From b890f82a46148eb46d5dd3863bfec5e73753cb85 Mon Sep 17 00:00:00 2001
From: Sam Kirkland <SamKirkland@users.noreply.github.com>
Date: Thu, 2 Apr 2020 00:47:59 -0500
Subject: [PATCH] Update README.md

I tested this out on my host, added commands for windows 10 and moved the docs around a bit
---
 README.md | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 8f87dbb..139c7aa 100644
--- a/README.md
+++ b/README.md
@@ -53,7 +53,7 @@ I recommend you store your `ftp-password` as a secret.
 | `ftp-password` | Yes       | CrazyUniquePassword&%123                      |         | FTP account password                                     |
 | `local-dir`    | No        | deploy/                                       | ./      | Which local folder to deploy, path should be relative to the root and should include trailing slash. `./` is the root of the project  |
 | `git-ftp-args` | No        | See `git-ftp-args` section below              |         | Custom git-ftp arguments, this field is passed through directly into the git-ftp script |
-| `known-hosts`  | No        | hostname ssh-rsa AAAAB3NzaC1y ...        |         | The desired contents of your .ssh/known_hosts file       |
+| `known-hosts`  | No        | hostname ssh-rsa AAAAB3NzaC1y ...             |         | The desired contents of your .ssh/known_hosts file. See [known hosts setup](#known-hosts-setup) |
 
 #### Advanced options using `git-ftp-args`
 Custom arguments, this field is passed through directly into the git-ftp script. See [git-ftp's manual](https://github.com/git-ftp/git-ftp/blob/master/man/git-ftp.1.md) for all options.
@@ -74,11 +74,6 @@ Below is an incomplete list of commonly used args:
 | `--insecure`           | Don't verify server's certificate                                                                    |
 | `--cacert <file>`      | Use as CA certificate store. Useful when a server has a self-signed certificate                      |
 
-#### SFTP (FTP over SSH)
-If you are getting a curl error similar to `SSL peer certificate or SSH remote key was not OK` and you are using SFTP (which is different from FTPS) then you need to supply a known_hosts entry via the `known-hosts` configuration option..
-
-If you are on Linux, or OSX (using homebrew) you can install the OpenSSH packages and use `ssh-keyscan <hostname>` to get the known_hosts value needed for the server you are connecting to.
-
 ### Ignore specific files when deploying
 Add patterns to `.git-ftp-ignore` and all matching file names will be ignored. The patterns are interpreted as shell glob patterns.
 Here are some glob pattern examples:
@@ -188,7 +183,7 @@ jobs:
 
 Use the legacy FTP over a secure encrypted connection.
 
-Notes about sftp:
+Notes about ftps:
 - Most hosts don't offer FTPS, it's more common on windows/.net hosts and less common on linux hosting
 - Most hosts don't have a correct certificate setup for ftp domains, [even my host doesn't do it right](https://ftp.samkirkland.com/). This means you'll likely have to add `--insecure` to `git-ftp-args`
 
@@ -224,6 +219,22 @@ Similar in name to FTP but this protocol is entirely new and requires SSH access
 - You will need to create a **SSH** user to deploy over SFTP. Normally this is your cpanel or hosting providers username and password
 - Most web hosts change the default port (21), check with your host for your port number
 
+
+##### [Setting up `known-hosts` allows you to remove the `--insecure` argument.](#known-hosts-setup)
+**Windows**  
+In powershell run `ssh-keyscan -p <sshport> <hostname>` and copy the hash output  
+Example for samkirkland.com `ssh-keyscan -p 7822 samkirkland.com`  
+
+
+**Linux, or OSX (using homebrew)**  
+Install the OpenSSH packages and use `ssh-keyscan <hostname>` and copy the hash output  
+
+Add the `known-hosts` argument with your hosts hash   
+Example: `knownhosts: ssh-rsa AAAAB3Nza...H1Q5Spw==`  
+
+*Note: If you receive a `Connection refused` error, you must specify the ssh port to your host*  
+*Note: You will have to repeat this step when your certificate renews (Let's Encrypt automatically renews every 60 days)*  
+
 ```yml
 on: push
 name: Publish Website over SFTP
@@ -242,7 +253,7 @@ jobs:
         ftp-server: sftp://ftp.samkirkland.com:7280/
         ftp-username: mySFTPUsername
         ftp-password: ${{ secrets.SFTP_PASSWORD }}
-        git-ftp-args: --insecure # if your certificate is setup correctly this can be removed
+        git-ftp-args: --insecure # if your certificate is setup correctly this can be removed (see known-hosts argument)
 ```
 
 
@@ -329,6 +340,9 @@ jobs:
   * Verify you **don't** have the `--all` git-ftp-args flag set
 6. How do I set a upload timeout?
   * github has a built-in `timeout-minutes` option. Place `timeout-minutes: X` before the `steps:` line. Timeout defaults to 360 minutes.
+7. If you are getting a curl error similar to `SSL peer certificate or SSH remote key was not OK`
+ * **Fix 1:** Whitelist your host via the `known-hosts` configuration option. See [known hosts setup](#known-hosts-setup) in SFTP
+ * **Fix 2:** Add `--insecure` option
 
 
 ### Debugging locally