chore(ci): update GitHub Actions dependencies to latest versions

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.github/FUNDING.yml

@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: ssh-action
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: ['https://www.paypal.me/appleboy46']

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,41 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ""
+labels: bug
+assignees: appleboy
+---
+
+## Describe the bug
+
+A clear and concise description of what the bug is. If applicable, add screenshots to help explain your problem.
+
+## Yaml Config
+
+Please post your Yaml configuration file along with the output results.
+
+```yaml
+name: remote ssh command
+on: [push]
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: executing remote ssh commands using password
+        uses: appleboy/ssh-action@v1.2.2
+        with:
+          host: ${{ secrets.HOST }}
+          username: ${{ secrets.USERNAME }}
+          password: ${{ secrets.PASSWORD }}
+          port: ${{ secrets.PORT }}
+          script: whoami
+```
+
+## Related environment
+
+Please provide the following information:
+
+1. Your hosting provider information, such as DigitalOcean, Linode, AWS, or GCP.
+2. The version information of your host's SSH service.
+3. The information from your host's SSH configuration file.

.github/main.workflow

@@ -1,45 +0,0 @@
-workflow "Remote ssh commands" {
-  on = "push"
-  resolves = [
-    "Executing remote ssh commands",
-    "Support Private Key",
-    "Multiple Commands",
-  ]
-}
-
-action "Executing remote ssh commands" {
-  uses = "appleboy/ssh-action@master"
-  secrets = [
-    "HOST",
-    "PASSWORD",
-  ]
-  args = [
-    "--user", "actions",
-    "--script", "whoami",
-  ]
-}
-
-action "Support Private Key" {
-  uses = "appleboy/ssh-action@master"
-  secrets = [
-    "HOST",
-    "KEY",
-  ]
-  args = [
-    "--user", "actions",
-    "--script", "'ls -al'",
-  ]
-}
-
-action "Multiple Commands" {
-  uses = "appleboy/ssh-action@master"
-  secrets = [
-    "HOST",
-    "KEY",
-  ]
-  args = [
-    "--user", "actions",
-    "--script", "'whoami'",
-    "--script", "'ls -al'",
-  ]
-}

.github/workflows/goreleaser.yml

@@ -0,0 +1,33 @@
+name: Goreleaser
+
+on:
+  push:
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Setup go
+        uses: actions/setup-go@v6
+        with:
+          go-version: "^1"
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v7
+        with:
+          # either 'goreleaser' (default) or 'goreleaser-pro'
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/main.yml

@@ -0,0 +1,835 @@
+name: testing main branch
+
+on: [push]
+
+jobs:
+  default-user-name-password:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server \
+          --hostname=openssh-server \
+          -p 2222:2222 \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server sh -c "hostname -i" > ip.txt
+          echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
+          cat ip.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip.txt
+          echo "======================================"
+          sleep 2
+
+      - name: ssh by username and password
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: password
+          port: 2222
+          script: |
+            #!/usr/bin/env bash
+            set -e
+            whoami
+
+      - name: ssh commands from a file
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: password
+          port: 2222
+          script_path: testdata/test.sh
+
+      # https://github.com/appleboy/ssh-action/issues/377
+      - name: multiple commands
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: password
+          port: 2222
+          script: |
+            mkdir -p /tmp/test
+            echo "hello world" > /tmp/test/hello.txt
+            cd /tmp/test
+            ls -al
+            cat /tmp/test/hello.txt
+
+  check-ssh-key:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: add public key to env
+        run: |
+          echo "PUBLIC_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_rsa.pub >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= public key ========="
+          cat testdata/.ssh/id_rsa.pub
+          echo "============================"
+          echo "PRIVATE_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_rsa >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= private key ========="
+          cat testdata/.ssh/id_rsa
+          echo "============================"
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server \
+          --hostname=openssh-server \
+          -p 2222:2222 \
+          -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server sh -c "hostname -i" > ip.txt
+          echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
+          cat ip.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip.txt
+          echo "======================================"
+          sleep 2
+
+      - name: ssh by private key
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          script: whoami
+
+      - name: wrong password but correct key
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: "abcdef"
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          script: whoami
+
+      - name: correct password but wrong key
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: password
+          key: password
+          port: 2222
+          script: whoami
+
+  support-key-passphrase:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: add public key to env
+        run: |
+          echo "PUBLIC_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= public key ========="
+          cat testdata/.ssh/id_passphrase.pub
+          echo "============================"
+          echo "PRIVATE_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_passphrase >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= private key ========="
+          cat testdata/.ssh/id_passphrase
+          echo "============================"
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server \
+          --hostname=openssh-server \
+          -p 2222:2222 \
+          -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server sh -c "hostname -i" > ip.txt
+          echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
+          cat ip.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip.txt
+          echo "======================================"
+          sleep 2
+
+      - name: ssh key passphrase
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          passphrase: 1234
+          script: |
+            whoami
+            ls -al
+
+      - name: missing ssh key passphrase
+        uses: ./
+        continue-on-error: true
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          script: |
+            whoami
+            ls -al
+
+      # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271
+      - name: Multiline SSH commands interpreted as single lines
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          passphrase: 1234
+          script: |
+            ls \
+              -lah
+          use_insecure_cipher: true
+
+  multiple-server:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: add public key to env
+        run: |
+          echo "PUBLIC_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= public key ========="
+          cat testdata/.ssh/id_passphrase.pub
+          echo "============================"
+          echo "PRIVATE_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_passphrase >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= private key ========="
+          cat testdata/.ssh/id_passphrase
+          echo "============================"
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server-01 \
+          --hostname=openssh-server-01 \
+          -p 2222:2222 \
+          -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server-01 sh -c "hostname -i" > ip01.txt
+          echo "REMOTE_HOST_01<<EOF" >> $GITHUB_ENV
+          cat ip01.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip01.txt
+          echo "======================================"
+
+          docker run -d \
+          --name=openssh-server-02 \
+          --hostname=openssh-server-02 \
+          -p 2223:2222 \
+          -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server-02 sh -c "hostname -i" > ip02.txt
+          echo "REMOTE_HOST_02<<EOF" >> $GITHUB_ENV
+          cat ip02.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip02.txt
+          echo "======================================"
+
+          sleep 2
+
+      # https://github.com/appleboy/ssh-action/issues/85
+      - name: Deployment to multiple hosts with different ports
+        uses: ./
+        with:
+          host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222"
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          passphrase: 1234
+          script: |
+            whoami
+
+  support-ed25519-key:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: add public key to env
+        run: |
+          echo "PUBLIC_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= public key ========="
+          cat testdata/.ssh/id_ed25519.pub
+          echo "============================"
+          echo "PRIVATE_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= private key ========="
+          cat testdata/.ssh/id_ed25519
+          echo "============================"
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server \
+          --hostname=openssh-server \
+          -p 2222:2222 \
+          -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server sh -c "hostname -i" > ip.txt
+          echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
+          cat ip.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip.txt
+          echo "======================================"
+          sleep 2
+
+      - name: testing id_ed25519 key
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          script: |
+            whoami
+            ls -al
+
+  testing-with-env:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: add public key to env
+        run: |
+          echo "PUBLIC_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= public key ========="
+          cat testdata/.ssh/id_ed25519.pub
+          echo "============================"
+          echo "PRIVATE_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= private key ========="
+          cat testdata/.ssh/id_ed25519
+          echo "============================"
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server \
+          --hostname=openssh-server \
+          -p 2222:2222 \
+          -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \
+          -e SUDO_ACCESS=true \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server sh -c "hostname -i" > ip.txt
+          echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
+          cat ip.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip.txt
+          echo "======================================"
+          sleep 2
+
+      - name: testing id_ed25519 key
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          script: |
+            whoami
+            ls -al
+
+      - name: pass environment
+        uses: ./
+        env:
+          FOO: "BAR"
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          envs: FOO
+          script: |
+            echo "I am $FOO, thanks"
+            echo "I am $BAR, thanks"
+
+      - name: pass multiple environment
+        uses: ./
+        env:
+          FOO: "BAR"
+          BAR: "FOO"
+          SHA: ${{ github.sha }}
+          PORT: ${{ secrets.PORT }}
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          envs: FOO,BAR,SHA,PORT
+          script: |
+            echo "I am $FOO, thanks"
+            echo "I am $BAR, thanks"
+            echo "sha: $SHA"
+            echo "port: $PORT"
+
+      - name: custom envs format
+        uses: ./
+        env:
+          FOO: "BAR"
+          AAA: "BBB"
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          envs: FOO,BAR,AAA
+          envs_format: export TEST_{NAME}={VALUE}
+          script: |
+            echo "I am $TEST_FOO, thanks"
+            echo "I am $TEST_BAR, thanks"
+            echo "I am $BAR, thanks"
+            echo "I am $TEST_AAA, thanks"
+
+      - name: pass all ENV variables to script
+        uses: ./
+        env:
+          INPUT_FOO: "BAR"
+          INPUT_AAA: "BBB"
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          allenvs: true
+          script: |
+            echo "I am $INPUT_FOO, thanks"
+            echo "I am $INPUT_AAA, thanks"
+            echo "$GITHUB_BASE_REF"
+            echo "$GITHUB_REF"
+
+      - name: pass secret variable in shell
+        uses: ./
+        continue-on-error: true
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          script: cd ${{ secrets.PORT }}
+
+      - name: switch to root user
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          request_pty: true
+          command_timeout: 30s
+          script: |
+            whoami && echo 'hello world' && touch todo.txt
+            sudo whoami
+
+  testing06:
+    name: testing ipv6
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v6
+
+      - name: Set up WARP
+        uses: fscarmen/warp-on-actions@v1.4
+        with:
+          stack: dual
+
+      - name: testing ipv6 for command
+        run: |
+          curl -m 9 --ipv6 --verbose https://google.com
+
+      - name: testing ipv6
+        uses: ./
+        continue-on-error: true
+        with:
+          host: 2402:1f00:8000:800::2628
+          username: ubuntu
+          password: ${{ secrets.OVH_PASSWORD }}
+          protocol: tcp6
+          port: 22
+          command_timeout: 30s
+          script: |
+            whoami
+
+  testing07:
+    name: some special character
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v6
+
+      - name: Set Environment Variables
+        run: |
+          PASS='3HUS$?8kLu)}'
+          printf "PASS=${PASS}" >> $GITHUB_ENV
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server \
+          --hostname=openssh-server \
+          -p 2222:2222 \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD='${{ env.PASS }}'  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server sh -c "hostname -i" > ip.txt
+          echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
+          cat ip.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip.txt
+          echo "======================================"
+          sleep 2
+
+      - name: ssh by username and password
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: ${{ env.PASS }}
+          port: 2222
+          script: |
+            #!/usr/bin/env bash
+            set -e
+            whoami
+
+  testing-capturing-output:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server \
+          --hostname=openssh-server \
+          -p 2222:2222 \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server sh -c "hostname -i" > ip.txt
+          echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
+          cat ip.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip.txt
+          echo "======================================"
+          sleep 2
+
+      - id: stdout
+        name: ssh command with stdout
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: password
+          port: 2222
+          capture_stdout: true
+          script: |
+            #!/usr/bin/env bash
+            set -e
+            whoami
+
+      - name: check stdout
+        run: |
+          echo "stdout: ${{ steps.stdout.outputs.stdout }}"
+          if [ -z "${{ steps.stdout.outputs.stdout }}" ]; then
+            echo "Error: stdout is empty"
+            exit 1
+          fi
+
+      - id: stdout-multiline
+        name: capture multiline output
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: password
+          port: 2222
+          capture_stdout: true
+          script: |
+            #!/usr/bin/env bash
+            set -e
+            echo "Line 1"
+            echo "Line 2"
+            echo "Line 3"
+            whoami
+            pwd
+
+      - name: check multiline output
+        run: |
+          echo "stdout: ${{ steps.stdout-multiline.outputs.stdout }}"
+          # Check if all lines are present
+          if ! echo "${{ steps.stdout-multiline.outputs.stdout }}" | grep -q "Line 1"; then
+            echo "Error: 'Line 1' not found in output"
+            exit 1
+          fi
+          if ! echo "${{ steps.stdout-multiline.outputs.stdout }}" | grep -q "Line 2"; then
+            echo "Error: 'Line 2' not found in output"
+            exit 1
+          fi
+          if ! echo "${{ steps.stdout-multiline.outputs.stdout }}" | grep -q "Line 3"; then
+            echo "Error: 'Line 3' not found in output"
+            exit 1
+          fi
+          if ! echo "${{ steps.stdout-multiline.outputs.stdout }}" | grep -q "linuxserver.io"; then
+            echo "Error: username not found in output"
+            exit 1
+          fi
+
+          # Check for duplicates - each unique line should appear exactly once
+          OUTPUT="${{ steps.stdout-multiline.outputs.stdout }}"
+          LINE1_COUNT=$(echo "$OUTPUT" | grep -c "^Line 1$" || true)
+          LINE2_COUNT=$(echo "$OUTPUT" | grep -c "^Line 2$" || true)
+          LINE3_COUNT=$(echo "$OUTPUT" | grep -c "^Line 3$" || true)
+
+          echo "Line 1 count: $LINE1_COUNT"
+          echo "Line 2 count: $LINE2_COUNT"
+          echo "Line 3 count: $LINE3_COUNT"
+
+          if [ "$LINE1_COUNT" -ne 1 ]; then
+            echo "Error: 'Line 1' appears $LINE1_COUNT times (expected 1)"
+            exit 1
+          fi
+          if [ "$LINE2_COUNT" -ne 1 ]; then
+            echo "Error: 'Line 2' appears $LINE2_COUNT times (expected 1)"
+            exit 1
+          fi
+          if [ "$LINE3_COUNT" -ne 1 ]; then
+            echo "Error: 'Line 3' appears $LINE3_COUNT times (expected 1)"
+            exit 1
+          fi
+
+          echo "✓ No duplicate lines detected"
+
+      - id: stdout-with-special-chars
+        name: capture output with special characters
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: password
+          port: 2222
+          capture_stdout: true
+          script: |
+            #!/usr/bin/env bash
+            set -e
+            echo "Test with special chars: @#$%^&*()"
+            echo "Path: /home/user/test"
+            echo "JSON: {\"key\": \"value\"}"
+
+      - name: check special characters output
+        run: |
+          echo "stdout: ${{ steps.stdout-with-special-chars.outputs.stdout }}"
+          if ! echo "${{ steps.stdout-with-special-chars.outputs.stdout }}" | grep -q "special chars"; then
+            echo "Error: special characters test failed"
+            exit 1
+          fi
+          if ! echo "${{ steps.stdout-with-special-chars.outputs.stdout }}" | grep -q "/home/user/test"; then
+            echo "Error: path not found in output"
+            exit 1
+          fi
+
+  testing-script-stop:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server \
+          --hostname=openssh-server \
+          -p 2222:2222 \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server sh -c "hostname -i" > ip.txt
+          echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
+          cat ip.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip.txt
+          echo "======================================"
+          sleep 2
+
+      - id: stdout01
+        name: ssh command with stdout 01
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: password
+          port: 2222
+          capture_stdout: true
+          script: |
+            #!/usr/bin/env bash
+            set -e
+            echo "TMP TESTING IF"
+            if [[ "2" == "1" ]]; then
+              echo "True"
+            else
+              echo "False"
+            fi
+
+      - name: check stdout 01
+        run: |
+          echo "stdout: ${{ steps.stdout01.outputs.stdout }}"
+          if echo "${{ steps.stdout01.outputs.stdout }}" | grep -q "True"; then
+            echo "Output contains 'True'"
+            exit 1
+          fi
+          if echo "${{ steps.stdout01.outputs.stdout }}" | grep -q "False"; then
+            echo "Output contains 'False'"
+          fi
+
+      - id: stdout02
+        name: ssh command with stdout 01
+        uses: ./
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: password
+          port: 2222
+          capture_stdout: true
+          script: |
+            #!/usr/bin/env bash
+            set -e
+            echo "TMP TESTING IF"
+            if [[ "1" == "1" ]]; then
+              echo "True"
+            else
+              echo "False"
+            fi
+
+      - name: check stdout 02
+        run: |
+          echo "stdout: ${{ steps.stdout02.outputs.stdout }}"
+          if echo "${{ steps.stdout02.outputs.stdout }}" | grep -q "False"; then
+            echo "Output contains 'False'"
+            exit 1
+          fi
+          if echo "${{ steps.stdout02.outputs.stdout }}" | grep -q "True"; then
+            echo "Output contains 'True'"
+          fi
+
+  testing-script-error:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server \
+          --hostname=openssh-server \
+          -p 2222:2222 \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server sh -c "hostname -i" > ip.txt
+          echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
+          cat ip.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip.txt
+          echo "======================================"
+          sleep 2
+
+      - name: test script error
+        uses: ./
+        continue-on-error: true
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: password
+          port: 2222
+          capture_stdout: true
+          script: |
+            #!/usr/bin/env bash
+            set -e
+            ls /nonexistent

