如何用Github Actions自动将Git Push推送到服务器

用Github Actions自动将Git Push推送到服务器

前言

随手记录一下我的配置流程

添加Git推送专用用户

创建新用户

新增一个Git推送专用用户

1
adduser gitdeployer

输出结果如下,注意其中系统会要求为新用户设置密码,设置密码完毕后会要求设置用户基本信息(姓名,房间号之类的,可以按回车跳过)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
~#sudo adduser gitdeployer
info: Adding user `gitdeployer' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `gitdeployer' (1000) ...
info: Adding new user `gitdeployer' (1000) with group `gitdeployer (1000)' ...
info: Creating home directory `/home/gitdeployer' ...
info: Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for gitdeployer
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y

为新用户配置ssh密钥对

为了安全起见,我们要使用密钥对来登录,以防止受到破解及未知来源的登录
接下来将切换到gitdeployer,并为其创建专用密钥对

1
2
su - gitdeployer
ssh-keygen -t ed25519 -C "git-deployer-key" -f ~/.ssh/git_deployer

输入过后,系统会询问你为密钥对输入密码,这里可以不输入直接按回车跳过

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
~$ ssh-keygen -t ed25519 -C "git-deployer-key" -f ~/.ssh/git_deployer
Generating public/private ed25519 key pair.
Created directory '/home/gitdeployer/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/gitdeployer/.ssh/git_deployer
Your public key has been saved in /home/gitdeployer/.ssh/git_deployer.pub
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx git-deployer-key
The key's randomart image is:
+--[ED25519 256]--+
| |
| |
| |
| |
| |
| |
| |
| |
| |
+----[SHA256]-----+

在完成密钥对的生成后,还要将密钥对写入到authorized_keys中,继续在gitdeployer执行

1
2
cat ~/.ssh/git_deployer.pub >> ~/.ssh/authorized_keys
cat ~/.ssh/git_deployer

在ssh配置中允许新用户登录

使用编辑器编辑ssh配置文档 /etc/ssh/sshd_config ,也可以使用FinalShell等工具的文本编辑器打开并编辑
切换到root用户

1
su - root

系统会要求输入root用户的密码,输入完毕后
备份配置文件,以防万一

1
2
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
vim /etc/ssh/sshd_config

在配置文件中添加以下配置,注意PasswordAuthentication改为no之后,root用户将无法通过密码登录,先配置好root用户的ssh密钥对登录

1
2
3
PubkeyAuthentication yes
PasswordAuthentication no
AllowUsers gitdeployer

如果你修改了ssh监听端口,在sshd_config里修改可能会导致端口修改不生效,可以修改以下文件的ListenStream配置

1
2
3
4
/usr/lib/systemd/system/ssh.socket

[Socket]
ListenStream=端口号

修改完成后,重新载入配置并重启服务

1
2
systemctl daemon-reload
systemctl restart ssh.socket

修改完ssh配置后,先验证一下ssh配置是否有误

1
sshd -t

若配置正确,则不输出,若配置有误,则会输出配置中的错误
重新启动ssh服务以使修改生效

1
systemctl restart ssh

未完待续…


如何用Github Actions自动将Git Push推送到服务器
https://blog.darklinvan.top/posts/b5cfa1556e78/
作者
DarklinVan
发布于
2025年4月12日
许可协议