---------------------------------------------
SSH Deploy - Generate and Distribute SSH Keys
---------------------------------------------
SYNOPSIS
========
sshdeploy [options] generate
sshdeploy [options] test
sshdeploy [options] hosts
sshdeploy [options] distribute
sshdeploy [options] clean
sshdeploy manual
OPTIONS
=======
-c <file>, --config-file <file> file that contains list of keys to generate nd
the hosts that should receive the keys
(sshdeploy.conf is default).
-d <name>, --keydir <name> name of directory for holding new keys
(keys-YYYY-MM-DD is default).
-u <hosts>, --update <hosts> hosts to update
-s <hosts>, --skip <hosts> hosts to skip
-k <keys>, --keys <keys> keys to update (only use with --trial-run)
-t, --trial-run trial run (do not overwrite working ssh files)
-n, --narrate narrate the process
-v, --verbose narrate the process more verbosely
-h, --help print usage summary
You specify multiple hosts or keys using a comma-separated list.
With the --trial-run (or -t) option sshdeploy still generates the keys and
copies them to the remote hosts, but when doing so it will add '.provisional'
as a suffix to the files to that they do not overwrite existing working files.
DESCRIPTION
===========
SSH Deploy reads a configuration file that contains information about the SSH
keys you use. Using this information it regenerates and distributes your keys.
When generating your keys a passcode is needed. SSH Deploy uses the Avendesora
collaborative password generator to securely generate the passcodes. This
avoids the need for you to interactively enter the passcodes.
sshdeploy generate
******************
The generate command regenerates the SSH key pairs.
sshdeploy distribute
********************
The distribute command copies the SSH key pair to to the clients and the
authorized_keys files to the servers. It can only be run after the generate key
has been run. Before it runs it will clean out any .provisional files from
previous trial runs.
sshdeploy test
**************
The test command checks the connection with each of the hosts (the clients and
servers). It should be run before *distribute* to assure that each of the
hosts is accessible.
sshdeploy hosts
***************
The hosts command simply lists out the hosts. Hosts include the servers that
are to receive the authorized_keys file and the clients that are to receive the
SSH key pairs.
sshdeploy clean
***************
The clean command removes the .provisional files from each of the hosts. The
.provisional files are created during a trial run of the *distribute* command.
sshdeploy manual
****************
The manual command displays a detailed description of the program and how to use
it.
.. warning::
This program is not recommended for general use. It has a fundamental flaw
during the update process that overwrites critical files, resulting in the
update process breaking down midstream. If this occurs you may be locked out
of your servers. It is possible to work around the problem by skipping the
update of your local machine and then manually performing that update later.
CONFIGURATION
=============
The configuration file is a python file. The name of the file is arbitrary (the
default is sshdeploy.conf). Here is a typical configuration file::
Keys = {
'earth': {
'purpose': 'This key allows access from earth (primary laptop)',
'keygen_options': "-t ed25519",
'servers': {
'earth': {},
'mercury': {
'description': 'Access is funneled through Jupiter',
'restrictions': ['from=jupiter']
},
'jupiter': {},
},
'clients': {
'earth': {},
},
},
'phone': {
'purpose': "This key allows access from the phone",
'servers': {
'jupiter': {
'description': 'Only allows access to mail ports',
'restrictions': [
'no-agent-forwarding',
'no-pty',
'no-X11-forwarding',
'permitopen="pubmail:587"',
'permitopen="pubmail:993"',
],
},
},
},
'backups': {
'purpose': "This key allows sftp access to jupiter for backups.",
'servers': {
'jupiter': {
'description': 'This key is not protected with a passphrase!',
'restrictions': [
'from="192.168.1.0/24"',
'no-agent-forwarding',
'no-port-forwarding',
'no-pty',
'no-X11-forwarding',
'command=".ssh/only-sftp.sh"',
],
},
},
'clients': {
'earth': {},
'mercury': {},
},
},
}
When sshdeploy reads this file, it uses the value of several local variables
('keygen_options', 'avendesora_account', 'remote_include_filename', and 'keys') to
determine its behavior.
Keygen Options
**************
A string that is passed to ssh-keygen to influence the generation of key. If
not specified, the following will be used: '-t rsa -b 4096'. This value is used
as the default for all keys and its value may be overridden in individual keys.
