appdevforall · hal-eisen-adfa · Jan 7, 2026 · Jan 7, 2026
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -165,6 +165,61 @@ jobs:
         if: env.nix_installed == 'false'
         uses: flox/install-flox-action@v2
 
+      - name: Set up SSH key
+        env:
+          GREENGEEKS_HOST: ${{ vars.GREENGEEKS_SSH_HOST }}
+          GREENGEEKS_KEY: ${{ secrets.GREENGEEKS_SSH_PRIVATE_KEY }}
+          GREENGEEKS_USER: ${{ vars.GREENGEEKS_SSH_USER }}
+        run: |
+          mkdir -p ~/.ssh
+          if [ -z "$GREENGEEKS_HOST" ]; then
+            echo "Error: SSH_HOST variable is not set"
+            exit 1
+          fi
+          # Write the SSH key, ensuring proper formatting
+          echo "$GREENGEEKS_KEY" > ~/.ssh/id_rsa
+          # Remove any trailing newlines and ensure proper key format
+          sed -i '' -e '$ { /^$/ d; }' ~/.ssh/id_rsa 2>/dev/null || sed -i '$ { /^$/ d; }' ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          # Verify key format
+          if ! grep -q "BEGIN.*PRIVATE KEY" ~/.ssh/id_rsa; then
+            echo "Error: SSH key does not appear to be in correct format"
+            exit 1
+          fi
+          # Configure SSH to use only the key file and disable other auth methods
+          cat > ~/.ssh/config <<EOF
+          Host *
+            IdentitiesOnly yes
+            PreferredAuthentications publickey
+            StrictHostKeyChecking no
+            UserKnownHostsFile ~/.ssh/known_hosts
+            PubkeyAuthentication yes
+            PasswordAuthentication no
+            ChallengeResponseAuthentication no
+            GSSAPIAuthentication no
+            GSSAPIKeyExchange no
+            GSSAPIDelegateCredentials no
+          Host $GREENGEEKS_HOST
+            User $GREENGEEKS_USER
+            IdentityFile ~/.ssh/id_rsa
+            IdentitiesOnly yes
+            PreferredAuthentications publickey
+            PubkeyAuthentication yes
+            PasswordAuthentication no
+            ChallengeResponseAuthentication no
+            GSSAPIAuthentication no
+            GSSAPIKeyExchange no
+            GSSAPIDelegateCredentials no
+            NumberOfPasswordPrompts 0
+          EOF
+          chmod 600 ~/.ssh/config
+          # Disable SSH agent completely
+          unset SSH_AUTH_SOCK
+          unset SSH_AGENT_PID
+          # Remove any default SSH keys that might interfere
+          rm -f ~/.ssh/id_ed25519 ~/.ssh/id_ecdsa ~/.ssh/id_dsa ~/.ssh/id_rsa.pub 2>/dev/null
+          ssh-keyscan -H "$GREENGEEKS_HOST" >> ~/.ssh/known_hosts 2>/dev/null
+
       - name: Download release assets
         env:
           SCP_HOST: ${{ vars.GREENGEEKS_SSH_HOST }}