Permission denied (publickey,password)

[hanassabio]

Bug Description I have tried several different attempts at generating SSH keys (both via github and from cpanel), both fail to connect via web-deploy action. When I try it from my local PC to connect, it's totally fine and authenticates. I have also added the public SSH key to github.

My Action Config

on:
  push:
    branches:
      - dev
name: Publish Dev Branch to CPanel
jobs:
  web-deploy:
    name: 🚀 Deploy Website to Dev
    runs-on: ubuntu-latest
    steps:
    - name: 🚚 Get Latest Code
      uses: actions/checkout@v3

    - name: 📦 Install Packages
      uses: actions/setup-node@v3
      with:
        node-version: 16
        cache: "npm"
    - run: npm ci

    - name: 🔨 Build
      run: npm run build

    - name: 📂 Sync Files
      uses: SamKirkland/web-deploy@v1
      with:
        target-server: ############
        remote-user:  ######
        private-ssh-key: ${{ secrets.SSH_KEY }}
        destination-path: ~/home/###/###/repositories/####/
        ssh-port: 722

My Action Log

   Run SamKirkland/web-deploy@v1
----------------------------------------------------------------
🚀 Thanks for using web deploy. Let's deploy some stuff!
----------------------------------------------------------------
If you found this project helpful, please support it
by giving it a ⭐ on Github --> https://github.com/SamKirkland/web-deploy
or add a badge 🏷️ to your projects readme --> https://github.com/SamKirkland/web-deploy#badge
----------------------------------------------------------------
HOME /home/runner
GITHUB_WORKSPACE /home/runner/work/###/
[SSH] Creating /home/runner/.ssh/known_hosts file in  /home/runner/work/kitt-front/kitt-front
✅ [SSH] file created.
✅ Ssh key added to `.ssh` dir  /home/runner/.ssh/web_deploy_key
/usr/bin/rsync -e ssh -p 722 -i /home/runner/.ssh/web_deploy_key -o StrictHostKeyChecking=no --archive --verbose --compress --human-readable --progress --delete-after --exclude=.git* --exclude=.git/ --exclude=README.md --exclude=readme.md --exclude=.gitignore ./ #####@#####:~/home/#####/#####/####/#####/
<Buffer 57 61 72 6e 6[9](https://github.com/####/#####/actions/runs/4136808053/jobs/7151168830#step:6:10) 6e 67 3a 20 50 65 72 6d 61 6e 65 6e 74 6c 79 20 61 64 64 65 64 20 27 5b 66 65 72 67 75 73 2d 6c 6f 6e 32 2e 6b 72 79 73 74 61 6c 2e 75 ... 47 more bytes>
Warning: Permanently added '[####]:722' (ED25519) to the list of known hosts.
<Buffer 4c 6f 61 64 20 6b 65 79 20 22 2f 68 6f 6d 65 2f 72 75 6e 6e 65 72 2f 2e 73 73 68 2f 77 65 62 5f 64 65 70 6c 6f 79 5f 6b 65 79 22 3a 20 65 72 72 6f 72 ... [15](https://github.com/###/##/actions/runs/4136808053/jobs/7151168830#step:6:16) more bytes>
Load key "/home/runner/.ssh/web_deploy_key": error in libcrypto
<Buffer 50 65 72 6d 69 73 73 69 6f 6e [20](https://github.com/#####/####/actions/runs/4136808053/jobs/7151168830#step:6:21) 64 65 6e 69 65 64 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 2e 0d 0a>
Permission denied, please try again.
<Buffer 50 65 72 6d 69 73 73 69 6f 6e 20 64 65 6e 69 65 64 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 2e 0d 0a>
Permission denied, please try again.
<Buffer 6b 69 74 74 6d 65 64 69 40 66 65 72 67 75 73 2d 6c 6f 6e 32 2e 6b 72 79 73 74 61 6c 2e 75 6b 3a 20 50 65 72 6d 69 73 73 69 6f 6e 20 64 65 6e 69 65 64 ... 24 more bytes>
<Buffer 72 73 79 6e 63 3a 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 75 6e 65 78 70 65 63 74 65 64 6c 79 20 63 6c 6f 73 65 64 20 28 30 20 62 79 74 65 73 20 72 65 63 ... 93 more bytes>
#####@fergus-lon2.krystal.uk: Permission denied (publickey,password).
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c([22](https://github.com/####/####/actions/runs/4136808053/jobs/7151168830#step:6:23)8) [sender=3.2.3]
Error: Error: The process '/usr/bin/rsync' failed with exit code [25](https://github.com/####/###/actions/runs/4136808053/jobs/7151168830#step:6:26)5
✅ Deploy Complete

[remarqUK]

I think this is due to the way web-deploy is copying the key to the web_deploy.key file. If you copy your private key directly to the remote server and do a file compare (cmp in unix) you'll find the files aren't the same, it's added carriage returns

[bhupesh7shakya]

did any one found the solution!

[peterhalicky]

We just had the same problem. This plugin uses node16 base image which apparently is based on old OS docker base image which has pre-7.8 openssh - which needs an old format of the private key.

Source: https://stackoverflow.com/questions/67361592/git-push-with-ssh-remote-error-load-key-path-to-file-id-rsa-invalid-format

Hopefully this would be fixed by switching to a new runtime, I'm guessing node18 - but who knows if that has a new-enough openssh.

[jlpetracca]

some problem, i didnt understand if there is a solution

[LauGau]

Same problem... maybe I am doing something wrong, but I see others have the problem too... Did anyone find a solution? Thx

[EmileBons]

@peterhalicky Pointed me to the solution. When generating the ssh private key, you have to make it use PEM as the format: ssh-keygen -m PEM -t rsa -P "" -f ~/id_rsa.

[thealexwheeler]

@EmileBons and @peterhalicky you legends, thank you for sharing your findings!

[misaelnieto]

I re-created the deploy key using the PEM format:

ssh-keygen -m PEM -t rsa -P "" -f ~/id_rsa

I created the key on my linux laptop. I can ssh into my server with that key without problems. But with rsync this is not working though:

$ rsync -e ssh -p 22 -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no  --archive --human-readable --delete-after ./myrepo/build/ user@example.com:/var/my_website/public/
user@example.com's password:

$ ssh user@example.com -i ~/.ssh/deploy_key
Last failed login: Thu Sep 21 23:51:25 UTC 2023 from 200.41.22.221 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Thu Sep 21 23:50:46 2023 from 207.12.88.243
[user@server ~]$ 

But if I surround the ssh params as a string it works:

rsync -e "ssh -p 22 -i /home/nnieto/.ssh/deploy_key -o StrictHostKeyChecking=no"  --archive --human-readable --delete-after ./myrepo/build/ user@example.com:/var/my_website/public/
$ echo $?
0