.github/workflows/stable.yml

@@ -0,0 +1,467 @@
+name: testing stable version
+
+on: [push]
+
+jobs:
+  default-user-name-password:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server \
+          --hostname=openssh-server \
+          -p 2222:2222 \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server sh -c "hostname -i" > ip.txt
+          echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
+          cat ip.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip.txt
+          echo "======================================"
+          sleep 2
+
+      - name: ssh by username and password
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: password
+          port: 2222
+          script: |
+            #!/usr/bin/env bash
+            set -e
+            whoami
+
+      - name: ssh commands from a file
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: password
+          port: 2222
+          script_path: testdata/test.sh
+
+  check-ssh-key:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: add public key to env
+        run: |
+          echo "PUBLIC_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_rsa.pub >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= public key ========="
+          cat testdata/.ssh/id_rsa.pub
+          echo "============================"
+          echo "PRIVATE_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_rsa >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= private key ========="
+          cat testdata/.ssh/id_rsa
+          echo "============================"
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server \
+          --hostname=openssh-server \
+          -p 2222:2222 \
+          -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server sh -c "hostname -i" > ip.txt
+          echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
+          cat ip.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip.txt
+          echo "======================================"
+          sleep 2
+
+      - name: ssh by private key
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          script: whoami
+
+      - name: wrong password but correct key
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: "abcdef"
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          script: whoami
+
+      - name: correct password but wrong key
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          password: password
+          key: password
+          port: 2222
+          script: whoami
+
+  support-key-passphrase:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: add public key to env
+        run: |
+          echo "PUBLIC_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= public key ========="
+          cat testdata/.ssh/id_passphrase.pub
+          echo "============================"
+          echo "PRIVATE_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_passphrase >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= private key ========="
+          cat testdata/.ssh/id_passphrase
+          echo "============================"
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server \
+          --hostname=openssh-server \
+          -p 2222:2222 \
+          -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server sh -c "hostname -i" > ip.txt
+          echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
+          cat ip.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip.txt
+          echo "======================================"
+          sleep 2
+
+      - name: ssh key passphrase
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          passphrase: 1234
+          script: |
+            whoami
+            ls -al
+
+      - name: missing ssh key passphrase
+        uses: appleboy/ssh-action@v1
+        continue-on-error: true
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          script: |
+            whoami
+            ls -al
+
+      # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271
+      - name: Multiline SSH commands interpreted as single lines
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          passphrase: 1234
+          script: |
+            ls \
+              -lah
+          use_insecure_cipher: true
+
+  multiple-server:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: add public key to env
+        run: |
+          echo "PUBLIC_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= public key ========="
+          cat testdata/.ssh/id_passphrase.pub
+          echo "============================"
+          echo "PRIVATE_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_passphrase >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= private key ========="
+          cat testdata/.ssh/id_passphrase
+          echo "============================"
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server-01 \
+          --hostname=openssh-server-01 \
+          -p 2222:2222 \
+          -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server-01 sh -c "hostname -i" > ip01.txt
+          echo "REMOTE_HOST_01<<EOF" >> $GITHUB_ENV
+          cat ip01.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip01.txt
+          echo "======================================"
+
+          docker run -d \
+          --name=openssh-server-02 \
+          --hostname=openssh-server-02 \
+          -p 2223:2222 \
+          -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server-02 sh -c "hostname -i" > ip02.txt
+          echo "REMOTE_HOST_02<<EOF" >> $GITHUB_ENV
+          cat ip02.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip02.txt
+          echo "======================================"
+
+          sleep 2
+
+      # https://github.com/appleboy/ssh-action/issues/85
+      - name: Deployment to multiple hosts with different ports
+        uses: appleboy/ssh-action@v1
+        with:
+          host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222"
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          passphrase: 1234
+          script: |
+            whoami
+
+  support-ed25519-key:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: add public key to env
+        run: |
+          echo "PUBLIC_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= public key ========="
+          cat testdata/.ssh/id_ed25519.pub
+          echo "============================"
+          echo "PRIVATE_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= private key ========="
+          cat testdata/.ssh/id_ed25519
+          echo "============================"
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server \
+          --hostname=openssh-server \
+          -p 2222:2222 \
+          -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \
+          -e SUDO_ACCESS=false \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_PASSWORD=password  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server sh -c "hostname -i" > ip.txt
+          echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
+          cat ip.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip.txt
+          echo "======================================"
+          sleep 2
+
+      - name: testing id_ed25519 key
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          script: |
+            whoami
+            ls -al
+
+  testing-with-env:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: add public key to env
+        run: |
+          echo "PUBLIC_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= public key ========="
+          cat testdata/.ssh/id_ed25519.pub
+          echo "============================"
+          echo "PRIVATE_KEY<<EOF" >> $GITHUB_ENV
+          cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= private key ========="
+          cat testdata/.ssh/id_ed25519
+          echo "============================"
+
+      - name: create new ssh server
+        run: |
+          docker run -d \
+          --name=openssh-server \
+          --hostname=openssh-server \
+          -p 2222:2222 \
+          -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \
+          -e SUDO_ACCESS=true \
+          -e PASSWORD_ACCESS=true  \
+          -e USER_NAME=linuxserver.io \
+          --restart unless-stopped \
+          lscr.io/linuxserver/openssh-server:latest
+          docker exec openssh-server sh -c "hostname -i" > ip.txt
+          echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
+          cat ip.txt >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "======= container ip address ========="
+          cat ip.txt
+          echo "======================================"
+          sleep 2
+
+      - name: testing id_ed25519 key
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          script: |
+            whoami
+            ls -al
+
+      - name: pass environment
+        uses: appleboy/ssh-action@v1
+        env:
+          FOO: "BAR"
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          envs: FOO
+          script: |
+            echo "I am $FOO, thanks"
+            echo "I am $BAR, thanks"
+
+      - name: pass multiple environment
+        uses: appleboy/ssh-action@v1
+        env:
+          FOO: "BAR"
+          BAR: "FOO"
+          SHA: ${{ github.sha }}
+          PORT: ${{ secrets.PORT }}
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          envs: FOO,BAR,SHA,PORT
+          script: |
+            echo "I am $FOO, thanks"
+            echo "I am $BAR, thanks"
+            echo "sha: $SHA"
+            echo "port: $PORT"
+
+      - name: custom envs format
+        uses: appleboy/ssh-action@v1
+        env:
+          FOO: "BAR"
+          AAA: "BBB"
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          envs: FOO,BAR,AAA
+          envs_format: export TEST_{NAME}={VALUE}
+          script: |
+            echo "I am $TEST_FOO, thanks"
+            echo "I am $TEST_BAR, thanks"
+            echo "I am $BAR, thanks"
+            echo "I am $TEST_AAA, thanks"
+
+      - name: pass all ENV variables to script
+        uses: appleboy/ssh-action@v1
+        env:
+          INPUT_FOO: "BAR"
+          INPUT_AAA: "BBB"
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          allenvs: true
+          script: |
+            echo "I am $INPUT_FOO, thanks"
+            echo "I am $INPUT_AAA, thanks"
+            echo "$GITHUB_BASE_REF"
+            echo "$GITHUB_REF"
+
+      - name: switch to root user
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ env.REMOTE_HOST }}
+          username: linuxserver.io
+          key: ${{ env.PRIVATE_KEY }}
+          port: 2222
+          request_pty: true
+          command_timeout: 30s
+          script: |
+            whoami && echo 'hello world' && touch todo.txt
+            sudo whoami

.github/workflows/trivy-scan.yml

@@ -0,0 +1,51 @@
+name: Trivy Security Scan
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+
+jobs:
+  trivy-scan:
+    name: Trivy Security Scan
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@0.35.0
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          scanners: 'vuln,secret,misconfig'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH,MEDIUM'
+
+      - name: Upload Trivy results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+      - name: Run Trivy vulnerability scanner (table format)
+        uses: aquasecurity/trivy-action@0.35.0
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          scanners: 'vuln,secret,misconfig'
+          format: 'table'
+          severity: 'CRITICAL,HIGH,MEDIUM'
+          exit-code: '1'

.goreleaser.yaml

@@ -0,0 +1,28 @@
+builds:
+  - # If true, skip the build.
+    # Useful for library projects.
+    # Default is false
+    skip: true
+
+changelog:
+  use: github
+  groups:
+    - title: Features
+      regexp: "^.*feat[(\\w)]*:+.*$"
+      order: 0
+    - title: "Bug fixes"
+      regexp: "^.*fix[(\\w)]*:+.*$"
+      order: 1
+    - title: "Enhancements"
+      regexp: "^.*chore[(\\w)]*:+.*$"
+      order: 2
+    - title: "Refactor"
+      regexp: "^.*refactor[(\\w)]*:+.*$"
+      order: 3
+    - title: "Build process updates"
+      regexp: ^.*?(build|ci)(\(.+\))??!?:.+$
+      order: 4
+    - title: "Documentation updates"
+      regexp: ^.*?docs?(\(.+\))??!?:.+$
+      order: 5
+    - title: Others

