search

appleboy / ssh-action

GitHub Actions for executing remote ssh commands.
https://github.com/marketplace/actions/ssh-remote-commands
MIT License
4.66k stars 567 forks source link

ssh: handshake failed on every attempt #80

Closed Cabalist closed 1 year ago

Cabalist commented 4 years ago

Hey there,

I'm stuck and wasn't able to find a solution in reading previous issues. I keep getting the following error: 2020/08/29 01:19:13 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Here is my YAML:

name: Deploy branch to staging

on:
  push:
    branches: [ develop ]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: executing remote ssh commands
        uses: appleboy/ssh-action@master
        with:
          script_stop: true
          host: ${{ secrets.NEWDEV_HOST }}
          username: ${{ secrets.NEWDEV_USERNAME }}
          key: ${{ secrets.NEWDEV_SSH_KEY }}
          port: ${{ secrets.NEWDEV_SSH_PORT }}
          script: whoami

My ssh key is a pem file:

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

The correct values are in .ssh/authorized_keys on the remote server. I am able to ssh from multiple other machines using this key. There is no passcode.

I'm stumped! This is on EC2 if that makes a difference.

appleboy commented 4 years ago

https://github.com/appleboy/ssh-action#setting-up-ssh-key

Cabalist commented 4 years ago

I just followed those steps exactly (adding another key).

I get the same error on the Github action page. I'm able to log in fine using SSH from the terminal using that newly created key.

I must be missing something else. I don't believe it is Firewall related as SSH does respond and gives the handshake failed response. The key works from the ssh on the terminal when I use ssh -i github_deploy_id_rsa ec2-user@newdevsite.example.com

Just checking the basics here:

host is the dns name of the server (for example newdevsite.example.com) username is the ssh username (my username does have a hyphen in it ec2-user) key is the text of the private keyfile. No encoding just copied and pasted. port is 22 (I tried leaving this off since it is the default but that made no difference)

I'm not sure what else could be going wrong. Hmmm

mcameloa commented 4 years ago

I got the same error

image

My action file

name: deploy

on:
  push:
    branches: [ master ]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Connect and run Scripts
        uses: appleboy/ssh-action@v0.1.3
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          HOST: ${{ secrets.HOST }}
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USERNAME }}
          key: ${{ secrets.PRIVATE_KEY }}
          port: ${{ secrets.PORT }}
          script: |
            whoami
            echo "$HOST"
            ls -a
mcameloa commented 4 years ago

I just resolve the issue my RSA PRIVATE KEY was incomplete Try to run cat ~/.ssh/id_rsa

Thx.

Cabalist commented 4 years ago

@militem-code Thanks! However you got the ParsePrivateKey: ssh: invalid openssh private key format error which is helpful. Unfortunately I get none of that. I'm able to confirm my key is correct from the command line. There is something else going on

executing remote ssh commands1s proxy_use_insecure_cipher: false Run appleboy/ssh-action@master /usr/bin/docker run --name e5ae592eecc69186d449d19429204e230021df_e58eb3 --label e5ae59 --workdir /github/workspace --rm -e INPUT_SCRIPT_STOP -e INPUT_HOST -e INPUT_USERNAME -e INPUT_KEY -e INPUT_PORT -e INPUT_SCRIPT -e INPUT_DEBUG -e INPUT_PASSPHRASE -e INPUT_PASSWORD -e INPUT_SYNC -e INPUT_USE_INSECURE_CIPHER -e INPUT_CIPHER -e INPUT_TIMEOUT -e INPUT_COMMAND_TIMEOUT -e INPUT_KEY_PATH -e INPUT_FINGERPRINT -e INPUT_PROXY_HOST -e INPUT_PROXY_PORT -e INPUT_PROXY_USERNAME -e INPUT_PROXY_PASSWORD -e INPUT_PROXY_PASSPHRASE -e INPUT_PROXY_TIMEOUT -e INPUT_PROXY_KEY -e INPUT_PROXY_KEY_PATH -e INPUT_PROXY_FINGERPRINT -e INPUT_PROXY_CIPHER -e INPUT_PROXY_USE_INSECURE_CIPHER -e INPUT_ENVS -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/xxx/xxx":"/github/workspace" e5ae59:2eecc69186d449d19429204e230021df ======CMD====== whoami ======END====== ======ENV====== 2020/09/11 19:43:51 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