Avendesora Account
******************
When the private keys are generated a passcode is needed to secure the private
key. SSH Deploy uses the Avendesora password manager to provide the needed
passcodes. The value of this variable is a string that is used as the default
Avendesora account name for for all keys and its value may be overridden in
individual keys.
Remote Include Filename
***********************
Before SSH Deploy generates an authorized_keys file for a server, it will look
for a file in the server's ~/.ssh directory that contains public keys for keys
not managed by SSH Deploy that should be included in the authorized_keys file.
The value of this variable is the name of that file.
Keys
****
Keys is a dictionary where there is one entry per SSH key to be generated. The
tag for the entry is the name of the SSH key and the value is a dictionary that
contains information that controls how the key is generated and distributed.
These dictionaries may contain the keys 'purpose', 'keygen_options',
'avendesora_account', 'servers', and 'clients'.
Purpose
-------
The purpose if given is simply a textual description of the purpose of
the key. It will be added as a comment above the public key when it is
added to the authorized key file.
Keygen Options
--------------
A string that is passed to ssh-keygen to influence the generation of
key. If not specified, the following will be used: '-t rsa -b 4096'.
Avendesora Account
------------------
When the private keys are generated a passcode is needed to secure the private
key. SSH Deploy uses the Avendesora password manager to provide the needed
passcodes. This value overrides the default value for this particular key. If
the value is specified as None, then the private key will not be protected by
a passcode.
Servers
-------
The servers key contains a dictionary where its keys would be the SSH
names of servers whose authorized_keys file that should receive the
public key. The value of the servers key is also a dictionary that may
be empty or may contain the following keys: 'description', 'restrictions',
'remote_include_filename', and 'bypass'.
Description
'''''''''''
The description is simply a second level of textual description for the
public key (generally explains the restrictions).
Restrictions
''''''''''''
The value of restrictions is a list of SSH key restrictions. These
restrictions are comma joined and placed before the public key in the
authorized key file.
Remote Include Filename
'''''''''''''''''''''''
Before SSH Deploy generates an authorized_keys file for a server, it will look
for a file in the server's ~/.ssh directory that contains public keys for keys
not managed by SSH Deploy that should be included in the authorized_keys file.
The value of this variable is the name of that file.
In a configuration file the same server may be referenced many times, once per
key. The remote include file is only read the first time a server is
encountered (they are processed in alphabetic order). It is recommended that
if this value is given, it be given consistently in each instance of a server,
otherwise warnings will be issued and each value except the first will be
ignored.
If the value is None, an include is not performed.
Bypass
''''''
Some servers, particularly commercial cloud servers, do not allow you to upload
an authorized_keys file using sftp. Instead they generally provide a way
through their web portal. In these cases you should specify bypass to be true.
Doing so will prevent sshdeploy from attempting to upload the file and will
cause it to emit a warning that acts as a reminder that you must upload your
file manually.
Clients
-------
The clients key contains a dictionary where its keys would be the SSH
names of client hosts that should receive the private and public key.
The value of the clients key is also a dictionary that should be empty
(at this point any contents will be ignored).
KEY STRATEGIES
==============
Several key strategies can be implemented efficiently with SSH Deploy.
One Key Per Server
******************
With this strategy SSH keys are never shared between servers, meaning that one
server could not use its key to access another. Normally this cross access
would not be possible anyway, but if there were a bug in SSH it could
conceivably leak the private key to an untrusted server. Since in this strategy
the key for each server is unique, a leak would not compromise the other
servers.
One Key Per Client
******************
With this strategy the server can distinguish the client that is requesting
a connection. Thus a particular client can be blocked or restrictions placed on
its access.
Other Strategies
****************
Using single key for each server/client pair can give the best security and
flexibility, but may be tedious to configure and maintain. Alternatively, you
might adapt your strategy to provide the security and flexibility appropriate to
you various servers and clients.