CLAUDE.md

@@ -0,0 +1,178 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+This is a GitHub Action for executing remote SSH commands. Built using a composite action pattern, it downloads and runs the [drone-ssh](https://github.com/appleboy/drone-ssh) binary (written in Go) to execute SSH commands on remote hosts.
+
+**Key characteristics:**
+
+- No local compilation required - downloads pre-built binaries from drone-ssh releases
+- Shell-based composite action using `entrypoint.sh`
+- Supports password and SSH key authentication, proxies, multiple hosts, and environment variable passing
+- All input parameters are passed via `INPUT_*` environment variables
+
+## Architecture
+
+### Execution Flow
+
+1. **action.yml** - GitHub Actions composite action definition
+   - Defines all input parameters and their descriptions
+   - Sets up environment variables with `INPUT_*` prefix
+   - Calls `entrypoint.sh`
+
+2. **entrypoint.sh** - Main entry point
+   - Detects platform (Linux/Darwin/Windows) and architecture (amd64/arm64)
+   - Downloads appropriate `drone-ssh` binary from GitHub releases
+   - Executes the binary with all environment variables
+   - Handles `capture_stdout` for output capture
+
+3. **drone-ssh binary** - The actual SSH client (separate Go project)
+   - Performs SSH connection and command execution
+   - Not part of this repository
+
+### Key Files
+
+- `action.yml` - Action metadata and input/output definitions
+- `entrypoint.sh` - Platform detection, binary download, and execution
+- `testdata/` - Test scripts and SSH keys for CI workflows
+- `.github/workflows/main.yml` - Comprehensive test suite using Docker containers (tests `./` local action)
+- `.github/workflows/stable.yml` - Tests against published `appleboy/ssh-action@v1` tag
+- `.github/workflows/trivy-scan.yml` - Automated security scanning for vulnerabilities and misconfigurations
+
+## Testing
+
+### Running Tests
+
+Tests run automatically via GitHub Actions workflows. The test suite uses Docker containers running OpenSSH servers:
+
+```bash
+# Tests run automatically on push via .github/workflows/main.yml
+# Tests create Docker containers with openssh-server and test various scenarios
+```
+
+### Test Categories (from main.yml)
+
+The test workflow covers:
+
+- **default-user-name-password**: Basic password authentication
+- **check-ssh-key**: RSA key authentication, key priority over password
+- **support-key-passphrase**: Encrypted SSH keys
+- **multiple-server**: Multiple hosts with different ports
+- **support-ed25519-key**: ED25519 key format
+- **testing-with-env**: Environment variable passing, `allenvs`, custom formats
+- **testing06**: IPv6 connectivity
+- **testing07**: Special characters in passwords
+- **testing-capturing-output**: Output capture functionality
+- **testing-script-stop**: Script error handling with `set -e`
+- **testing-script-error**: Error propagation
+
+### Testing Locally
+
+Since this action downloads binaries, local testing should:
+
+1. Create a test SSH server (Docker or VM)
+2. Test `entrypoint.sh` directly with appropriate `INPUT_*` environment variables
+
+Example:
+
+```bash
+export INPUT_HOST="192.168.1.100"
+export INPUT_USERNAME="testuser"
+export INPUT_PASSWORD="testpass"
+export INPUT_PORT="22"
+export INPUT_SCRIPT="whoami"
+export GITHUB_ACTION_PATH="$(pwd)"
+./entrypoint.sh
+```
+
+## Important Patterns
+
+### Script Execution
+
+Users can provide scripts in two ways:
+
+- `script`: Inline commands (via `INPUT_SCRIPT`)
+- `script_path`: Path to a file in the repository (maps to `INPUT_SCRIPT_FILE` env var - note the naming difference)
+
+### Error Handling
+
+To stop execution on first error (mimics removed `script_stop` option), users should add `set -e` to their scripts:
+
+```yaml
+script: |
+  #!/usr/bin/env bash
+  set -e
+  command1
+  command2
+```
+
+### Environment Variables
+
+The action passes GitHub Action inputs as environment variables with `INPUT_*` prefix. The drone-ssh binary reads these to configure SSH behavior.
+
+Special handling:
+
+- `envs`: Comma-separated list of environment variables to pass to remote script
+- `allenvs`: Pass all `GITHUB_*` and `INPUT_*` variables
+- `envs_format`: Custom format for environment variable export (e.g., `export TEST_{NAME}={VALUE}`)
+
+### Multiple Hosts
+
+- Comma-separated hosts: `"host1,host2"` (executes in parallel by default)
+- With custom ports: `"host1:2222,host2:5678"`
+- Synchronous execution: Set `sync: true`
+
+## Common Issues
+
+### Command Not Found
+
+Non-interactive shells may skip `.bashrc`/`.bash_profile`. See README section "Command not found" for details. Solutions:
+
+- Use absolute paths in commands
+- Comment out early return in `/etc/bash.bashrc`
+
+### OpenSSH Compatibility
+
+Ubuntu 20.04+ may require enabling `ssh-rsa` algorithm in sshd_config:
+
+```txt
+CASignatureAlgorithms +ssh-rsa
+```
+
+Or use ED25519 keys instead (preferred).
+
+## Development Guidelines
+
+### Adding New Parameters
+
+1. Add input definition to `action.yml` with description
+2. Add corresponding `INPUT_*` environment variable mapping in `action.yml` runs.steps
+3. Update README.md parameter tables
+4. The drone-ssh binary handles the actual parameter logic (separate repo)
+
+### Documentation
+
+- Keep parameter tables in README.md synchronized with `action.yml`
+- Maintain Chinese translations (README.zh-cn.md, README.zh-tw.md)
+- Use clear examples for each feature
+
+### Version Management
+
+The action pins to specific drone-ssh versions via:
+
+- Default: `DRONE_SSH_VERSION="1.8.2"` in `entrypoint.sh`
+- Override: Users can specify `version` input parameter
+
+Update the default version when new drone-ssh releases are available.
+
+## Release Process
+
+This action uses semantic versioning with major version tags:
+
+- Tags: `v1.0.0`, `v1.0.1`, etc.
+- Major version tag: `v1` (points to latest v1.x.x)
+- Users reference: `uses: appleboy/ssh-action@v1`
+
+GoReleaser config (`.goreleaser.yaml`) is present but set to `skip: true` since this action doesn't build Go code - it downloads pre-built binaries.

Dockerfile

@@ -1,16 +0,0 @@
-FROM appleboy/drone-ssh:1.5.0-linux-amd64
-
-# Github labels
-LABEL "com.github.actions.name"="SSH Commands"
-LABEL "com.github.actions.description"="Executing remote ssh commands"
-LABEL "com.github.actions.icon"="terminal"
-LABEL "com.github.actions.color"="gray-dark"
-
-LABEL "repository"="https://github.com/appleboy/ssh-action"
-LABEL "homepage"="https://github.com/appleboy"
-LABEL "maintainer"="Bo-Yi Wu <appleboy.tw@gmail.com>"
-LABEL "version"="0.0.1"
-
-ADD entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
-ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -1,131 +1,528 @@
 # 🚀 SSH for GitHub Actions
 
-[GitHub Action](https://developer.github.com/actions/) for executing remote ssh commands.
+English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md)
 
-<img src="./images/ssh-workflow.png">
+## Table of Contents
 
-## Usage
+- [🚀 SSH for GitHub Actions](#-ssh-for-github-actions)
+  - [Table of Contents](#table-of-contents)
+  - [📖 Introduction](#-introduction)
+  - [🧩 Core Concepts \& Input Parameters](#-core-concepts--input-parameters)
+    - [🔌 Connection Settings](#-connection-settings)
+    - [🛠️ SSH Command Settings](#️-ssh-command-settings)
+    - [🌐 Proxy Settings](#-proxy-settings)
+  - [📤 Output Variables](#-output-variables)
+  - [⚡ Quick Start](#-quick-start)
+  - [🔑 SSH Key Setup \& OpenSSH Compatibility](#-ssh-key-setup--openssh-compatibility)
+    - [Setting Up SSH Keys](#setting-up-ssh-keys)
+      - [Generate RSA key](#generate-rsa-key)
+      - [Generate ED25519 key](#generate-ed25519-key)
+    - [OpenSSH Compatibility](#openssh-compatibility)
+  - [🛠️ Usage Scenarios \& Advanced Examples](#️-usage-scenarios--advanced-examples)
+    - [Using password authentication](#using-password-authentication)
+    - [Using private key authentication](#using-private-key-authentication)
+    - [Multiple commands](#multiple-commands)
+    - [Run commands from a file](#run-commands-from-a-file)
+    - [Multiple hosts](#multiple-hosts)
+    - [Multiple hosts with different ports](#multiple-hosts-with-different-ports)
+    - [Synchronous execution on multiple hosts](#synchronous-execution-on-multiple-hosts)
+    - [Pass environment variables to shell script](#pass-environment-variables-to-shell-script)
+    - [Capturing command output](#capturing-command-output)
+  - [🌐 Proxy \& Jump Host Usage](#-proxy--jump-host-usage)
+  - [🛡️ Security Best Practices](#️-security-best-practices)
+    - [Protecting Your Private Key](#protecting-your-private-key)
+    - [Host Fingerprint Verification](#host-fingerprint-verification)
+  - [🚨 Error Handling \& Troubleshooting](#-error-handling--troubleshooting)
+    - [Q\&A](#qa)
+      - [Command not found (npm or other command)](#command-not-found-npm-or-other-command)
+  - [🤝 Contributing](#-contributing)
+  - [📝 License](#-license)
 
-Executing remote ssh commands.
+---
 
-```
-action "Executing remote ssh commands" {
-  uses = "appleboy/ssh-action@master"
-  secrets = [
-    "HOST",
-    "PASSWORD",
-  ]
-  args = [
-    "--user", "actions",
-    "--script", "whoami",
-  ]
-}
+## 📖 Introduction
+
+**SSH for GitHub Actions** is a powerful [GitHub Action](https://github.com/features/actions) for executing remote SSH commands easily and securely in your CI/CD workflows.  
+Built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh), it supports a wide range of SSH scenarios, including multi-host, proxy, and advanced authentication.
+
+![ssh workflow](./images/ssh-agent.png)
+
+[![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml)
+[![Trivy Security Scan](https://github.com/appleboy/ssh-action/actions/workflows/trivy-scan.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/trivy-scan.yml)
+
+**Slides:** [SSH for GitHub Actions](https://speakerdeck.com/appleboy/ssh-for-github-actions)
+
+---
+
+## 🧩 Core Concepts & Input Parameters
+
+This action provides flexible SSH command execution with a rich set of configuration options.
+
+For full details, see [action.yml](./action.yml).
+
+### 🔌 Connection Settings
+
+These parameters control how the action connects to your remote host.
+
+| Parameter           | Description                                                       | Default |
+| ------------------- | ----------------------------------------------------------------- | ------- |
+| host                | SSH host address                                                  |         |
+| port                | SSH port number                                                   | 22      |
+| username            | SSH username                                                      |         |
+| password            | SSH password                                                      |         |
+| protocol            | SSH protocol version (`tcp`, `tcp4`, `tcp6`)                      | tcp     |
+| sync                | Run synchronously if multiple hosts are specified                 | false   |
+| timeout             | Timeout for SSH connection to host                                | 30s     |
+| key                 | Content of SSH private key (e.g., raw content of `~/.ssh/id_rsa`) |         |
+| key_path            | Path to SSH private key                                           |         |
+| passphrase          | Passphrase for the SSH private key                                |         |
+| fingerprint         | SHA256 fingerprint of the host public key                         |         |
+| use_insecure_cipher | Allow additional (less secure) ciphers                            | false   |
+| cipher              | Allowed cipher algorithms. Uses sensible defaults if unspecified  |         |
+
+---
+
+### 🛠️ SSH Command Settings
+
+These parameters control the commands executed on the remote host and related behaviors.
+
+| Parameter       | Description                                                                       | Default |
+| --------------- | --------------------------------------------------------------------------------- | ------- |
+| script          | Commands to execute remotely                                                      |         |
+| script_path     | Path to a file in the repository containing commands to execute remotely          |         |
+| envs            | Environment variables to pass to the shell script                                 |         |
+| envs_format     | Flexible configuration for environment variable transfer                          |         |
+| allenvs         | Pass all environment variables with `GITHUB_` and `INPUT_` prefixes to the script | false   |
+| command_timeout | Timeout for SSH command execution                                                 | 10m     |
+| debug           | Enable debug mode                                                                 | false   |
+| request_pty     | Request a pseudo-terminal from the server                                         | false   |
+| curl_insecure   | Allow curl to connect to SSL sites without certificates                           | false   |
+| capture_stdout  | Capture standard output from commands as action output                            | false   |
+| version         | drone-ssh binary version. If not specified, the latest version will be used.      |         |
+
+---
+
+### 🌐 Proxy Settings
+
+These parameters control the use of a proxy (jump host) for connecting to your target host.
+
+| Parameter                 | Description                                     | Default |
+| ------------------------- | ----------------------------------------------- | ------- |
+| proxy_host                | SSH proxy host                                  |         |
+| proxy_port                | SSH proxy port                                  | 22      |
+| proxy_username            | SSH proxy username                              |         |
+| proxy_password            | SSH proxy password                              |         |
+| proxy_passphrase          | SSH proxy key passphrase                        |         |
+| proxy_protocol            | SSH proxy protocol version                      | tcp     |
+| proxy_timeout             | Timeout for SSH connection to proxy host        | 30s     |
+| proxy_key                 | Content of SSH proxy private key                |         |
+| proxy_key_path            | Path to SSH proxy private key                   |         |
+| proxy_fingerprint         | SHA256 fingerprint of the proxy host public key |         |
+| proxy_cipher              | Allowed cipher algorithms for the proxy         |         |
+| proxy_use_insecure_cipher | Allow insecure ciphers for the proxy            | false   |
+
+> **Note:** To mimic the removed `script_stop` option, add `set -e` at the top of your shell script.
+
+---
+
+## 📤 Output Variables
+
+This action provides the following outputs that you can use in subsequent steps:
+
+| Output | Description                                                                |
+| ------ | -------------------------------------------------------------------------- |
+| stdout | Standard output of the executed commands (requires `capture_stdout: true`) |
+
+---
+
+## ⚡ Quick Start
+
+Run remote SSH commands in your workflow with minimal configuration:
+
+```yaml
+name: Remote SSH Command
+on: [push]
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Execute remote SSH commands using password
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ secrets.HOST }}
+          username: ${{ secrets.USERNAME }}
+          password: ${{ secrets.PASSWORD }}
+          port: ${{ secrets.PORT }}
+          script: whoami
 ```
 
-## Environment variables
+**Output:**
 
-* HOST - ssh server host
-* PORT - ssh server port
-* USERNAME - ssh server username
-* PASSWORD - ssh server password
-* KEY - ssh server private key
-* SCRIPT - execute the scripts
-
-### Example
-
-Executing remote ssh commands.
-
-```
-action "Executing remote ssh commands" {
-  uses = "appleboy/ssh-action@master"
-  secrets = [
-    "PASSWORD",
-  ]
-  args = [
-    "--host", "foo.com"
-    "--user", "bar",
-    "--script", "whoami",
-  ]
-}
+```sh
+======CMD======
+whoami
+======END======
+out: your_username
+===============================================
+✅ Successfully executed commands to all hosts.
+===============================================
 ```
 
-Using private key
+---
 
-```
-action "Support Private Key" {
-  uses = "appleboy/ssh-action@master"
-  secrets = [
-    "HOST",
-    "KEY",
-  ]
-  args = [
-    "--user", "actions",
-    "--script", "'ls -al'",
-  ]
-}
+## 🔑 SSH Key Setup & OpenSSH Compatibility
+
+### Setting Up SSH Keys
+
+It is best practice to create SSH keys on your local machine (not on a remote server). Log in with the username specified in GitHub Secrets and generate a key pair:
+
+#### Generate RSA key
+
+```bash
+ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
 ```
 
-Multiple Commands
+#### Generate ED25519 key
 
-```
-action "Multiple Commands" {
-  uses = "appleboy/ssh-action@master"
-  secrets = [
-    "HOST",
-    "KEY",
-  ]
-  args = [
-    "--user", "actions",
-    "--script", "'whoami'",
-    "--script", "'ls -al'",
-  ]
-}
+```bash
+ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
 ```
 
-<img src="./images/multiple-command-result.png">
+Add the new public key to the authorized keys on your server. [Learn more about authorized keys.](https://www.ssh.com/ssh/authorized_keys/)
 
