SSH key works from my local machine, but not with this Action.

[greaveselliott]

Hi, I am having some trouble getting your action to connect to my DigitialOcean droplet. I have tried both SSH connections via a SSH Key and a standard User/Password.

The error handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

My config

- name: Deploy
    uses: appleboy/ssh-action@master
    with:
       host: ${{ secrets.DIGITAL_OCEAN_DROPLET_HOST }}
       username: ${{ secrets.DIGITAL_OCEAN_DROPLET_USER }}
       password: ${{ secrets.DIGITAL_OCEAN_DROPLET_PASSWORD }}
       script: whoami

Lastly, reviewing some of the resolved repo issues, I followed your advice to follow this article http://www.linuxproblem.org/art_9.html which gets you to append the public SSH key to the remote servers authorized_keys file.

Cheers,

[appleboy]

https://github.com/appleboy/ssh-action/blob/aa1ecdd19aeebf7f9515f55b4801b027b55d40ac/.github/workflows/ci.yml#L9-L25

It is working for me using password or ssh keys.

You can try the ssh command first that makes sure you can connect to a server via CLI.

[greaveselliott]

Thanks for the response @appleboy. It was an issue with my credentials. I've fixed this now.

[sgurlt]

Thanks for the response @appleboy. It was an issue with my credentials. I've fixed this now.

I am actually facing the same issue, how did you fix it in the end?

[yonatan-gelbard]

@sgurlt Its probably wrong username. If it works for you locally make sure you set the same username (i.e. of you use locally ssh git@host, so username should be "git")

[sgurlt]

Thanks for commenting back, for me it was an issue with the ssh key, I also have resolved it in the meantime.

[maxarouca]

https://github.com/appleboy/ssh-action/blob/aa1ecdd19aeebf7f9515f55b4801b027b55d40ac/.github/workflows/ci.yml#L9-L25

It is working for me using password or ssh keys.

You can try the ssh command first that makes sure you can connect to a server via CLI.

Will I use the same ssh key configured on my server?

[ezeikel]

Having a similar issue with my Digital Ocean droplet and it's driving me crazy. I can connect from my Mac terminal fine using ssh username@droplet-ip-address but when I do it via Github Actions I get the handshake failed error.

I pasted the contents of the private key on my droplet into the secret for KEY and the HOST is the ip address.

Not sure where this is falling over. My private key starts with: -----BEGIN RSA PRIVATE KEY-----

I've seen some examples with BEGIN OPEN SSH PRIVATE KEY

Maybe that could be the issue?

[ezeikel]

Hi, I am having some trouble getting your action to connect to my DigitialOcean droplet. I have tried both SSH connections via a SSH Key and a standard User/Password.

The error handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

My config

- name: Deploy
    uses: appleboy/ssh-action@master
    with:
       host: ${{ secrets.DIGITAL_OCEAN_DROPLET_HOST }}
       username: ${{ secrets.DIGITAL_OCEAN_DROPLET_USER }}
       password: ${{ secrets.DIGITAL_OCEAN_DROPLET_PASSWORD }}
       script: whoami

Lastly, reviewing some of the resolved repo issues, I followed your advice to follow this article http://www.linuxproblem.org/art_9.html which gets you to append the public SSH key to the remote servers authorized_keys file.

Cheers,

I also looked at this post but wondering how we would add a public key from Github to the authorized_keys file on my Digital Ocean droplet?

[vrusua]

I also looked at this post but wondering how we would add a public key from Github to the authorized_keys file on my Digital Ocean droplet?

Hi @ezeikel,

it looks like you should do this once manually through your terminal or in DO console, depending on your security settings.

Cheers

[camleng]

I think I'm just missing something, but which public key do I use? I have not been able to get it to work with using the output of ssh-keyscan github.com in my authorized_keys/known_hosts files

[GTHell]

To those who had ssh problem with this github action + digital ocean, don't use SSH option when create droplet. Use password generated one!

[parrasajad]

Hi @ezeikel , @camleng ,

you should store the public key from key pair generated using ssh-keygen into authorized_keys

[cglusky]

I ended up disabling ufw on the droplet and using the DO Cloud firewall. I originally used the automation script on initial droplet creation that runs this at the end:

# Add exception for SSH and then enable UFW firewall
ufw allow OpenSSH

I assumed that would open port 22 to all tcp traffic but perhaps it does not?