DISTRIBUTING YOUR KEYS
======================
Distributing your keys is inherently a dangerous endeavor because if you make
a mistake you will likely lose the ability to log into one of your hosts, which
would prevent you from fixing the mistake. To reduce the risk of being locked
out of a remote host, sshdeploy several features that reduce the risk. One is
the test command, which allows you to verify that all of your hosts are
available before you update your keys, and that they are still available after
you update them. Another feature is the --trial-run option. When specified,
sshdeploy will add the .provisional suffix to any file it copies to a remote
host. Thus, the basic strategy is to run distribute command with the
--trial-run option while carefully examining the provisional files to make sure
everything working as expected. Running sshdeploy with many keys and hosts can
be time consuming, so several command line options are provide that allow you
to limit your activities to particular keys (--keys) and servers (--update,
--skip). In addition, sshdeploy also provides the --narrate and --verbose
options to make sshdeploy's activities more obvious to you.
Once you are confident that things are configured properly, it is recommended
that you follow the following process to generate and distribute your ssh keys.
1. Generate your new keys with::
sshdeploy generate
2. Make sure all of your hosts (servers and clients) are up and accessible. You
can do that with::
sshdeploy test
However, it is even better for you to simply open and keep active a ssh or
sftp process to each of the remote hosts. Leave them open until all of your
hosts are known to work. That way if there is a problem that corrupts the
authorized_keys file, you still have access and can correct any problems.
3. Do a full trial run of distribute::
sshdeploy -t distribute
Confirm that provisional versions of all of your ssh keys and authorized_keys
files are being properly created and distributed to all of your hosts. You
can first look in the keys directory to make sure the right authorized_keys
files are generate. Then you should check the .provisional files on the
remote hosts.
4. Run distribute for real::
sshdeploy distribute
Do not add --trial-run, --update, --skip, or --keys to the list of command
line options.
5. Immediately after the update, start a new ssh-agent in a new shell and add
your new keys. If you have ControlMaster in your SSH config file, you should
remove it for the duration of the testing. If you do not do this, your
testing may use your existing connections, which would conceal problems.
6. Thoroughly test your access to your hosts. If you lose access, you can use
use either existing connections or your original ssh-agent to regain access.
SEE ALSO
========
avendesora
sshconfig
Installation
============
If you plan to use SSH Deploy without modifying it, the preferred way to
install it for multiple users is::
pip install --update sshdeploy
Doing so generally requires root permissions. Alternately, you can install it
just for yourself using::
pip install --user --update sshdeploy
This installs sshdeploy into ~/.local and so does not require root permissions.
If you would like to change the program, you should first clone it's source
repository and then install it::
git clone https://github.com/KenKundert/sshdeploy.git
cd sshdeploy
python setup.py install --user
Raw data
{
"_id": null,
"home_page": "http://nurdletech.com/linux-utilities/sshdeploy",
"name": "sshdeploy",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "ssh,keys",
"author": "Ken Kundert",
"author_email": "sshdeploy@nurdletech.com",
"download_url": "https://files.pythonhosted.org/packages/4f/27/4adb84212e46f83e972ab92acb8ecb1be7e0ae43e21d903f094a6f2a0a7b/sshdeploy-1.2.0.tar.gz",
"platform": "",
"description": "---------------------------------------------\nSSH Deploy - Generate and Distribute SSH Keys\n---------------------------------------------\n\n\nSYNOPSIS\n========\n\nsshdeploy [options] generate\nsshdeploy [options] test\nsshdeploy [options] hosts\nsshdeploy [options] distribute\nsshdeploy [options] clean\nsshdeploy manual\n\n\nOPTIONS\n=======\n\n-c <file>, --config-file <file> file that contains list of keys to generate nd \n the hosts that should receive the keys \n (sshdeploy.conf is default).\n-d <name>, --keydir <name> name of directory for holding new keys\n (keys-YYYY-MM-DD is default).\n-u <hosts>, --update <hosts> hosts to update\n-s <hosts>, --skip <hosts> hosts to skip\n-k <keys>, --keys <keys> keys to update (only use with --trial-run)\n-t, --trial-run trial run (do not overwrite working ssh files)\n-n, --narrate narrate the process\n-v, --verbose narrate the process more verbosely\n-h, --help print usage summary\n\nYou specify multiple hosts or keys using a comma-separated list.