-Multiple Hosts
+```bash
+# Add RSA key
+cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys'
 
-```
-action "Multiple Hosts" {
-  uses = "appleboy/ssh-action@master"
-  secrets = [
-    "KEY",
-  ]
-  args = [
-    "--host", "foo.com",
-    "--host", "bar.com",
-    "--user", "actions",
-    "--script", "'whoami'",
-    "--script", "'ls -al'",
-  ]
-}
+# Add ED25519 key
+cat .ssh/id_ed25519.pub | ssh user@host 'cat >> .ssh/authorized_keys'
 ```
 
-see the detail of `drone-ssh` command
+Copy the private key content and paste it into GitHub Secrets.
 
-```
-   --ssh-key value                           private ssh key [$PLUGIN_SSH_KEY, $PLUGIN_KEY, $SSH_KEY, $KEY]
-   --key-path value, -i value                ssh private key path [$PLUGIN_KEY_PATH, $SSH_KEY_PATH, $PATH]
-   --username value, --user value, -u value  connect as user (default: "root") [$PLUGIN_USERNAME, $PLUGIN_USER, $SSH_USERNAME, $USERNAME]
-   --password value, -P value                user password [$PLUGIN_PASSWORD, $SSH_PASSWORD, $PASSWORD]
-   --host value, -H value                    connect to host [$PLUGIN_HOST, $SSH_HOST, $HOST]
-   --port value, -p value                    connect to port (default: 22) [$PLUGIN_PORT, $SSH_PORT, $PORT]
-   --sync                                    sync mode [$PLUGIN_SYNC, $SYNC]
-   --timeout value, -t value                 connection timeout (default: 0s) [$PLUGIN_TIMEOUT, $SSH_TIMEOUT, $TIMEOUT]
-   --command.timeout value, -T value         command timeout (default: 1m0s) [$PLUGIN_COMMAND_TIMEOUT, $SSH_COMMAND_TIMEOUT, $COMMAND_TIMEOUT]
-   --script value, -s value                  execute commands [$PLUGIN_SCRIPT, $SSH_SCRIPT, $SCRIPT]
-   --script.stop                             stop script after first failure [$PLUGIN_SCRIPT_STOP, $STOP]
-   --proxy.ssh-key value                     private ssh key of proxy [$PLUGIN_PROXY_SSH_KEY, $PLUGIN_PROXY_KEY, $PROXY_SSH_KEY]
-   --proxy.key-path value                    ssh private key path of proxy [$PLUGIN_PROXY_KEY_PATH, $PROXY_SSH_KEY_PATH]
-   --proxy.username value                    connect as user of proxy (default: "root") [$PLUGIN_PROXY_USERNAME, $PLUGIN_PROXY_USER, $PROXY_SSH_USERNAME]
-   --proxy.password value                    user password of proxy [$PLUGIN_PROXY_PASSWORD, $PROXY_SSH_PASSWORD]
-   --proxy.host value                        connect to host of proxy [$PLUGIN_PROXY_HOST, $PROXY_SSH_HOST]
-   --proxy.port value                        connect to port of proxy (default: "22") [$PLUGIN_PROXY_PORT, $PROXY_SSH_PORT]
-   --proxy.timeout value                     proxy connection timeout (default: 0s) [$PLUGIN_PROXY_TIMEOUT, $PROXY_SSH_TIMEOUT]
+```bash
+# macOS
+pbcopy < ~/.ssh/id_rsa
+# Ubuntu
+xclip < ~/.ssh/id_rsa
 ```
 
-## Secrets
+> **Tip:** Copy from `-----BEGIN OPENSSH PRIVATE KEY-----` to `-----END OPENSSH PRIVATE KEY-----` (inclusive).
 
-* `PASSWORD` - ssh server password
-* `KEY` - ssh server private key
+For ED25519:
+
+```bash
+# macOS
+pbcopy < ~/.ssh/id_ed25519
+# Ubuntu
+xclip < ~/.ssh/id_ed25519
+```
+
+See more: [SSH login without a password](http://www.linuxproblem.org/art_9.html).
+
+> **Note:** Depending on your SSH version, you may also need to:
+>
+> - Place the public key in `.ssh/authorized_keys2`
+> - Set `.ssh` permissions to 700
+> - Set `.ssh/authorized_keys2` permissions to 640
+
+### OpenSSH Compatibility
+
+If you see this error:
+
+```bash
+ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
+```
+
+On Ubuntu 20.04+ you may need to explicitly allow the `ssh-rsa` algorithm. Add this to your OpenSSH daemon config (`/etc/ssh/sshd_config` or a drop-in under `/etc/ssh/sshd_config.d/`):
+
+```text
+CASignatureAlgorithms +ssh-rsa
+```
+
+Alternatively, use ED25519 keys (supported by default):
+
+```bash
+ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
+```
+
+---
+
+## 🛠️ Usage Scenarios & Advanced Examples
+
+This section covers common and advanced usage patterns, including multi-host, proxy, and environment variable passing.
+
+### Using password authentication
+
+```yaml
+- name: Execute remote SSH commands using password
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    password: ${{ secrets.PASSWORD }}
+    port: ${{ secrets.PORT }}
+    script: whoami
+```
+
+### Using private key authentication
+
+```yaml
+- name: Execute remote SSH commands using SSH key
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    key: ${{ secrets.KEY }}
+    port: ${{ secrets.PORT }}
+    script: whoami
+```
+
+### Multiple commands
+
+```yaml
+- name: Multiple commands
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    key: ${{ secrets.KEY }}
+    port: ${{ secrets.PORT }}
+    script: |
+      whoami
+      ls -al
+```
+
+![result](./images/output-result.png)
+
+### Run commands from a file
+
+```yaml
+- name: File commands
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    key: ${{ secrets.KEY }}
+    port: ${{ secrets.PORT }}
+    script_path: scripts/script.sh
+```
+
+### Multiple hosts
+
+```diff
+  - name: Multiple hosts
+    uses: appleboy/ssh-action@v1
+    with:
+-     host: "foo.com"
++     host: "foo.com,bar.com"
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
+      script: |
+        whoami
+        ls -al
+```
+
+Default `port` is `22`.
+
+### Multiple hosts with different ports
+
+```diff
+  - name: Multiple hosts
+    uses: appleboy/ssh-action@v1
+    with:
+-     host: "foo.com"
++     host: "foo.com:1234,bar.com:5678"
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      script: |
+        whoami
+        ls -al
+```
+
+### Synchronous execution on multiple hosts
+
+```diff
+  - name: Multiple hosts
+    uses: appleboy/ssh-action@v1
+    with:
+      host: "foo.com,bar.com"
++     sync: true
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
+      script: |
+        whoami
+        ls -al
+```
+
+### Pass environment variables to shell script
+
+```diff
+  - name: Pass environment
+    uses: appleboy/ssh-action@v1
++   env:
++     FOO: "BAR"
++     BAR: "FOO"
++     SHA: ${{ github.sha }}
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     envs: FOO,BAR,SHA
+      script: |
+        echo "I am $FOO"
+        echo "I am $BAR"
+        echo "sha: $SHA"
+```
+
+> _All environment variables in the `env` object must be strings. Using integers or other types may cause unexpected results._
+
+### Capturing command output
+
+You can capture the standard output of remote commands and use it in subsequent steps:
+
+```yaml
+- name: Execute and capture output
+  id: ssh
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    key: ${{ secrets.KEY }}
+    port: ${{ secrets.PORT }}
+    capture_stdout: true
+    script: |
+      echo "Hello World"
+      hostname
+
+- name: Use captured output
+  run: echo "SSH output was ${{ steps.ssh.outputs.stdout }}"
+```
+
+---
+
+## 🌐 Proxy & Jump Host Usage
+
+You can connect to remote hosts via a proxy (jump host) for advanced network topologies.
+
+```bash
++--------+       +----------+      +-----------+
+| Laptop | <-->  | Jumphost | <--> | FooServer |
++--------+       +----------+      +-----------+
+```
+
+Example `~/.ssh/config`:
+
+```text
+Host Jumphost
+  HostName Jumphost
+  User ubuntu
+  Port 22
+  IdentityFile ~/.ssh/keys/jump_host.pem
+
+Host FooServer
+  HostName FooServer
+  User ubuntu
+  Port 22
+  ProxyCommand ssh -q -W %h:%p Jumphost
+```
+
+**GitHub Actions YAML:**
+
+```diff
+  - name: SSH proxy command
+    uses: appleboy/ssh-action@v1
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     proxy_host: ${{ secrets.PROXY_HOST }}
++     proxy_username: ${{ secrets.PROXY_USERNAME }}
++     proxy_key: ${{ secrets.PROXY_KEY }}
++     proxy_port: ${{ secrets.PROXY_PORT }}
+      script: |
+        mkdir abc/def
+        ls -al
+```
+
+---
+
+## 🛡️ Security Best Practices
+
+### Protecting Your Private Key
+
+A passphrase encrypts your private key, making it useless to attackers if leaked. Always store your private key securely.
+
+```diff
+  - name: SSH key passphrase
+    uses: appleboy/ssh-action@v1
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     passphrase: ${{ secrets.PASSPHRASE }}
+      script: |
+        whoami
+        ls -al
+```
+
+### Host Fingerprint Verification
+
+Verifying the SSH host fingerprint helps prevent man-in-the-middle attacks. To get your host's fingerprint (replace `ed25519` with your key type and `example.com` with your host):
+
+```sh
+ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2
+```
+
+Update your config:
+
+```diff
+  - name: SSH key passphrase
+    uses: appleboy/ssh-action@v1
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     fingerprint: ${{ secrets.FINGERPRINT }}
+      script: |
+        whoami
+        ls -al
+```
+
+---
+
+## 🚨 Error Handling & Troubleshooting
+
+### Q&A
+
+#### Command not found (npm or other command)
+
+If you encounter "command not found" errors, see [this issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non-interactive shells.
+
+On many Linux distros, `/etc/bash.bashrc` contains:
+
+```sh
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+```
+
+Comment out this line or use absolute paths for your commands.
+
+---
+
+## 🤝 Contributing
+
+Contributions are welcome! Please submit a pull request to help improve `appleboy/ssh-action`.
+
+---
+
+## 📝 License
+
+This project is licensed under the [MIT License](LICENSE).

