Remove SSH backend (#2635)

The SSH backend is, similar to Gogs and Coding for forges, completely unmaintained and seems unused (it is likely broken but we didn't get any reports). Instead, you should directly run the agent on the SSH machine with the `local` backend.
2026-03-16 17:54:07 +01:00 · 2023-10-24 01:55:30 +02:00
parent 9232db06dd
commit 31240b5771
10 changed files with 4 additions and 299 deletions
--- a/docs/docs/30-administration/15-agent-config.md
+++ b/docs/docs/30-administration/15-agent-config.md
@@ -160,16 +160,12 @@ Configures if the gRPC server certificate should be verified, only valid when `W
 ### `WOODPECKER_BACKEND`
 > Default: `auto-detect`

-Configures the backend engine to run pipelines on. Possible values are `auto-detect`, `docker`, `local`, `ssh` or `kubernetes`.
+Configures the backend engine to run pipelines on. Possible values are `auto-detect`, `docker`, `local` or `kubernetes`.

 ### `WOODPECKER_BACKEND_DOCKER_*`

 See [Docker backend configuration](./22-backends/10-docker.md#configuration)

-### `WOODPECKER_BACKEND_SSH_*`
-
-See [SSH backend configuration](./22-backends/30-ssh.md#configuration)
-
 ### `WOODPECKER_BACKEND_K8S_*`

 See [Kubernetes backend configuration](./22-backends/40-kubernetes.md#configuration)
--- a/docs/docs/30-administration/22-backends/30-ssh.md
+++ b/docs/docs/30-administration/22-backends/30-ssh.md
@@ -1,41 +0,0 @@
-# SSH backend
-
-:::danger
-The SSH backend will execute the pipelines using SSH on a remote system without any isolation of any kind.
-:::
-
-:::note
-This backend is still pretty new and can not be treated as stable. Its implementation and configuration can change at any time.
-:::
-Since the code run directly on the SSH machine, a malicious pipeline could access and edit files the SSH user has access to and execute every command the remote user is allowed to use. Always restrict the user as far as possible!
-
-It is recommended to use this backend only for private setups where the code and pipelines can be trusted. You shouldn't use it for a public facing CI where anyone can submit code or add new repositories.
-
-The backend will use a random directory in $TMPDIR to store the clone code and execute commands.
-
-## Configuration
-
-### `WOODPECKER_BACKEND_SSH_ADDRESS`
-> Default: empty
-
-The SSH host to run steps with `ssh` backend.
-
-### `WOODPECKER_BACKEND_SSH_USER`
-> Default: empty
-
-The SSH user to run steps with `ssh` backend.
-
-### `WOODPECKER_BACKEND_SSH_KEY`
-> Default: empty
-
-Path to the private SSH key to run steps with `ssh` backend.
-
-### `WOODPECKER_BACKEND_SSH_KEY_PASSWORD`
-> Default: empty
-
-The password for the private key to run steps with `ssh` backend.
-
-### `WOODPECKER_BACKEND_SSH_PASSWORD`
-> Default empty
-
-The SSH password to run steps with `ssh` backend.
--- a/docs/docs/91-migrations.md
+++ b/docs/docs/91-migrations.md
@@ -9,6 +9,7 @@ Some versions need some changes to the server configuration or the pipeline conf
 - Dropped deprecated `branches:` filter in favor of global [`when.branch`](./20-usage/20-workflow-syntax.md#branch-1) filter
 - Deprecated `platform:` filter in favor of `labels:`, [read more](./20-usage/20-workflow-syntax.md#filter-by-platform)
 - Removed `build` alias for `pipeline` command in CLI
+- Removed `ssh` backend. Use an agent directly on the SSH machine using the `local` backend.

 ## 1.0.0