======END======

Siedlerchr commented 4 years ago

I an confirm this error. All of a sudden it started to fail. Nothing has changed on the secrets

Oliyy commented 4 years ago

Yea. I'm stumped on this too, can't find what is wrong

timahrentlov commented 4 years ago

I'm also unable to get it to work. Getting 2020/09/20 20:24:23 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Cabalist commented 4 years ago

@Siedlerchr @Oliyy @timahrentlov Where is the target ssh server hosted? I'm curious is this is specific to AWS.

timahrentlov commented 4 years ago

It's hosted on Digital Ocean.

Siedlerchr commented 4 years ago

@Cabalist our server is hosted at Hetzner

joegatt commented 4 years ago

@Cabalist This is failing for me too, exactly in this way, on a custom server.

muhammad-abdul-raheem commented 4 years ago

Failing for me as well: 2020/09/23 07:48:52 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

kraj011 commented 3 years ago

Failing for me too. Running server on digital ocean. Was working fine a few days ago.

cafesk8 commented 3 years ago

I can confirm the error

angbongon commented 3 years ago

Any news about the error? I've been having the same issue too.

shealavington commented 3 years ago

This is failing for me too, haven't had issues before today's attempted deployment.

kraj011 commented 3 years ago

I was using this package for a custom CI pipeline on my digital ocean server, but due to this error I had to stop. If anyone else is using DO i recommend using their new app platform which comes with a built in CI pipeline!

appleboy commented 3 years ago

@kraj011 What new app platform do you use?

appleboy commented 3 years ago

I will create a new video to demo how to use the plugin with the DO server.

kraj011 commented 3 years ago

@appleboy It came out very recently; here's a link to it: DO App Platform

aguinaldotupy commented 3 years ago

I've been having the same issue too, someone already solved?

JoCat commented 3 years ago

a similar error, I haven't found a solution yet although the authorization key works on the server

UPD re-entered all data in secret and it worked the IP or username may have been entered incorrectly

angbongon commented 3 years ago

Well I was finally able to make it work. I don't remember well what I changed because it was so long ago, but here is my YAML file:

name: CD
on:
  push:
    branches: [main]
jobs:
  deploy:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - name: Repository checkout
        uses: actions/checkout@v2
      - name: Connects to VPS via SSH
        uses: appleboy/ssh-action@v0.1.3
        with:
          host: ${{ secrets.SERVER_IP }}
          port: ${{ secrets.SERVER_PORT }}
          username: ${{ secrets.SERVER_USERNAME }}
          key: ${{ secrets.SERVER_KEY }}
          passphrase: ${{ secrets.SERVER_PASSPHRASE }}
          script: |
            cd ${{ secrets.PROJECT_PATH }}
            sudo git checkout main
            sudo git pull origin main
            python3 manage.py migrate
            sudo systemctl restart crm-backend
pascalandy commented 3 years ago

I got it! @v0.1.4 work at the moment I guess something is broken in the master branch. So don't use @master.

      - 
        name: Run scripts on servers via SSH
        uses: appleboy/ssh-action@v0.1.4
        with:
          host: "${{ secrets.NODE1 }},${{ secrets.NODE2 }},${{ secrets.NODE3 }}"
          #sync: true
          port: ${{ secrets.SSH_PORT }}
          username: ${{ secrets.SSH_USERNAME }}
          key: ${{ secrets.SSH_KEY_ACTIONS }}
          passphrase: ${{ secrets.SSH_KEY_ACTIONS_PASSPHRASE }}
          script: |
            echo && hostname
            cd ${{ secrets.DEPLOY_SETUP_PATH }}
            git rev-parse --short HEAD
appleboy commented 3 years ago

v0.1.4 vs master version:

https://github.com/appleboy/ssh-action/compare/v0.1.4...master

I think no difference between v0.1.4 and master.