README.zh-cn.md

@@ -0,0 +1,528 @@
+# 🚀 用于 GitHub Actions 的 SSH
+
+[English](./README.md) | [繁體中文](./README.zh-tw.md) | 简体中文
+
+## 目录
+
+- [🚀 用于 GitHub Actions 的 SSH](#-用于-github-actions-的-ssh)
+  - [目录](#目录)
+  - [📖 简介](#-简介)
+  - [🧩 核心概念与输入参数](#-核心概念与输入参数)
+    - [🔌 连接设置](#-连接设置)
+    - [🛠️ 指令设置](#️-指令设置)
+    - [🌐 代理设置](#-代理设置)
+  - [📤 输出变量](#-输出变量)
+  - [⚡ 快速开始](#-快速开始)
+  - [🔑 SSH 密钥配置与 OpenSSH 兼容性](#-ssh-密钥配置与-openssh-兼容性)
+    - [配置 SSH 密钥](#配置-ssh-密钥)
+      - [生成 RSA 密钥](#生成-rsa-密钥)
+      - [生成 ED25519 密钥](#生成-ed25519-密钥)
+    - [OpenSSH 兼容性](#openssh-兼容性)
+  - [🛠️ 用法场景与进阶示例](#️-用法场景与进阶示例)
+    - [使用密码认证](#使用密码认证)
+    - [使用私钥认证](#使用私钥认证)
+    - [多条命令](#多条命令)
+    - [从文件执行命令](#从文件执行命令)
+    - [多主机](#多主机)
+    - [多主机不同端口](#多主机不同端口)
+    - [多主机同步执行](#多主机同步执行)
+    - [传递环境变量到 shell 脚本](#传递环境变量到-shell-脚本)
+    - [捕获命令输出](#捕获命令输出)
+  - [🌐 代理与跳板机用法](#-代理与跳板机用法)
+  - [🛡️ 安全最佳实践](#️-安全最佳实践)
+    - [保护你的私钥](#保护你的私钥)
+    - [主机指纹验证](#主机指纹验证)
+  - [🚨 错误处理与疑难解答](#-错误处理与疑难解答)
+    - [常见问题](#常见问题)
+      - [命令未找到（npm 或其他命令）](#命令未找到npm-或其他命令)
+  - [🤝 贡献](#-贡献)
+  - [📝 许可证](#-许可证)
+
+---
+
+## 📖 简介
+
+**SSH for GitHub Actions** 是一个强大的 [GitHub Action](https://github.com/features/actions)，可让你在 CI/CD 工作流中轻松且安全地执行远程 SSH 命令。  
+本项目基于 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 构建，支持多主机、代理、高级认证等多种 SSH 场景。
+
+![ssh workflow](./images/ssh-agent.png)
+
+[![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml)
+[![Trivy Security Scan](https://github.com/appleboy/ssh-action/actions/workflows/trivy-scan.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/trivy-scan.yml)
+
+**幻灯片：** [SSH for GitHub Actions](https://speakerdeck.com/appleboy/ssh-for-github-actions)
+
+---
+
+## 🧩 核心概念与输入参数
+
+本 Action 提供灵活的 SSH 命令执行能力，并具备丰富的配置选项。
+
+详细参数请参阅 [action.yml](./action.yml)。
+
+### 🔌 连接设置
+
+这些参数用于控制如何连接到远程主机。
+
+| 参数                | 描述                                          | 默认值 |
+| ------------------- | --------------------------------------------- | ------ |
+| host                | SSH 主机地址                                  |        |
+| port                | SSH 端口号                                    | 22     |
+| username            | SSH 用户名                                    |        |
+| password            | SSH 密码                                      |        |
+| protocol            | SSH 协议版本（`tcp`、`tcp4`、`tcp6`）         | tcp    |
+| sync                | 指定多个主机时同步执行                        | false  |
+| timeout             | SSH 连接主机的超时时间                        | 30s    |
+| key                 | SSH 私钥内容（如 `~/.ssh/id_rsa` 的原始内容） |        |
+| key_path            | SSH 私钥路径                                  |        |
+| passphrase          | SSH 私钥密码短语                              |        |
+| fingerprint         | 主机公钥的 SHA256 指纹                        |        |
+| use_insecure_cipher | 允许额外（不安全）的加密算法                  | false  |
+| cipher              | 允许的加密算法，未指定时使用默认值            |        |
+
+---
+
+### 🛠️ 指令设置
+
+这些参数用于控制在远程主机上执行的命令及相关行为。
+
+| 参数            | 描述                                                  | 默认值 |
+| --------------- | ----------------------------------------------------- | ------ |
+| script          | 远程执行的命令                                        |        |
+| script_path     | 仓库中包含要远程执行命令的文件路径                    |        |
+| envs            | 传递给 shell 脚本的环境变量                           |        |
+| envs_format     | 环境变量传递的灵活配置                                |        |
+| allenvs         | 传递所有带 `GITHUB_` 和 `INPUT_` 前缀的环境变量到脚本 | false  |
+| command_timeout | SSH 命令执行超时时间                                  | 10m    |
+| debug           | 启用调试模式                                          | false  |
+| request_pty     | 向服务器请求伪终端                                    | false  |
+| curl_insecure   | 允许 curl 连接无证书的 SSL 站点                       | false  |
+| capture_stdout  | 捕获命令的标准输出作为 Action 输出                    | false  |
+| version         | drone-ssh 二进制版本，未指定时使用最新版本            |        |
+
+---
+
+### 🌐 代理设置
+
+这些参数用于通过代理（跳板机）连接到目标主机。
+
+| 参数                      | 描述                                      | 默认值 |
+| ------------------------- | ----------------------------------------- | ------ |
+| proxy_host                | SSH 代理主机                              |        |
+| proxy_port                | SSH 代理端口                              | 22     |
+| proxy_username            | SSH 代理用户名                            |        |
+| proxy_password            | SSH 代理密码                              |        |
+| proxy_passphrase          | SSH 代理私钥密码短语                      |        |
+| proxy_protocol            | SSH 代理协议版本（`tcp`、`tcp4`、`tcp6`） | tcp    |
+| proxy_timeout             | SSH 连接代理主机的超时时间                | 30s    |
+| proxy_key                 | SSH 代理私钥内容                          |        |
+| proxy_key_path            | SSH 代理私钥路径                          |        |
+| proxy_fingerprint         | 代理主机公钥的 SHA256 指纹                |        |
+| proxy_cipher              | 代理允许的加密算法                        |        |
+| proxy_use_insecure_cipher | 代理允许额外（不安全）的加密算法          | false  |
+
+> **注意：** 如需实现已移除的 `script_stop` 功能，请在 shell 脚本顶部添加 `set -e`。
+
+---
+
+## 📤 输出变量
+
+本 Action 提供以下输出，可在后续步骤中使用：
+
+| 输出   | 描述                                                  |
+| ------ | ----------------------------------------------------- |
+| stdout | 执行命令的标准输出（需设置 `capture_stdout: true`） |
+
+---
+
+## ⚡ 快速开始
+
+只需简单配置，即可在工作流中执行远程 SSH 命令：
+
+```yaml
+name: Remote SSH Command
+on: [push]
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: 执行远程 SSH 命令（密码认证）
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ secrets.HOST }}
+          username: ${{ secrets.USERNAME }}
+          password: ${{ secrets.PASSWORD }}
+          port: ${{ secrets.PORT }}
+          script: whoami
+```
+
+**输出：**
+
+```sh
+======CMD======
+whoami
+======END======
+out: your_username
+===============================================
+✅ Successfully executed commands to all hosts.
+===============================================
+```
+
+---
+
+## 🔑 SSH 密钥配置与 OpenSSH 兼容性
+
+### 配置 SSH 密钥
+
+建议在本地机器（而非远程服务器）上创建 SSH 密钥。请使用 GitHub Secrets 中指定的用户名登录并生成密钥对：
+
+#### 生成 RSA 密钥
+
+```bash
+ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
+```
+
+#### 生成 ED25519 密钥
+
+```bash
+ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
+```
+
+将新生成的公钥添加到服务器的 authorized_keys。 [了解更多 authorized_keys](https://www.ssh.com/ssh/authorized_keys/)
+
+```bash
+# 添加 RSA 公钥
+cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys'
+
+# 添加 ED25519 公钥
+cat .ssh/id_ed25519.pub | ssh user@host 'cat >> .ssh/authorized_keys'
+```
+
+复制私钥内容并粘贴到 GitHub Secrets。
+
+```bash
+# macOS
+pbcopy < ~/.ssh/id_rsa
+# Ubuntu
+xclip < ~/.ssh/id_rsa
+```
+
+> **提示：** 复制内容需包含 `-----BEGIN OPENSSH PRIVATE KEY-----` 到 `-----END OPENSSH PRIVATE KEY-----`（含）。
+
+ED25519 同理：
+
+```bash
+# macOS
+pbcopy < ~/.ssh/id_ed25519
+# Ubuntu
+xclip < ~/.ssh/id_ed25519
+```
+
+更多信息：[SSH 无密码登录](http://www.linuxproblem.org/art_9.html)。
+
+> **注意：** 根据 SSH 版本，可能还需：
+>
+> - 将公钥放入 `.ssh/authorized_keys2`
+> - 设置 `.ssh` 权限为 700
+> - 设置 `.ssh/authorized_keys2` 权限为 640
+
+### OpenSSH 兼容性
+
+如果出现如下错误：
+
+```bash
+ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
+```
+
+在 Ubuntu 20.04+，你可能需要显式允许 `ssh-rsa` 算法。请在 OpenSSH 配置文件（`/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 下的 drop-in 文件）中添加：
+
+```text
+CASignatureAlgorithms +ssh-rsa
+```
+
+或者，直接使用默认支持的 ED25519 密钥：
+
+```bash
+ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
+```
+
+---
+
+## 🛠️ 用法场景与进阶示例
+
+本节涵盖常见与进阶用法，包括多主机、代理、环境变量传递等。
+
+### 使用密码认证
+
+```yaml
+- name: 执行远程 SSH 命令（密码认证）
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    password: ${{ secrets.PASSWORD }}
+    port: ${{ secrets.PORT }}
+    script: whoami
+```
+
+### 使用私钥认证
+
+```yaml
+- name: 执行远程 SSH 命令（密钥认证）
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    key: ${{ secrets.KEY }}
+    port: ${{ secrets.PORT }}
+    script: whoami
+```
+
+### 多条命令
+
+```yaml
+- name: 多条命令
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    key: ${{ secrets.KEY }}
+    port: ${{ secrets.PORT }}
+    script: |
+      whoami
+      ls -al
+```
+
+![result](./images/output-result.png)
+
+### 从文件执行命令
+
+```yaml
+- name: 文件命令
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    key: ${{ secrets.KEY }}
+    port: ${{ secrets.PORT }}
+    script_path: scripts/script.sh
+```
+
+### 多主机
+
+```diff
+  - name: 多主机
+    uses: appleboy/ssh-action@v1
+    with:
+-     host: "foo.com"
++     host: "foo.com,bar.com"
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
+      script: |
+        whoami
+        ls -al
+```
+
+默认 `port` 为 `22`。
+
+### 多主机不同端口
+
+```diff
+  - name: 多主机
+    uses: appleboy/ssh-action@v1
+    with:
+-     host: "foo.com"
++     host: "foo.com:1234,bar.com:5678"
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      script: |
+        whoami
+        ls -al
+```
+
+### 多主机同步执行
+
+```diff
+  - name: 多主机
+    uses: appleboy/ssh-action@v1
+    with:
+      host: "foo.com,bar.com"
++     sync: true
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
+      script: |
+        whoami
+        ls -al
+```
+
+### 传递环境变量到 shell 脚本
+
+```diff
+  - name: 传递环境变量
+    uses: appleboy/ssh-action@v1
++   env:
++     FOO: "BAR"
++     BAR: "FOO"
++     SHA: ${{ github.sha }}
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     envs: FOO,BAR,SHA
+      script: |
+        echo "I am $FOO"
+        echo "I am $BAR"
+        echo "sha: $SHA"
+```
+
+> _`env` 对象中的所有环境变量必须为字符串。传递整数或其他类型可能导致意外结果。_
+
+### 捕获命令输出
+
+你可以捕获远程命令的标准输出，并在后续步骤中使用：
+
+```yaml
+- name: 执行并捕获输出
+  id: ssh
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    key: ${{ secrets.KEY }}
+    port: ${{ secrets.PORT }}
+    capture_stdout: true
+    script: |
+      echo "Hello World"
+      hostname
+
+- name: 使用捕获的输出
+  run: echo "SSH 输出为 ${{ steps.ssh.outputs.stdout }}"
+```
+
+---
+
+## 🌐 代理与跳板机用法
+
+你可以通过代理（跳板机）连接到远程主机，适用于进阶网络拓扑。
+
+```bash
++--------+       +----------+      +-----------+
+| Laptop | <-->  | Jumphost | <--> | FooServer |
++--------+       +----------+      +-----------+
+```
+
+示例 `~/.ssh/config`：
+
+```text
+Host Jumphost
+  HostName Jumphost
+  User ubuntu
+  Port 22
+  IdentityFile ~/.ssh/keys/jump_host.pem
+
+Host FooServer
+  HostName FooServer
+  User ubuntu
+  Port 22
+  ProxyCommand ssh -q -W %h:%p Jumphost
+```
+
+**GitHub Actions YAML:**
+
+```diff
+  - name: SSH 代理命令
+    uses: appleboy/ssh-action@v1
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     proxy_host: ${{ secrets.PROXY_HOST }}
++     proxy_username: ${{ secrets.PROXY_USERNAME }}
++     proxy_key: ${{ secrets.PROXY_KEY }}
++     proxy_port: ${{ secrets.PROXY_PORT }}
+      script: |
+        mkdir abc/def
+        ls -al
+```
+
+---
+
+## 🛡️ 安全最佳实践
+
+### 保护你的私钥
+
+密码短语会加密你的私钥，即使泄露也无法被攻击者直接利用。请务必妥善保管私钥。
+
+```diff
+  - name: SSH 密钥密码短语
+    uses: appleboy/ssh-action@v1
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     passphrase: ${{ secrets.PASSPHRASE }}
+      script: |
+        whoami
+        ls -al
+```
+
+### 主机指纹验证
+
+验证 SSH 主机指纹有助于防止中间人攻击。获取主机指纹（将 `ed25519` 替换为你的密钥类型，`example.com` 替换为你的主机）：
+
+```sh
+ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2
+```
+
+更新配置：
+
+```diff
+  - name: SSH 密钥密码短语
+    uses: appleboy/ssh-action@v1
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     fingerprint: ${{ secrets.FINGERPRINT }}
+      script: |
+        whoami
+        ls -al
+```
+
+---
+
+## 🚨 错误处理与疑难解答
+
+### 常见问题
+
+#### 命令未找到（npm 或其他命令）
+
+如果遇到 "command not found" 错误，请参考 [此评论](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) 了解交互式与非交互式 shell 的区别。
+
+许多 Linux 发行版的 `/etc/bash.bashrc` 包含如下内容：
+
+```sh
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+```
+
+注释掉该行或使用命令的绝对路径。
+
+---
+
+## 🤝 贡献
+
+欢迎贡献！请提交 Pull Request 改进 `appleboy/ssh-action`。
+
+---
+
+## 📝 许可证
+
+本项目采用 [MIT License](LICENSE) 授权。