\n\nWith the --trial-run (or -t) option sshdeploy still generates the keys and \ncopies them to the remote hosts, but when doing so it will add '.provisional' \nas a suffix to the files to that they do not overwrite existing working files. \n\n\nDESCRIPTION\n===========\n\nSSH Deploy reads a configuration file that contains information about the SSH \nkeys you use. Using this information it regenerates and distributes your keys. \nWhen generating your keys a passcode is needed. SSH Deploy uses the Avendesora \ncollaborative password generator to securely generate the passcodes. This \navoids the need for you to interactively enter the passcodes.\n\nsshdeploy generate\n******************\n\nThe generate command regenerates the SSH key pairs.\n\nsshdeploy distribute\n********************\n\nThe distribute command copies the SSH key pair to to the clients and the \nauthorized_keys files to the servers. It can only be run after the generate key \nhas been run. Before it runs it will clean out any .provisional files from \nprevious trial runs.\n\nsshdeploy test\n**************\n\nThe test command checks the connection with each of the hosts (the clients and \nservers). It should be run before *distribute* to assure that each of the \nhosts is accessible.\n\nsshdeploy hosts\n***************\n\nThe hosts command simply lists out the hosts. Hosts include the servers that \nare to receive the authorized_keys file and the clients that are to receive the \nSSH key pairs.\n\nsshdeploy clean\n***************\n\nThe clean command removes the .provisional files from each of the hosts. The \n.provisional files are created during a trial run of the *distribute* command.\n\nsshdeploy manual\n****************\n\nThe manual command displays a detailed description of the program and how to use \nit.\n\n.. warning::\n\n This program is not recommended for general use. It has a fundamental flaw \n during the update process that overwrites critical files, resulting in the \n update process breaking down midstream. If this occurs you may be locked out \n of your servers. It is possible to work around the problem by skipping the \n update of your local machine and then manually performing that update later.\n\n\nCONFIGURATION\n=============\n\nThe configuration file is a python file. The name of the file is arbitrary (the \ndefault is sshdeploy.conf). Here is a typical configuration file::\n\n Keys = {\n 'earth': {\n 'purpose': 'This key allows access from earth (primary laptop)',\n 'keygen_options': \"-t ed25519\",\n 'servers': {\n 'earth': {},\n 'mercury': {\n 'description': 'Access is funneled through Jupiter',\n 'restrictions': ['from=jupiter']\n },\n 'jupiter': {},\n },\n 'clients': {\n 'earth': {},\n },\n },\n 'phone': {\n 'purpose': \"This key allows access from the phone\",\n 'servers': {\n 'jupiter': {\n 'description': 'Only allows access to mail ports',\n 'restrictions': [\n 'no-agent-forwarding',\n 'no-pty',\n 'no-X11-forwarding',\n 'permitopen=\"pubmail:587\"',\n 'permitopen=\"pubmail:993\"',\n ],\n },\n },\n },\n 'backups': {\n 'purpose': \"This key allows sftp access to jupiter for backups.\",\n 'servers': {\n 'jupiter': {\n 'description': 'This key is not protected with a passphrase!',\n 'restrictions': [\n 'from=\"192.168.1.0/24\"',\n 'no-agent-forwarding',\n 'no-port-forwarding',\n 'no-pty',\n 'no-X11-forwarding',\n 'command=\".ssh/only-sftp.sh\"',\n ],\n },\n },\n 'clients': {\n 'earth': {},\n 'mercury': {},\n },\n },\n }\n\nWhen sshdeploy reads this file, it uses the value of several local variables \n('keygen_options', 'avendesora_account', 'remote_include_filename', and 'keys') to \ndetermine its behavior.\n\n\nKeygen Options\n**************\n\nA string that is passed to ssh-keygen to influence the generation of key. If \nnot specified, the following will be used: '-t rsa -b 4096'. This value is used \nas the default for all keys and its value may be overridden in individual keys.\n\n\nAvendesora Account\n******************\n\nWhen the private keys are generated a passcode is needed to secure the private \nkey. SSH Deploy uses the Avendesora password manager to provide the needed \npasscodes. The value of this variable is a string that is used as the default \nAvendesora account name for for all keys and its value may be overridden in \nindividual keys.\n\n\nRemote Include Filename\n***********************\n\nBefore SSH Deploy generates an authorized_keys file for a server, it will look \nfor a file in the server's ~/.ssh directory that contains public keys for keys \nnot managed by SSH Deploy that should be included in the authorized_keys file. \nThe value of this variable is the name of that file.