As a security measure, I have on my server:
AllowUsers username@myip
On
/etc/ssh/sshd_config
So only me, or someone with my ip, can login.
Now I need to use an action on github to start making an automated deploy (rsync).
I can just comment that line and it works fine, but I believe a good practice would be to set something like this:
AllowUsers username@myip username@githubip
Since they probably have a ton of ips, I don’t know exactly what to do.
Any help would be appreciated.
Advertisement
Answer
GitHub publishes the IP addresses it uses for various systems in its API. You can therefore download the entries for Actions and use them if you like.
However, I should point out that this list is subject to change at any time, and it also contains over 2100 entries, so adding all of those in your config file may not be the best choice, since it might impact performance. If you do decide to do this, scripting it would be prudent.
My recommendation would be to adopt a different approach for login that isn’t IP based.