README.zh-tw.md

@@ -0,0 +1,528 @@
+# 🚀 GitHub Actions 的 SSH
+
+[English](./README.md) | 繁體中文 | [简体中文](./README.zh-cn.md)
+
+## 目錄
+
+- [🚀 GitHub Actions 的 SSH](#-github-actions-的-ssh)
+  - [目錄](#目錄)
+  - [📖 簡介](#-簡介)
+  - [🧩 核心概念與輸入參數](#-核心概念與輸入參數)
+    - [🔌 連線設定](#-連線設定)
+    - [🛠️ 指令設定](#️-指令設定)
+    - [🌐 代理設定](#-代理設定)
+  - [📤 輸出變數](#-輸出變數)
+  - [⚡ 快速開始](#-快速開始)
+  - [🔑 SSH 金鑰設定與 OpenSSH 相容性](#-ssh-金鑰設定與-openssh-相容性)
+    - [設定 SSH 金鑰](#設定-ssh-金鑰)
+      - [產生 RSA 金鑰](#產生-rsa-金鑰)
+      - [產生 ED25519 金鑰](#產生-ed25519-金鑰)
+    - [OpenSSH 相容性](#openssh-相容性)
+  - [🛠️ 用法場景與進階範例](#️-用法場景與進階範例)
+    - [使用密碼認證](#使用密碼認證)
+    - [使用私鑰認證](#使用私鑰認證)
+    - [多條指令](#多條指令)
+    - [從檔案執行指令](#從檔案執行指令)
+    - [多主機](#多主機)
+    - [多主機不同埠號](#多主機不同埠號)
+    - [多主機同步執行](#多主機同步執行)
+    - [傳遞環境變數到 shell 腳本](#傳遞環境變數到-shell-腳本)
+    - [擷取指令輸出](#擷取指令輸出)
+  - [🌐 代理與跳板機用法](#-代理與跳板機用法)
+  - [🛡️ 安全最佳實踐](#️-安全最佳實踐)
+    - [保護你的私鑰](#保護你的私鑰)
+    - [主機指紋驗證](#主機指紋驗證)
+  - [🚨 錯誤處理與疑難排解](#-錯誤處理與疑難排解)
+    - [常見問題](#常見問題)
+      - [指令找不到（npm 或其他指令）](#指令找不到npm-或其他指令)
+  - [🤝 貢獻](#-貢獻)
+  - [📝 授權](#-授權)
+
+---
+
+## 📖 簡介
+
+**SSH for GitHub Actions** 是一個強大的 [GitHub Action](https://github.com/features/actions)，可讓你在 CI/CD 工作流程中輕鬆且安全地執行遠端 SSH 指令。  
+本專案以 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 建立，支援多主機、代理、進階認證等多種 SSH 場景。
+
+![ssh workflow](./images/ssh-agent.png)
+
+[![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml)
+[![Trivy Security Scan](https://github.com/appleboy/ssh-action/actions/workflows/trivy-scan.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/trivy-scan.yml)
+
+**簡報：** [SSH for GitHub Actions](https://speakerdeck.com/appleboy/ssh-for-github-actions)
+
+---
+
+## 🧩 核心概念與輸入參數
+
+本 Action 提供彈性的 SSH 指令執行能力，並具備豐富的設定選項。
+
+完整參數請參閱 [action.yml](./action.yml)。
+
+### 🔌 連線設定
+
+這些參數用於控制如何連線到遠端主機。
+
+| 參數                | 說明                                          | 預設值 |
+| ------------------- | --------------------------------------------- | ------ |
+| host                | SSH 主機位址                                  |        |
+| port                | SSH 埠號                                      | 22     |
+| username            | SSH 使用者名稱                                |        |
+| password            | SSH 密碼                                      |        |
+| protocol            | SSH 協議版本（`tcp`、`tcp4`、`tcp6`）         | tcp    |
+| sync                | 指定多個主機時同步執行                        | false  |
+| timeout             | SSH 連線主機的逾時時間                        | 30s    |
+| key                 | SSH 私鑰內容（如 `~/.ssh/id_rsa` 的原始內容） |        |
+| key_path            | SSH 私鑰路徑                                  |        |
+| passphrase          | SSH 私鑰密碼                                  |        |
+| fingerprint         | 主機公鑰的 SHA256 指紋                        |        |
+| use_insecure_cipher | 允許額外（不安全）的加密演算法                | false  |
+| cipher              | 允許的加密演算法，未指定時使用預設值          |        |
+
+---
+
+### 🛠️ 指令設定
+
+這些參數用於控制在遠端主機上執行的指令及相關行為。
+
+| 參數            | 說明                                                  | 預設值 |
+| --------------- | ----------------------------------------------------- | ------ |
+| script          | 遠端執行的指令                                        |        |
+| script_path     | 儲存庫中包含要遠端執行指令的檔案路徑                  |        |
+| envs            | 傳遞給 shell 腳本的環境變數                           |        |
+| envs_format     | 環境變數傳遞的彈性設定                                |        |
+| allenvs         | 傳遞所有帶 `GITHUB_` 和 `INPUT_` 前綴的環境變數到腳本 | false  |
+| command_timeout | SSH 指令執行逾時時間                                  | 10m    |
+| debug           | 啟用除錯模式                                          | false  |
+| request_pty     | 向伺服器請求偽終端                                    | false  |
+| curl_insecure   | 允許 curl 連線無憑證的 SSL 網站                       | false  |
+| capture_stdout  | 擷取指令的標準輸出作為 Action 輸出                    | false  |
+| version         | drone-ssh 執行檔版本，未指定時使用最新版本            |        |
+
+---
+
+### 🌐 代理設定
+
+這些參數用於透過代理（跳板機）連線到目標主機。
+
+| 參數                      | 說明                                      | 預設值 |
+| ------------------------- | ----------------------------------------- | ------ |
+| proxy_host                | SSH 代理主機                              |        |
+| proxy_port                | SSH 代理埠號                              | 22     |
+| proxy_username            | SSH 代理使用者名稱                        |        |
+| proxy_password            | SSH 代理密碼                              |        |
+| proxy_passphrase          | SSH 代理私鑰密碼                          |        |
+| proxy_protocol            | SSH 代理協議版本（`tcp`、`tcp4`、`tcp6`） | tcp    |
+| proxy_timeout             | SSH 連線代理主機的逾時時間                | 30s    |
+| proxy_key                 | SSH 代理私鑰內容                          |        |
+| proxy_key_path            | SSH 代理私鑰路徑                          |        |
+| proxy_fingerprint         | 代理主機公鑰的 SHA256 指紋                |        |
+| proxy_cipher              | 代理允許的加密演算法                      |        |
+| proxy_use_insecure_cipher | 代理允許額外（不安全）的加密演算法        | false  |
+
+> **注意：** 如需實現已移除的 `script_stop` 功能，請在 shell 腳本最上方加上 `set -e`。
+
+---
+
+## 📤 輸出變數
+
+本 Action 提供以下輸出，可在後續步驟中使用：
+
+| 輸出   | 說明                                                  |
+| ------ | ----------------------------------------------------- |
+| stdout | 執行指令的標準輸出（需設定 `capture_stdout: true`） |
+
+---
+
+## ⚡ 快速開始
+
+只需簡單設定，即可在工作流程中執行遠端 SSH 指令：
+
+```yaml
+name: Remote SSH Command
+on: [push]
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: 執行遠端 SSH 指令（密碼認證）
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ secrets.HOST }}
+          username: ${{ secrets.USERNAME }}
+          password: ${{ secrets.PASSWORD }}
+          port: ${{ secrets.PORT }}
+          script: whoami
+```
+
+**輸出：**
+
+```sh
+======CMD======
+whoami
+======END======
+out: your_username
+===============================================
+✅ Successfully executed commands to all hosts.
+===============================================
+```
+
+---
+
+## 🔑 SSH 金鑰設定與 OpenSSH 相容性
+
+### 設定 SSH 金鑰
+
+建議於本地端（非遠端伺服器）產生 SSH 金鑰。請以 GitHub Secrets 指定的使用者名稱登入並產生金鑰對：
+
+#### 產生 RSA 金鑰
+
+```bash
+ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
+```
+
+#### 產生 ED25519 金鑰
+
+```bash
+ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
+```
+
+將新產生的公鑰加入伺服器的 authorized_keys。 [了解更多 authorized_keys](https://www.ssh.com/ssh/authorized_keys/)
+
+```bash
+# 加入 RSA 公鑰
+cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys'
+
+# 加入 ED25519 公鑰
+cat .ssh/id_ed25519.pub | ssh user@host 'cat >> .ssh/authorized_keys'
+```
+
+複製私鑰內容並貼到 GitHub Secrets。
+
+```bash
+# macOS
+pbcopy < ~/.ssh/id_rsa
+# Ubuntu
+xclip < ~/.ssh/id_rsa
+```
+
+> **提示：** 複製內容需包含 `-----BEGIN OPENSSH PRIVATE KEY-----` 到 `-----END OPENSSH PRIVATE KEY-----`（含）。
+
+ED25519 同理：
+
+```bash
+# macOS
+pbcopy < ~/.ssh/id_ed25519
+# Ubuntu
+xclip < ~/.ssh/id_ed25519
+```
+
+更多資訊：[SSH 免密碼登入](http://www.linuxproblem.org/art_9.html)。
+
+> **注意：** 根據 SSH 版本，可能還需：
+>
+> - 將公鑰放入 `.ssh/authorized_keys2`
+> - 設定 `.ssh` 權限為 700
+> - 設定 `.ssh/authorized_keys2` 權限為 640
+
+### OpenSSH 相容性
+
+若出現以下錯誤：
+
+```bash
+ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
+```
+
+在 Ubuntu 20.04+，你可能需明確允許 `ssh-rsa` 演算法。請於 OpenSSH 設定檔（`/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 下的 drop-in 檔案）加入：
+
+```text
+CASignatureAlgorithms +ssh-rsa
+```
+
+或直接使用預設支援的 ED25519 金鑰：
+
+```bash
+ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
+```
+
+---
+
+## 🛠️ 用法場景與進階範例
+
+本節涵蓋常見與進階用法，包括多主機、代理、環境變數傳遞等。
+
+### 使用密碼認證
+
+```yaml
+- name: 執行遠端 SSH 指令（密碼認證）
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    password: ${{ secrets.PASSWORD }}
+    port: ${{ secrets.PORT }}
+    script: whoami
+```
+
+### 使用私鑰認證
+
+```yaml
+- name: 執行遠端 SSH 指令（私鑰認證）
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    key: ${{ secrets.KEY }}
+    port: ${{ secrets.PORT }}
+    script: whoami
+```
+
+### 多條指令
+
+```yaml
+- name: 多條指令
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    key: ${{ secrets.KEY }}
+    port: ${{ secrets.PORT }}
+    script: |
+      whoami
+      ls -al
+```
+
+![result](./images/output-result.png)
+
+### 從檔案執行指令
+
+```yaml
+- name: 檔案指令
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    key: ${{ secrets.KEY }}
+    port: ${{ secrets.PORT }}
+    script_path: scripts/script.sh
+```
+
+### 多主機
+
+```diff
+  - name: 多主機
+    uses: appleboy/ssh-action@v1
+    with:
+-     host: "foo.com"
++     host: "foo.com,bar.com"
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
+      script: |
+        whoami
+        ls -al
+```
+
+預設 `port` 為 `22`。
+
+### 多主機不同埠號
+
+```diff
+  - name: 多主機
+    uses: appleboy/ssh-action@v1
+    with:
+-     host: "foo.com"
++     host: "foo.com:1234,bar.com:5678"
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      script: |
+        whoami
+        ls -al
+```
+
+### 多主機同步執行
+
+```diff
+  - name: 多主機
+    uses: appleboy/ssh-action@v1
+    with:
+      host: "foo.com,bar.com"
++     sync: true
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
+      script: |
+        whoami
+        ls -al
+```
+
+### 傳遞環境變數到 shell 腳本
+
+```diff
+  - name: 傳遞環境變數
+    uses: appleboy/ssh-action@v1
++   env:
++     FOO: "BAR"
++     BAR: "FOO"
++     SHA: ${{ github.sha }}
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     envs: FOO,BAR,SHA
+      script: |
+        echo "I am $FOO"
+        echo "I am $BAR"
+        echo "sha: $SHA"
+```
+
+> _`env` 物件中的所有環境變數必須為字串。傳遞整數或其他型別可能導致非預期結果。_
+
+### 擷取指令輸出
+
+你可以擷取遠端指令的標準輸出，並在後續步驟中使用：
+
+```yaml
+- name: 執行並擷取輸出
+  id: ssh
+  uses: appleboy/ssh-action@v1
+  with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    key: ${{ secrets.KEY }}
+    port: ${{ secrets.PORT }}
+    capture_stdout: true
+    script: |
+      echo "Hello World"
+      hostname
+
+- name: 使用擷取的輸出
+  run: echo "SSH 輸出為 ${{ steps.ssh.outputs.stdout }}"
+```
+
+---
+
+## 🌐 代理與跳板機用法
+
+你可以透過代理（跳板機）連線到遠端主機，適用於進階網路拓撲。
+
+```bash
++--------+       +----------+      +-----------+
+| Laptop | <-->  | Jumphost | <--> | FooServer |
++--------+       +----------+      +-----------+
+```
+
+範例 `~/.ssh/config`：
+
+```text
+Host Jumphost
+  HostName Jumphost
+  User ubuntu
+  Port 22
+  IdentityFile ~/.ssh/keys/jump_host.pem
+
+Host FooServer
+  HostName FooServer
+  User ubuntu
+  Port 22
+  ProxyCommand ssh -q -W %h:%p Jumphost
+```
+
+**GitHub Actions YAML:**
+
+```diff
+  - name: SSH 代理指令
+    uses: appleboy/ssh-action@v1
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     proxy_host: ${{ secrets.PROXY_HOST }}
++     proxy_username: ${{ secrets.PROXY_USERNAME }}
++     proxy_key: ${{ secrets.PROXY_KEY }}
++     proxy_port: ${{ secrets.PROXY_PORT }}
+      script: |
+        mkdir abc/def
+        ls -al
+```
+
+---
+
+## 🛡️ 安全最佳實踐
+
+### 保護你的私鑰
+
+密碼短語會加密你的私鑰，即使外洩也無法被攻擊者直接利用。請務必妥善保管私鑰。
+
+```diff
+  - name: SSH 私鑰密碼
+    uses: appleboy/ssh-action@v1
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     passphrase: ${{ secrets.PASSPHRASE }}
+      script: |
+        whoami
+        ls -al
+```
+
+### 主機指紋驗證
+
+驗證 SSH 主機指紋有助於防止中間人攻擊。取得主機指紋（將 `ed25519` 換成你的金鑰型別，`example.com` 換成你的主機）：
+
+```sh
+ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2
+```
+
+更新設定：
+
+```diff
+  - name: SSH 私鑰密碼
+    uses: appleboy/ssh-action@v1
+    with:
+      host: ${{ secrets.HOST }}
+      username: ${{ secrets.USERNAME }}
+      key: ${{ secrets.KEY }}
+      port: ${{ secrets.PORT }}
++     fingerprint: ${{ secrets.FINGERPRINT }}
+      script: |
+        whoami
+        ls -al
+```
+
+---
+
+## 🚨 錯誤處理與疑難排解
+
+### 常見問題
+
+#### 指令找不到（npm 或其他指令）
+
+若遇到 "command not found" 錯誤，請參考 [此討論](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) 了解互動式與非互動式 shell 差異。
+
+許多 Linux 發行版的 `/etc/bash.bashrc` 包含如下內容：
+
+```sh
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+```
+
+請將該行註解掉或使用指令的絕對路徑。
+
+---
+
+## 🤝 貢獻
+
+歡迎貢獻！請提交 Pull Request 改善 `appleboy/ssh-action`。
+
+---
+
+## 📝 授權
+
+本專案採用 [MIT License](LICENSE) 授權。