\n\n\nKeys\n****\n\nKeys is a dictionary where there is one entry per SSH key to be generated. The \ntag for the entry is the name of the SSH key and the value is a dictionary that \ncontains information that controls how the key is generated and distributed. \nThese dictionaries may contain the keys 'purpose', 'keygen_options', \n'avendesora_account', 'servers', and 'clients'.\n\n\nPurpose\n-------\n\nThe purpose if given is simply a textual description of the purpose of\nthe key. It will be added as a comment above the public key when it is\nadded to the authorized key file.\n\n\nKeygen Options\n--------------\n\nA string that is passed to ssh-keygen to influence the generation of\nkey. If not specified, the following will be used: '-t rsa -b 4096'.\n\n\nAvendesora Account\n------------------\n\nWhen the private keys are generated a passcode is needed to secure the private \nkey. SSH Deploy uses the Avendesora password manager to provide the needed \npasscodes. This value overrides the default value for this particular key. If \nthe value is specified as None, then the private key will not be protected by \na passcode.\n\n\nServers\n-------\n\nThe servers key contains a dictionary where its keys would be the SSH\nnames of servers whose authorized_keys file that should receive the\npublic key. The value of the servers key is also a dictionary that may\nbe empty or may contain the following keys: 'description', 'restrictions', \n'remote_include_filename', and 'bypass'.\n\n\nDescription\n'''''''''''\n\nThe description is simply a second level of textual description for the\npublic key (generally explains the restrictions).\n\n\nRestrictions\n''''''''''''\n\nThe value of restrictions is a list of SSH key restrictions. These\nrestrictions are comma joined and placed before the public key in the\nauthorized key file.\n\n\nRemote Include Filename\n'''''''''''''''''''''''\n\nBefore SSH Deploy generates an authorized_keys file for a server, it will look \nfor a file in the server's ~/.ssh directory that contains public keys for keys \nnot managed by SSH Deploy that should be included in the authorized_keys file. \nThe value of this variable is the name of that file.\n\nIn a configuration file the same server may be referenced many times, once per \nkey. The remote include file is only read the first time a server is \nencountered (they are processed in alphabetic order). It is recommended that \nif this value is given, it be given consistently in each instance of a server, \notherwise warnings will be issued and each value except the first will be \nignored.\n\nIf the value is None, an include is not performed.\n\n\nBypass\n''''''\n\nSome servers, particularly commercial cloud servers, do not allow you to upload \nan authorized_keys file using sftp. Instead they generally provide a way \nthrough their web portal. In these cases you should specify bypass to be true. \nDoing so will prevent sshdeploy from attempting to upload the file and will \ncause it to emit a warning that acts as a reminder that you must upload your \nfile manually.\n\n\nClients\n-------\n\nThe clients key contains a dictionary where its keys would be the SSH\nnames of client hosts that should receive the private and public key.\nThe value of the clients key is also a dictionary that should be empty\n(at this point any contents will be ignored).\n\n\nKEY STRATEGIES\n==============\n\nSeveral key strategies can be implemented efficiently with SSH Deploy.\n\n\nOne Key Per Server\n******************\n\nWith this strategy SSH keys are never shared between servers, meaning that one \nserver could not use its key to access another. Normally this cross access \nwould not be possible anyway, but if there were a bug in SSH it could \nconceivably leak the private key to an untrusted server. Since in this strategy \nthe key for each server is unique, a leak would not compromise the other \nservers.\n\n\nOne Key Per Client\n******************\n\nWith this strategy the server can distinguish the client that is requesting \na connection. Thus a particular client can be blocked or restrictions placed on \nits access.\n\n\nOther Strategies\n****************\n\nUsing single key for each server/client pair can give the best security and \nflexibility, but may be tedious to configure and maintain. Alternatively, you \nmight adapt your strategy to provide the security and flexibility appropriate to \nyou various servers and clients.