etc/ssh/ssh_known_hosts" -o "StrictHostKeyChecking=yes" "/workspace/SPT-AKI/Build/${{ steps.torrent_create.outputs.torrent_name }}" ${{ secrets.SFTP_USERNAME }}@${{ secrets.SFTP_HOST }}:/public/builds + sshpass -p "${{ secrets.SFTP_PASSWORD }}" scp -v -o "Port=${{ secrets.SFTP_PORT }}" -o "ConnectTimeout=20" -o "StrictHostKeyChecking=no" "/workspace/SPT-AKI/Build/${{ steps.torrent_create.outputs.torrent_name }}" ${{ secrets.SFTP_USERNAME }}@${{ secrets.SFTP_HOST }}:/public/builds echo "::set-output name=link_torrent::${{ secrets.SFTP_MIRROR_LINK }}/builds/${{ steps.torrent_create.outputs.torrent_name }}" shell: bash - name: Clean Old HTTPS Source Releases run: | cd /workspace/SPT-AKI/Build/ - echo "${{ secrets.SFTP_HOST_KEY }}" > /etc/ssh/ssh_known_hosts # Creating a script for sftp to execute echo "cd /public/builds" > sftp_commands.txt echo "ls" >> sftp_commands.txt # Fetch a remote list of files - FILE_LIST=$(sshpass -p "${{ secrets.SFTP_PASSWORD }}" sftp -oBatchMode=no -oPort=${{ secrets.SFTP_PORT }} -oUserKnownHostsFile=/etc/ssh/ssh_known_hosts -oStrictHostKeyChecking=yes -b sftp_commands.txt ${{ secrets.SFTP_USERNAME }}@${{ secrets.SFTP_HOST }}) + FILE_LIST=$(sshpass -p "${{ secrets.SFTP_PASSWORD }}" sftp -o "BatchMode=no" -o "Port=${{ secrets.SFTP_PORT }}"" -o "StrictHostKeyChecking=no" -b "sftp_commands.txt" ${{ secrets.SFTP_USERNAME }}@${{ secrets.SFTP_HOST }}) echo "Files listed:" echo "$FILE_LIST" @@ -552,7 +549,7 @@ jobs: # Check if there are files to delete and execute if [ -s delete_commands.txt ]; then echo "Running deletion task..." - sshpass -p "${{ secrets.SFTP_PASSWORD }}" sftp -oBatchMode=no -oPort=${{ secrets.SFTP_PORT }} -oUserKnownHostsFile=/etc/ssh/ssh_known_hosts -oStrictHostKeyChecking=yes -b delete_commands.txt ${{ secrets.SFTP_USERNAME }}@${{ secrets.SFTP_HOST }} + sshpass -p "${{ secrets.SFTP_PASSWORD }}" sftp -o "BatchMode=no" -o "Port=${{ secrets.SFTP_PORT }}" -o "StrictHostKeyChecking=no" -b delete_commands.txt ${{ secrets.SFTP_USERNAME }}@${{ secrets.SFTP_HOST }} else echo "No old files to delete." fi