pascalandy commented 3 years ago

LOL that's so weird :-p

leadscloud commented 3 years ago

i found reason. because ssh_key is incorrect.

cat ~/.ssh/id_rsa don't run at server. use cat ~/.ssh/known_hosts You need to use the matching pub key.

bcherny commented 3 years ago

In case it's helpful for anyone else, I dropped down to ssh as a quick hack to unblock myself (in addition to double-checking the authorized_keys on my DigitalOcean droplet):

- name: Deploy
   run: |
     TEMP=$(mktemp)
     echo "${{ secrets.SSH_PRIVATE_KEY }}" > $TEMP
     ssh -o 'StrictHostKeyChecking no' -i $TEMP myuser@mysite.com 'bash -s' < scripts/deploy.sh
pascalandy commented 3 years ago

That's a good hack :-p

I dropped down to ssh as a quick hack to unblock myself (in addition to double-checking the authorized_keys on my DigitalOcean droplet):

adiii717 commented 3 years ago

Not able to resolve using this issue so move to https://github.com/marketplace/actions/remote-ssh-commands which work like charm

pascalandy commented 3 years ago

Solution: I found that I must put the attributes in this exact order!

host: "${{ secrets.NODE1 }},${{ secrets.NODE2 }},${{ secrets.NODE3 }}"
port: ${{ secrets.SSH_PORT }}
username: ${{ secrets.SSH_USERNAME }}
key: ${{ secrets.SSH_KEY_ACTIONS }}
passphrase: ${{ secrets.SSH_KEY_ACTIONS_PASSPHRASE }}
MrMinos commented 3 years ago

Had the exact same issue. Turns out when I copied ssh private key into the Github secrets, it was adding unnecessary whitespaces -- even though the formatting looked fine!

Try copy and pasting to a plain text editor, and then paste it into the website.

Layoric commented 3 years ago

I only hit this problem when I try to use envs with a value from ${{ secrets.* }}.

Eg, this fails to authenticate with ssh

      - name: remote docker-compose up via ssh
        uses: appleboy/ssh-action@v0.1.4
        env:
          APPTOKEN: ${{ secrets.CR_PAT }}
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USERNAME }}
          key: ${{ secrets.DEPLOY_KEY }}
          port: ${{ secrets.DEPLOY_PORT }}
          envs: APPTOKEN
          script: |
            echo $APPTOKEN | docker login ghcr.io -u Layoric --password-stdin

But this succeeds to authenticate with ssh (ignore that the remote script will fail):

      - name: remote docker-compose up via ssh
        uses: appleboy/ssh-action@v0.1.4
        env:
          APPTOKEN: ${{ github.repository_owner }}
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USERNAME }}
          key: ${{ secrets.DEPLOY_KEY }}
          port: ${{ secrets.DEPLOY_PORT }}
          envs: APPTOKEN
          script: |
            echo $APPTOKEN | docker login ghcr.io -u Layoric --password-stdin

Is this a limitation that secrets can only be used within the action with or specifically not with env rather than an issue with this action itself?

EDIT: Copying secrets into env worked well for me. Eg

     - name: Set the value
        run: |
          echo "GH_TOKEN=${{ secrets.CR_PAT }}" >> $GITHUB_ENV
          echo "USERNAME=${{ secrets.DEPLOY_USERNAME }}" >> $GITHUB_ENV

      - name: remote ssh
        uses: appleboy/ssh-action@v0.1.4
        env:
          APPTOKEN: ${{ env.GH_TOKEN }}
          USERNAME: ${{ env.USERNAME }}
nebnes commented 3 years ago

I have the same issue with @master and @v0.1.4

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

here is my yaml : 

    - name: test
      uses: appleboy/ssh-action@master
      with:
        host: ${{ secrets.SSH_HOST }}
        username: ${{ secrets.SSH_USER }}
        key: ${{ secrets.SSH_KEY }}
        passphrase: ${{ secrets.SSH_PASS }}
        script: ls /
appleboy commented 3 years ago