action.yml

@@ -0,0 +1,145 @@
+name: "SSH Remote Commands"
+description: "Executing remote ssh commands"
+author: "Bo-Yi Wu"
+inputs:
+  host:
+    description: "SSH host address or IP to connect to."
+  port:
+    description: "SSH port number for the connection."
+    default: "22"
+  passphrase:
+    description: "Passphrase to decrypt the SSH private key if protected."
+  username:
+    description: "SSH username for authentication on the remote server."
+  password:
+    description: "SSH password for authentication (use secrets for sensitive data)."
+  protocol:
+    description: 'IP protocol version to use. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).'
+    default: "tcp"
+  sync:
+    description: "When true, executes commands synchronously across multiple hosts (one after another)."
+  use_insecure_cipher:
+    description: "Enable additional legacy ciphers that might be less secure but more compatible with older systems."
+  cipher:
+    description: "Specify custom cipher algorithms for encryption. Leave empty to use secure defaults."
+  timeout:
+    description: "Maximum time to wait when establishing the SSH connection, e.g., '30s', '1m'."
+    default: "30s"
+  command_timeout:
+    description: "Maximum execution time for the remote commands before terminating, e.g., '10m', '1h'."
+    default: "10m"
+  key:
+    description: "Raw content of the SSH private key for authentication (use secrets for sensitive data)."
+  key_path:
+    description: "Path to the SSH private key file on the runner."
+  fingerprint:
+    description: "SHA256 fingerprint of the host public key for verification to prevent MITM attacks."
+  proxy_host:
+    description: "Proxy server hostname or IP if connecting through an SSH jump host."
+  proxy_port:
+    description: "SSH port number for the proxy connection."
+    default: "22"
+  proxy_username:
+    description: "Username for authentication on the proxy server."
+  proxy_password:
+    description: "Password for authentication on the proxy server (use secrets for sensitive data)."
+  proxy_protocol:
+    description: 'IP protocol version for proxy. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).'
+    default: "tcp"
+  proxy_passphrase:
+    description: "Passphrase to decrypt the proxy SSH private key if protected."
+  proxy_timeout:
+    description: "Maximum time to wait when establishing the proxy SSH connection, e.g., '30s', '1m'."
+    default: "30s"
+  proxy_key:
+    description: "Raw content of the SSH proxy private key for authentication (use secrets for sensitive data)."
+  proxy_key_path:
+    description: "Path to the SSH proxy private key file on the runner."
+  proxy_fingerprint:
+    description: "SHA256 fingerprint of the proxy host public key for verification."
+  proxy_cipher:
+    description: "Specify custom cipher algorithms for proxy connection encryption."
+  proxy_use_insecure_cipher:
+    description: "Enable additional legacy ciphers for proxy connections (less secure but more compatible)."
+  script:
+    description: "Commands to execute on the remote server (inline script string)."
+  script_path:
+    description: "Path to a local file containing commands to execute on the remote server."
+  envs:
+    description: "Environment variables to expose to the remote script, format: key=value,key2=value2."
+  envs_format:
+    description: "Format specification for environment variable transfer (for advanced usage)."
+  debug:
+    description: "Set to true to enable verbose logging for troubleshooting connection issues."
+  allenvs:
+    description: "When true, passes all GitHub Actions environment variables to the remote script."
+  request_pty:
+    description: "Request a pseudo-terminal from the server (required for interactive commands or sudo)."
+  curl_insecure:
+    description: "When true, uses the --insecure option with curl for insecure downloads."
+    default: "false"
+  capture_stdout:
+    description: "When true, captures and returns standard output from the commands as action output."
+    default: "false"
+  version:
+    description: |
+      The version of drone-ssh to use.
+
+outputs:
+  stdout:
+    description: "Standard output of the executed commands when capture_stdout is enabled."
+    value: ${{ steps.entrypoint.outputs.stdout }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set GitHub Path
+      run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
+      shell: bash
+      env:
+        GITHUB_ACTION_PATH: ${{ github.action_path }}
+    - id: entrypoint
+      name: Run entrypoint.sh
+      run: entrypoint.sh
+      shell: bash
+      env:
+        GITHUB_ACTION_PATH: ${{ github.action_path }}
+        INPUT_HOST: ${{ inputs.host }}
+        INPUT_PORT: ${{ inputs.port }}
+        INPUT_PROTOCOL: ${{ inputs.protocol }}
+        INPUT_USERNAME: ${{ inputs.username }}
+        INPUT_PASSWORD: ${{ inputs.password }}
+        INPUT_PASSPHRASE: ${{ inputs.passphrase }}
+        INPUT_KEY: ${{ inputs.key }}
+        INPUT_KEY_PATH: ${{ inputs.key_path }}
+        INPUT_FINGERPRINT: ${{ inputs.fingerprint }}
+        INPUT_PROXY_HOST: ${{ inputs.proxy_host }}
+        INPUT_PROXY_PORT: ${{ inputs.proxy_port }}
+        INPUT_PROXY_USERNAME: ${{ inputs.proxy_username }}
+        INPUT_PROXY_PASSWORD: ${{ inputs.proxy_password }}
+        INPUT_PROXY_PASSPHRASE: ${{ inputs.proxy_passphrase }}
+        INPUT_PROXY_KEY: ${{ inputs.proxy_key }}
+        INPUT_PROXY_KEY_PATH: ${{ inputs.proxy_key_path }}
+        INPUT_PROXY_FINGERPRINT: ${{ inputs.proxy_fingerprint }}
+        INPUT_TIMEOUT: ${{ inputs.timeout }}
+        INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }}
+        INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }}
+        INPUT_SCRIPT: ${{ inputs.script }}
+        INPUT_SCRIPT_FILE: ${{ inputs.script_path }}
+        INPUT_ENVS: ${{ inputs.envs }}
+        INPUT_ENVS_FORMAT: ${{ inputs.envs_format }}
+        INPUT_DEBUG: ${{ inputs.debug }}
+        INPUT_ALL_ENVS: ${{ inputs.allenvs }}
+        INPUT_REQUEST_PTY: ${{ inputs.request_pty }}
+        INPUT_USE_INSECURE_CIPHER: ${{ inputs.use_insecure_cipher }}
+        INPUT_CIPHER: ${{ inputs.cipher }}
+        INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }}
+        INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }}
+        INPUT_SYNC: ${{ inputs.sync }}
+        INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }}
+        INPUT_CURL_INSECURE: ${{ inputs.curl_insecure }}
+        DRONE_SSH_VERSION: ${{ inputs.version }}
+
+branding:
+  icon: "terminal"
+  color: "gray-dark"

entrypoint.sh

@@ -1,7 +1,79 @@
-#!/bin/sh
+#!/usr/bin/env bash
 
-set -eu
+set -euo pipefail
 
 export GITHUB="true"
 
-sh -c "/bin/drone-ssh $*"
+GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}"
+DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}"
+DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.8.2}"
+
+# Error codes
+readonly ERR_UNKNOWN_PLATFORM=2
+readonly ERR_UNKNOWN_ARCH=3
+readonly ERR_DOWNLOAD_FAILED=4
+readonly ERR_INVALID_BINARY=5
+readonly ERR_VERSION_CHECK_FAILED=6
+
+function log_error() {
+  echo "$1" >&2
+  exit "$2"
+}
+
+function detect_client_info() {
+  CLIENT_PLATFORM="${SSH_CLIENT_OS:-$(uname -s | tr '[:upper:]' '[:lower:]')}"
+  CLIENT_ARCH="${SSH_CLIENT_ARCH:-$(uname -m)}"
+
+  case "${CLIENT_PLATFORM}" in
+  darwin | linux | windows) ;;
+  *) log_error "Unknown or unsupported platform: ${CLIENT_PLATFORM}. Supported platforms are Linux, Darwin, and Windows." "${ERR_UNKNOWN_PLATFORM}" ;;
+  esac
+
+  case "${CLIENT_ARCH}" in
+  x86_64* | i?86_64* | amd64*) CLIENT_ARCH="amd64" ;;
+  aarch64* | arm64*) CLIENT_ARCH="arm64" ;;
+  *) log_error "Unknown or unsupported architecture: ${CLIENT_ARCH}. Supported architectures are x86_64, i686, and arm64." "${ERR_UNKNOWN_ARCH}" ;;
+  esac
+}
+
+detect_client_info
+DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}"
+CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}"
+TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}"
+
+# Check if binary already exists and is executable (caching)
+if [[ -f "${TARGET}" ]] && [[ -x "${TARGET}" ]]; then
+  echo "Binary ${CLIENT_BINARY} already exists, skipping download"
+else
+  echo "Downloading ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}"
+  INSECURE_OPTION=""
+  if [[ "${INPUT_CURL_INSECURE}" == 'true' ]]; then
+    INSECURE_OPTION="--insecure"
+  fi
+
+  # Download with better error handling
+  if ! curl -fsSL --retry 5 --keepalive-time 2 --location ${INSECURE_OPTION} \
+    "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}"; then
+    log_error "Failed to download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}. Please check the URL and your network connection." "${ERR_DOWNLOAD_FAILED}"
+  fi
+
+  # Validate downloaded file
+  if [[ ! -f "${TARGET}" ]] || [[ ! -s "${TARGET}" ]]; then
+    log_error "Downloaded file is missing or empty: ${TARGET}" "${ERR_INVALID_BINARY}"
+  fi
+
+  chmod +x "${TARGET}"
+fi
+
+echo "======= CLI Version Information ======="
+if ! "${TARGET}" --version; then
+  log_error "Failed to execute ${TARGET} --version. The binary may be corrupted." "${ERR_VERSION_CHECK_FAILED}"
+fi
+echo "======================================="
+if [[ "${INPUT_CAPTURE_STDOUT}" == 'true' ]]; then
+  echo 'stdout<<EOF' >> "${GITHUB_OUTPUT}"
+  "${TARGET}" "$@" | tee -a "${GITHUB_OUTPUT}"
+  echo 'EOF' >> "${GITHUB_OUTPUT}"
+else
+  "${TARGET}" "$@"
+fi

testdata/.ssh/id_ed25519

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACDoi7FltQCqpWporKh61nJUPIeazUYdzdstncoeU5XS2AAAAKBF5e2SReXt
+kgAAAAtzc2gtZWQyNTUxOQAAACDoi7FltQCqpWporKh61nJUPIeazUYdzdstncoeU5XS2A
+AAAEBrsLG1vSg08yaQgYM46KQW93Lz2ZikS1tTMH35gfHhpOiLsWW1AKqlamisqHrWclQ8
+h5rNRh3N2y2dyh5TldLYAAAAFnlvdXJfZW1haWxAZXhhbXBsZS5jb20BAgMEBQYH
+-----END OPENSSH PRIVATE KEY-----

testdata/.ssh/id_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiLsWW1AKqlamisqHrWclQ8h5rNRh3N2y2dyh5TldLY your_email@example.com

testdata/.ssh/id_passphrase

@@ -0,0 +1,39 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA5p9eRXu
+BJantF5ARnBfnqAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCuWKQh09Vl
+v3IRu/+oK18ws72VQS7PCXJaIEp1L+7HqC/6+plizaVgd9SjAg0UJSqvp+WfpU5I53hevE
+0Ip3s71Tsoeu1azWoi2Mbq3ycZ5ysh4htZZklKBkYsyW+2EdITPcmhA8rF+KiDRyuvk7fD
+o08G3YWgbCScY6VkLA06ReThCehAY54WNvgbx7lyvCWj1qYG0XjM7mTQHr3QN0JHJNdFaG
+3MCi1rTG2hK/owOlzcesIbzfM1VMIQG5HT4vNg/ULP0BTZ7pGtdvWlvR/660KQwc1tBxLq
+xI1dYoCgiS/gMyPxhOtNKTvhR/NR7e2sp/StkXURIxTHhj0KjKbnpXTQ2IndnesHAG9kDJ
+7c31SXastWpbXWhCIdRZk+KQsnmwobZlw3w1vfx2Dm7M2ZCcCgG/ArUPjY44nGOWO5Nz98
+QHyz3IocsKJXrGVo/3YpNNu72jkw7UGVMqh1dAe3ZMaCAC5pAAa0HKvkid7jdXawL2b//+
+vsAPSHdnEjP58AAAWQCUj9ajDO6N0sI5jzkRxiMIaeDvP7Ns+cJtE1uxzrm7Ecgf7kBL2V
+9Ru0gW1+ii3U/hPLkxwBwd3xvoc1Xy+n+c7D6bQVviv1lsbY1uPzxGR3fUfRCu2M1D8OEH
+vol7jvFAZmtrpgy3gY45k2lbsY368bIJ+hYIqeHRqFsD+SyM/xSnj5/bZNvNrc+kHikiA3
+uVSvXe9oWVNm3hxLDppYPEYkORERHx9EWh5sruLwoM2NW6qwE+wGw0Vx1AuA7cNszDdmMs
+qJFq0n5cQ78E3q0V49e0FOBjMoSJBxdQRHRz2al9MzJlcVVs5LGwmgVH0ur0V9QR8zv2Pv
+ZV6r+H9mMo2eCtUDlKUXlCnfgwDP0ghXysFKSDLzXNEPrddmvzQeWA973fcguniLLq7Gbw
+gpHSuP/vqVqtQQbXEdozgUl666SXC7GdPqaA5YsfGIJ4Ank3/Vjb3hc0/hElx4O0fEn18E
+TWbd9o6v70mNbu3LjeJPNDwODMGn9GC3kRtSc5bU0A8YAM+gFaeytrz2W/vCe3EST8VBcQ
+UtvYqGG/zGJhV8+OYoIZZQQkyCmTt0i4nTCJAMUnZ+pgY6YJk+UdBGhLvwNBtl4Z1nQKSA
+hcBBo6T08bQfe/HmVs4dcwBO956qiOX/QjHDLew81MfpvjZ2kGD5Hp/qhieUdJ3IiUEsOC
+FQC01JeEJlkEqd2jqBR/9RDnK7O8gTR0AA858L+MftN4nN2h2UkGjWMWSbkmwGMqyRGfRa
+TJeg5njxYJVcRlWZ/KvNPxis8wIuCaRMbPT2WpHsRr1lY3s4IzFn+EMCkybHZArQVYtl1O
+iGXYjpxe+cOc02PM1aKlUfCQfsr0CrXwwGzIQ73uXVSQgP5pQdV3iN/57+5aiH8F9D7X3n
+p5QJzBuLGvhUDWqqwbwWy+81k3Y8rHXNfhVSlRmtGJXAPqpw0PCyquySJNwogi4rBkg0jF
+xuqvimvhNcWzF7yf+fnYa6H+N8PavH32HRM50AYyWPyKWBp3Syri0P54cnkBjKTjTKGYA6
+4KwizazsbOMY5kp0UAmgX6XyM5OSROtxUp4P6T20okjKaSzamgMBKZULP/b768l4UYRgFe
+uohg2/9A1fwYB/K8I+V7Qw9079JvAG05eIOgce3Dd+bXoH6j/Ylmk5Gj7LzhEXtMz3NEpj
+LCg8tx0YFpuyoCaRlqOnsZCpc1EnL0UyMguCh9ADTG9h6V3Xf2j2Q94rKvAc4ZrBtj6qXT
+BIfGsBIA7vA1KnKHB9oOFQZ26iRU7oTAunAQvSKF7/7luTqONoni6U/RpvERT/KeeIDSxz
+uzFQ+apy/PTESSUtutpnTug6rexwrPb6ugJipag8ebNWVdOgaNBUL8wciW4lN8YkzjhXMw
+xHB0PUuSXcBuuPDQuYZk84dpXxM10fWwuCTMlH1bXatSQhtRVbjVJIDXnnYpQKtuURiwMm
+j4WLEt10hvu6t4aNJzzVY80/iLMb4ZGQgHotrjFfx9nzwe3SioINPaxRIb3m2gTsi8Nr/p
+Y5zNjV9NOjONktUjLznRpfY/yBxOtPe9lxnaKfniRTK5HjBbi8hmei9G8lIHV9qyhpURYM
+1EdZB86uZWJOaRA8/fpwt8z2stmpKpuGFQOSgr7W5JQWSFeTAMYPoafsm0PD1zSyw7j1wE
+DWlmUAzpMirSnPUQndR8IcF7fZmI8J1g30eIFTQpoTDCyoiegkOXHa9HyWwmEAwws1PCWZ
+a5Viw6XLJI3tahSNhZzdY/UNFikuO8AuIDXykBM7riaqK4PADtmGY88QGWXQbw5xxWtH6r
+Wwk4KzDL9UFeCMSiQo//e+kg/mPLml6Sa4THOzP3iOmx810JoMDmF/jvtpC+ew5HpPPtg4
+h55pSap77CEhEhE5FPZKuH9f7/E=
+-----END OPENSSH PRIVATE KEY-----