\n\n\nDISTRIBUTING YOUR KEYS\n======================\n\nDistributing your keys is inherently a dangerous endeavor because if you make \na mistake you will likely lose the ability to log into one of your hosts, which \nwould prevent you from fixing the mistake. To reduce the risk of being locked \nout of a remote host, sshdeploy several features that reduce the risk. One is \nthe test command, which allows you to verify that all of your hosts are \navailable before you update your keys, and that they are still available after \nyou update them. Another feature is the --trial-run option. When specified, \nsshdeploy will add the .provisional suffix to any file it copies to a remote \nhost. Thus, the basic strategy is to run distribute command with the \n--trial-run option while carefully examining the provisional files to make sure \neverything working as expected. Running sshdeploy with many keys and hosts can \nbe time consuming, so several command line options are provide that allow you \nto limit your activities to particular keys (--keys) and servers (--update, \n--skip). In addition, sshdeploy also provides the --narrate and --verbose \noptions to make sshdeploy's activities more obvious to you.\n\nOnce you are confident that things are configured properly, it is recommended \nthat you follow the following process to generate and distribute your ssh keys.\n\n1. Generate your new keys with::\n\n sshdeploy generate\n\n2. Make sure all of your hosts (servers and clients) are up and accessible. You \n can do that with::\n\n sshdeploy test\n\n However, it is even better for you to simply open and keep active a ssh or \n sftp process to each of the remote hosts. Leave them open until all of your \n hosts are known to work. That way if there is a problem that corrupts the \n authorized_keys file, you still have access and can correct any problems.\n\n3. Do a full trial run of distribute::\n\n sshdeploy -t distribute\n\n Confirm that provisional versions of all of your ssh keys and authorized_keys \n files are being properly created and distributed to all of your hosts. You \n can first look in the keys directory to make sure the right authorized_keys \n files are generate. Then you should check the .provisional files on the \n remote hosts.\n\n4. Run distribute for real::\n\n sshdeploy distribute\n\n Do not add --trial-run, --update, --skip, or --keys to the list of command \n line options.\n\n5. Immediately after the update, start a new ssh-agent in a new shell and add \n your new keys. If you have ControlMaster in your SSH config file, you should \n remove it for the duration of the testing. If you do not do this, your \n testing may use your existing connections, which would conceal problems.\n\n6. Thoroughly test your access to your hosts. If you lose access, you can use \n use either existing connections or your original ssh-agent to regain access.\n\nSEE ALSO\n========\n\navendesora\nsshconfig\n\n\nInstallation\n============\n\nIf you plan to use SSH Deploy without modifying it, the preferred way to \ninstall it for multiple users is::\n\n pip install --update sshdeploy\n\nDoing so generally requires root permissions. Alternately, you can install it \njust for yourself using::\n\n pip install --user --update sshdeploy\n\nThis installs sshdeploy into ~/.local and so does not require root permissions.\n\nIf you would like to change the program, you should first clone it's source \nrepository and then install it::\n\n git clone https://github.com/KenKundert/sshdeploy.git\n cd sshdeploy\n python setup.py install --user",
"bugtrack_url": null,
"license": "GPLv3+",
"summary": "Generates and distributes SSH keys.",
"version": "1.2.0",
"project_urls": {
"Download": "https://github.com/kenkundert/sshdeploy/tarball/master",
"Homepage": "http://nurdletech.com/linux-utilities/sshdeploy"
},
"split_keywords": [
"ssh",
"keys"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "4f274adb84212e46f83e972ab92acb8ecb1be7e0ae43e21d903f094a6f2a0a7b",
"md5": "8fbd907776c963c71b6f94811e796500",
"sha256": "75c8df28db272b4490c3b0175b0ede4b0b2755b6b0e376dd68ab034e333fb8bb"
},
"downloads": -1,
"filename": "sshdeploy-1.2.0.tar.gz",
"has_sig": false,
"md5_digest": "8fbd907776c963c71b6f94811e796500",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 18694,
"upload_time": "2020-05-15T23:52:32",
"upload_time_iso_8601": "2020-05-15T23:52:32.256942Z",
"url": "https://files.pythonhosted.org/packages/4f/27/4adb84212e46f83e972ab92acb8ecb1be7e0ae43e21d903f094a6f2a0a7b/sshdeploy-1.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2020-05-15 23:52:32",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "kenkundert",
"github_project": "sshdeploy",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "sshdeploy"
}