If you prefer ufw you might try opening port 22 to tcp rather than use "allow OpenSSH".

I just switched to DO Cloud firewall and opened port 22 for ssh and that fixed my handshake issues using this action.

[appleboy]

@appleboy Your private key on your mac. Please show your ssh command.

[henrylemmon]

@appleboy I have been trying for a week I must be missing something. Here is my error in github:

2020/12/28 05:30:44 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain.

Here is the script:

deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Deployment
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.SSH_HOST }}
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          username: ${{ secrets.SSH_USERNAME }}
          script: |

            cd /var/www/

            git checkout -f

            git pull origin master

my firewall is disabled on digitalocean

here is the auth.log from do:

Dec 27 00:01:31 ubuntu-s-1vcpu-1gb-sfo2-01 sshd[49935]: Invalid user tanna from 164.132.107.245 port 40254
Dec 27 00:01:31 ubuntu-s-1vcpu-1gb-sfo2-01 sshd[49935]: Received disconnect from 164.132.107.245 port 40254:11: Bye Bye [preauth]
Dec 27 00:01:31 ubuntu-s-1vcpu-1gb-sfo2-01 sshd[49935]: Disconnected from invalid user tanna 164.132.107.245 port 40254 [preauth]
Dec 27 00:01:51 ubuntu-s-1vcpu-1gb-sfo2-01 sshd[49937]: Unable to negotiate with 51.159.152.216 port 60842: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Dec 27 00:03:55 ubuntu-s-1vcpu-1gb-sfo2-01 sshd[49940]: Unable to negotiate with 51.159.152.216 port 44170: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Dec 27 00:05:55 ubuntu-s-1vcpu-1gb-sfo2-01 sshd[49945]: Unable to negotiate with 51.159.152.216 port 55742: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Dec 27 00:06:35 ubuntu-s-1vcpu-1gb-sfo2-01 sshd[49947]: Invalid user cubie from 88.129.82.123 port 59578

[alorwu]

@henrylemmon Are you able to ssh from your local machine to your DO server? If yes, you should copy the private key from your local machine to the github secrets. I believe the issue has to do with the keys since ssh connection is failing.

[brancooo1]

Yes, make it work with your computer first. Put your local public ssh key by .ssh/id_rsa.pub to authorized keys on server by nano .ssh/authorized_keys. And then just try running ssh your_user@your_server and it should work without password. Then move to make it work for github actions.

[rehman-invozone]

Hi @appleboy My github file is followed

• name: executing remote ssh commands using password uses: appleboy/ssh-action@master with: host: ${{ secrets.HOST }} username: ${{ secrets.USER }} key: ${{ secrets.SSH_KEY }} port: ${{ secrets.PORT }}

Where as host is my server ip, port is 22, SSH_KEY is my pem file and username is user

But I'm encountering error "ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain"

[Peelz]

@sgurlt Its probably wrong username. If it works for you locally make sure you set the same username (i.e. of you use locally ssh git@host, so username should be "git")

In my case I've setting wrong username, Thanks for saving my time.

[izharishaksa]

Basically this action delegate your ssh command to github. To do that we have to give our private key to github (usually stored in ~/.ssh/id_rsa file). If it still can't connect, that means that your key is not authorized in the server. To solve this, add/append your ssh public key from your machine/laptop (usually located at ~/.ssh/id_rsa.pub) to ~/.ssh/authorized_keys in the server.

[selvinkuik]

I had this problem when generating my key on an Ubuntu 22.04 LTS box by running ssh-keygen. I could SSH in from my Mac to the server with the key just fine, but not using the Github Action.

My fix in the end was to generate the key using ssh-keygen -t ecdsa

[carantunes]

selvinkuik

Had the same problem, resolved using the recommended algorithm https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent ssh-keygen -t ed25519 -C "user"

[sbraford]

For me the problem was I had previously used a hostname with a DNS A record pointing directly to the IP. That subsequently got replaced with an AWS load balancer in between to implement SSL.

Creating a new DNS A record pointing directly to the IP fixed it for me. (using the direct IP address would have as well)