testdata/.ssh/id_passphrase.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuWKQh09Vlv3IRu/+oK18ws72VQS7PCXJaIEp1L+7HqC/6+plizaVgd9SjAg0UJSqvp+WfpU5I53hevE0Ip3s71Tsoeu1azWoi2Mbq3ycZ5ysh4htZZklKBkYsyW+2EdITPcmhA8rF+KiDRyuvk7fDo08G3YWgbCScY6VkLA06ReThCehAY54WNvgbx7lyvCWj1qYG0XjM7mTQHr3QN0JHJNdFaG3MCi1rTG2hK/owOlzcesIbzfM1VMIQG5HT4vNg/ULP0BTZ7pGtdvWlvR/660KQwc1tBxLqxI1dYoCgiS/gMyPxhOtNKTvhR/NR7e2sp/StkXURIxTHhj0KjKbnpXTQ2IndnesHAG9kDJ7c31SXastWpbXWhCIdRZk+KQsnmwobZlw3w1vfx2Dm7M2ZCcCgG/ArUPjY44nGOWO5Nz98QHyz3IocsKJXrGVo/3YpNNu72jkw7UGVMqh1dAe3ZMaCAC5pAAa0HKvkid7jdXawL2b//+vsAPSHdnEjP58= mtk10671@NB22040567

testdata/.ssh/id_rsa

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA4e2D/qPN08pzTac+a8ZmlP1ziJOXk45CynMPtva0rtK/RB26
+VbfAF0hIJji7ltvnYnqCU9oFfvEM33cTn7T96+od8ib/Vz25YU8ZbstqtIskPuwC
+bv3K0mAHgsviJyRD7yM+QKTbBQEgbGuW6gtbMKhiYfiIB4Dyj7AdS/fk3v26wDgz
+7SHI5OBqu9bv1KhxQYdFEnU3PAtAqeccgzNpbH3eYLyGzuUxEIJlhpZ/uU2G9ppj
+/cSrONVPiI8Ahi4RrlZjmP5l57/sq1ClGulyLpFcMw68kP5FikyqHpHJHRBNgU57
+1y0Ph33SjBbs0haCIAcmreWEhGe+/OXnJe6VUQIDAQABAoIBAH97emORIm9DaVSD
+7mD6DqA7c5m5Tmpgd6eszU08YC/Vkz9oVuBPUwDQNIX8tT0m0KVs42VVPIyoj874
+bgZMJoucC1G8V5Bur9AMxhkShx9g9A7dNXJTmsKilRpk2TOk7wBdLp9jZoKoZBdJ
+jlp6FfaazQjjKD6zsCsMATwAoRCBpBNsmT6QDN0n0bIgY0tE6YGQaDdka0dAv68G
+R0VZrcJ9voT6+f+rgJLoojn2DAu6iXaM99Gv8FK91YCymbQlXXgrk6CyS0IHexN7
+V7a3k767KnRbrkqd3o6JyNun/CrUjQwHs1IQH34tvkWScbseRaFehcAm6mLT93RP
+muauvMECgYEA9AXGtfDMse0FhvDPZx4mx8x+vcfsLvDHcDLkf/lbyPpu97C27b/z
+ia07bu5TAXesUZrWZtKA5KeRE5doQSdTOv1N28BEr8ZwzDJwfn0DPUYUOxsN2iIy
+MheO5A45Ko7bjKJVkZ61Mb1UxtqCTF9mqu9R3PBdJGthWOd+HUvF460CgYEA7QRf
+Z8+vpGA+eSuu29e0xgRKnRzed5zXYpcI4aERc3JzBgO4Z0er9G8l66OWVGdMfpe6
+CBajC5ToIiT8zqoYxXwqJgN+glir4gJe3mm8J703QfArZiQrdk0NTi5bY7+vLLG/
+knTrtpdsKih6r3kjhuPPaAsIwmMxIydFvATKjLUCgYEAh/y4EihRSk5WKC8GxeZt
+oiZ58vT4z+fqnMIfyJmD5up48JuQNcokw/LADj/ODiFM7GUnWkGxBrvDA3H67WQm
+49bJjs8E+BfUQFdTjYnJRlpJZ+7Zt1gbNQMf5ENw5CCchTDqEq6pN0DVf8PBnSIF
+KvkXW9KvdV5J76uCAn15mDkCgYA1y8dHzbjlCz9Cy2pt1aDfTPwOew33gi7U3skS
+RTerx29aDyAcuQTLfyrROBkX4TZYiWGdEl5Bc7PYhCKpWawzrsH2TNa7CRtCOh2E
+R+V/84+GNNf04ALJYCXD9/ugQVKmR1XfDRCvKeFQFE38Y/dvV2etCswbKt5tRy2p
+xkCe/QKBgQCkLqafD4S20YHf6WTp3jp/4H/qEy2X2a8gdVVBi1uKkGDXr0n+AoVU
+ib4KbP5ovZlrjL++akMQ7V2fHzuQIFWnCkDA5c2ZAqzlM+ZN+HRG7gWur7Bt4XH1
+7XC9wlRna4b3Ln8ew3q1ZcBjXwD4ppbTlmwAfQIaZTGJUgQbdsO9YA==
+-----END RSA PRIVATE KEY-----

testdata/.ssh/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDh7YP+o83TynNNpz5rxmaU/XOIk5eTjkLKcw+29rSu0r9EHbpVt8AXSEgmOLuW2+dieoJT2gV+8QzfdxOftP3r6h3yJv9XPblhTxluy2q0iyQ+7AJu/crSYAeCy+InJEPvIz5ApNsFASBsa5bqC1swqGJh+IgHgPKPsB1L9+Te/brAODPtIcjk4Gq71u/UqHFBh0USdTc8C0Cp5xyDM2lsfd5gvIbO5TEQgmWGln+5TYb2mmP9xKs41U+IjwCGLhGuVmOY/mXnv+yrUKUa6XIukVwzDryQ/kWKTKoekckdEE2BTnvXLQ+HfdKMFuzSFoIgByat5YSEZ7785ecl7pVR drone-scp@localhost

testdata/.ssh/test

@@ -0,0 +1,50 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAZka7A7i
+FscMeJBPyPteclAAAAEAAAAAEAAAIXAAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2o
+nnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mh
+HBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+
+rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMG
+vX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv
+9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOr
+b93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mr
+D2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jI
+NHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE
+3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpv
+jwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQAAB1CnEMQGwAKZbd3F1DJqwfPf
+KWjoUJKbTRiav6h5pQr65JaqDe/7YE2ZHYo5917AC2vPLwPxAnoHFMsbObd5mWcmpATg/0
+K/qkN5Z4Ml5U3bwr51wfSPh1MiAP21Aickt09BDstIJzNNwwgcY31O3k/d6VBjqyM6Ezop
+66LI4s/IIni1BI+cALyEfzE4Qu16GfzIeM+JVxildP4VImhvNBESmmbBL8rNmSzlQ+FTuF
+JVmowUbcon1O0CppM1MRVPeG805XDwjxHXKwOp5O7MdTz7H8JeORoe8D6+4rNfJE0eQGY7
+Nm4+Wa97HzAFbT9IS433rxoGx9Qps3LAySFONso2JWSOEfo8rxnqO04DrfVHQhY3DkkwQt
+FsDnMtkthJa+ZzUYc75fnS0DBPGuF9DZUCqrev5oAUHP6C4Vc4b33JJQD4FZJ+ehk3Xsci
+cwJQsmgLyc5Jdh543Dm7kZoM9ku7HDNrB4H/1p45Vo6aBZMAY50x+fTdBeTgCzzhzzTbf+
+0IF8W3yW3/BYD+S2Byo3JKp6NH0Q8cgPJrGTl6GltGfpVuc6kLjMZ5zvxRbyWaqtIygM46
+W1izbA+9jwbHhitCtOk42e/ff6iEB1MVC13LqPty3gPNR8Pv0rDUDjJS4KiVwXqUY+bMr0
+C8l/hx93euHjLUJ49Ru6uy/2fBlHZEj6GmEAJhu/i6t2c1Rq0HBLis9X356oQT+YZnIai2
+ym0MknPxjeYBAItOV3zhRd1cYnk7CDcl1XALcnh0tqP712x24IJ+Ytqg7nvB2NZV8T469I
+8Fp254Nr89HOMAXaZD0UcIPm7D2rfWV+YJFI3ZcJ/8DM99H3tpXe2j4oHMdmAbBd++09sx
+KBRdFLcvnBfd1lqwxpA7hbxzrxi/yehYCqzh5KQGaf2UXej6TPiVzBWVYbp34cMZtsT6mF
+K8SS3l5TXoNK2DNEk30o8K3q+vngQpfC9GZ/id4B7LS/3ybellxemZHXQoU4PxDkLKt7jd
+AAsd5WO13dv3n/qgyu8iBRiFU+W66NX0RJGkp+lZMnta0YzukafM2n6GDn/r/Cx/y21PAi
+ah8i41ByI1QLI4m1r+bRHdUxAarS/XJw4tTSFiZu3zddMYrlzeG9O3VUX9zBvBtfQbSmeJ
+omml0zlr/qD7TMsORiujy7XIn7sMW+Ls/NA8TvX8oRnACjXe/MYNEZ8WDu2rkZuY/Dfc+o
+NyYWO7kZ3kcejQZ1NusJSA7MG0FFGYSIaC9T9CWqYd5IcRSJW4dZnCt9z8CIJ6TSUFqMb/
+H1Y5Rmi0IIX+8qbGGXVBDIBk5y9xtS43+nz1nsdXwDmkTiXN9+ZX+GDsLxCWoHGryrWDbk
+EuOAlqpvxFKzEkNsx+AC5wae6i/hBeiEce9bm4nZp+hFv1ic1Z9WS8B37YOFgJ4utGeOjB
+6hnywUUJ3aH0LnCQNB3UzeFR7BmEaxmYD/phJodmjA5SD3CWpeizdXfrUjtqXGhYlr2jzq
+vBAeeYEO4uaHIGxg8GqoqtaseqVcIdtouHxrVAxxXkjShV2ji7oJ/AtrLZNlkKYxMk0TpX
+fFiKqL/uKfS78FfvVOhOkHZTD6ZeMgmdL/uOghEAtrf08ChyRvdp7QLjA802aio9eUVIQm
+lHb1ltPEbIZNuvQ5kTIwk2eM6EAkOh0MBMoAYOxOpIb00XHNRDGJYuLewByjMQa8EoT6VM
+NoiFIzJU9lLAXE6yz6JswctpTpLHK9Aq5vY7ObaOvrmpCQqsXfOuVUo2nR/FyEes97zuXG
+E4aKaHK4IAW4UY/oGYk7pU/yRpudhiNRMXzmcQXfVmBEHuvDrh2chg8lDYn++07F7RWqkI
+nfMAOWR8UEl4xp4zJtThDjRxNW6QLl8E1ADjndA9wVaKNSzv2i1TLXKBr5luFqY9MSJ2rm
+yBR5EwairH/Qn9TUxaDD+0p6J+E9iz1l8UPTJa/cjtwiySljahY/6tHHnr9YQVnox92yfU
+UXpfINGjYrpqh6EFwmyRw9fryIMvMhgZYo6ZoCRBCK2GfGAB0VTzJy2FGs4GecZK5ptXKu
+sOX8BgGX/Q/nAJ7PWf9hgYlX2YyjmLjQZDMWECp05VFx9znEETNKlwF1FX5/E/37ISyz4d
+I1LVSKOEccJX7jCR32LzvRW1UBX47Z+q3LVE4sa0QAV/JoISq6Qn6zAsVIV0yEPmVbd/xx
+aX2uBUGHhmd99YJDh81xJIoYEMRzoGVfp0JjfYcDUc+2I6JdrOMF9/KmMA5wsZl4OKiu/F
+cTRGjUkgw/cF2EFRGWknee2esYRB7tOr4y56qZ4gxqw8q9rYXhyB42jbdTvt5xcCm/ynid
+sn4InokRRoIiMIPL5Ur7FZQHOP+915MWUBsrTJtkCWQuqJheYUi3mCzh/7NadAKplRpaKb
+rS/DJIOOkjnGni/sDxJzPq7STDBVy4WStwQl6NI5hq+/c+JvN9GI4Vu/kz0z8qUcdShLaH
+l4njcaMpg4tpQMHtCBOicGyV0=
+-----END OPENSSH PRIVATE KEY-----

testdata/.ssh/test.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2onnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mhHBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMGvX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOrb93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mrD2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jINHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpvjwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQ== deploy@easyssh

testdata/test.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+set -e
+whoami