SSH tunnel over ngrok
ActionsA GitHub Action for connecting to the runner via SSH.
Debugging GitHub Actions remotely can be difficult. Maybe you want to connect to the runner environment live to troubleshoot.
- An ngrok account (free)
- An SSH public key (e.g.
/.ssh/id_rsa.pub)
This Action was only tested on the Ubuntu 24.04 runner, but it may work on other Linux based runners.
Create a YAML workflow (e.g. ssh.yml) in .github/workflows following this example:
name: SSH Tunnel
on: push
jobs:
deploy:
name: Set up tunnel
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup tunnel
uses: joshlarsen/ssh-tunnel-action@main
with:
timeout: 1h
ssh_public_key: ${{ secrets.SSH_PUBLIC_KEY }}
ngrok_token: ${{ secrets.NGROK_TOKEN }}Create two repository secrets (Settings -> Secrets -> New repository secret)
SSH_PUBLIC_KEY: your local SSH public key (e.g. ~/.ssh/id_rsa.pub)
NGROK_TOKEN: your ngrok auth token
On the next push, GitHub Actions will download the ngrok binary and set up a TLS tunnel on a random port. Check the ngrok dashboard to get the hostname and port the tunnel is listening on.
The runner username is runner. Connect to the ngrok tunnel port using SSH:
$ ssh -p 11785 runner@0.tcp.ngrok.io
The authenticity of host '[0.tcp.ngrok.io]:11785 ([3.134.39.220]:11785)' can't be established.
ED25519 key fingerprint is SHA256:uTYNJTVtTZ4ua3u0fxnV2qMngjurJp5oao6BcgOZfEE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[0.tcp.ngrok.io]:11785,[3.134.39.220]:11785' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-1017-azure x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
System information as of Sun Dec 1 21:56:33 UTC 2024
System load: 2.09 Processes: 173
Usage of /: 61.9% of 71.61GB Users logged in: 0
Memory usage: 2% IPv4 address for eth0: 10.3.0.13
Swap usage: 0%
Expanded Security Maintenance for Applications is not enabled.
40 updates can be applied immediately.
24 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
1 additional security update can be applied with ESM Apps.
Learn more about enabling ESM Apps service at https://ubuntu.com/esm
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
runner@fv-az214-809:~$
runner@fv-az214-809:~$ curl ipinfo.io
{
"ip": "52.173.149.212",
"city": "Des Moines",
"region": "Iowa",
"country": "US",
"loc": "41.5878,-93.6274",
"org": "AS8075 Microsoft Corporation",
"postal": "50392",
"timezone": "America/Chicago",
"readme": "https://ipinfo.io/missingauth"
}
runner@fv-az214-809:~$
SSH tunnel over ngrok is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
SSH tunnel over ngrok is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.