I try the master version. It is working for me. See the result: https://github.com/appleboy/ssh-action/actions/runs/562867945 and the following example:

name: remote ssh command
on: [push]
jobs:

  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
    - name: checkout
      uses: actions/checkout@v1

    - name: executing remote ssh commands using password
      uses: ./
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        password: ${{ secrets.PASSWORD }}
        port: ${{ secrets.PORT }}
        script: whoami

    - name: executing remote ssh commands using ssh key
      uses: ./
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.KEY }}
        port: ${{ secrets.PORT }}
        script: whoami

    - name: multiple command
      uses: ./
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.KEY }}
        port: ${{ secrets.PORT }}
        script: |
          whoami
          ls -al

    # - name: stop script if command error
    #   uses: ./
    #   with:
    #     host: ${{ secrets.HOST }}
    #     username: ${{ secrets.USERNAME }}
    #     key: ${{ secrets.KEY }}
    #     port: ${{ secrets.PORT }}
    #     script_stop: true
    #     script: |
    #       mkdir abc/def
    #       ls -al

    - name: pass environment
      uses: ./
      env:
        FOO: "BAR"
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.KEY }}
        port: ${{ secrets.PORT }}
        envs: FOO
        script: |
          echo "I am $FOO, thanks"
          echo "I am $BAR, thanks"

    - name: pass multiple environment
      uses: ./
      env:
        FOO: "BAR"
        BAR: "FOO"
        SHA: ${{ github.sha }}
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.KEY }}
        port: ${{ secrets.PORT }}
        envs: FOO,BAR,SHA
        script: |
          echo "I am $FOO, thanks"
          echo "I am $BAR, thanks"
          echo "sha: $SHA"

    - name: ssh key passphrase
      uses: ./
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.SSH2 }}
        port: ${{ secrets.PORT }}
        passphrase: ${{ secrets.PASSPHRASE }}
        script: |
          whoami
          ls -al

    - name: use insecure cipher
      uses: ./
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        password: ${{ secrets.PASSWORD }}
        port: ${{ secrets.PORT }}
        script: |
            ls \
              -lah
        use_insecure_cipher: true

    # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271
    - name: Multiline SSH commands interpreted as single lines
      uses: ./
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        password: ${{ secrets.PASSWORD }}
        port: ${{ secrets.PORT }}
        script_stop: true
        script: |
            ls \
              -lah
        use_insecure_cipher: true

    # https://github.com/appleboy/ssh-action/issues/85
    - name: Deployment to multiple hosts with different ports
      uses: ./
      with:
        host: "${{ secrets.HOST }}:${{ secrets.PORT }}"
        username: ${{ secrets.USERNAME }}
        password: ${{ secrets.PASSWORD }}
        port: 1024
        script_stop: true
        script: |
            ls \
              -lah
        use_insecure_cipher: true

See the source code: https://github.com/appleboy/ssh-action/blob/63dd9dd662e35cedefd05fa36e163608893bf31d/.github/workflows/ci.yml#L5-L134

erfannariman commented 3 years ago

I fixed it by creating a rsa key instead of ed25519. The GitHub docs advice to use this encryption type:

$ ssh-keygen -t ed25519 -C "your_email@example.com"

But that didn't seem to work with ssh-action

So using rsa fixed it:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
pascalandy commented 3 years ago

It can be a quick fix but RSA is considered less secure than ed25519

erfannariman commented 3 years ago

It can be a quick fix but RSA is considered less secure than ed25519

I agree it's a quick fix and definitely not the solution to this problem.

appleboy commented 3 years ago

Hi All,

We only support RSA (PKCS#1), PKCS#8, DSA (OpenSSL), and ECDSA private keys.

erfannariman commented 3 years ago

Hi All,

We only support RSA (PKCS#1), PKCS#8, DSA (OpenSSL), and ECDSA private keys.

Are you planning to add ed25519?

appleboy commented 3 years ago

@erfannariman I try to create private key using ssh-keygen -t ed25519 -C "your_email@example.com" and it is working with ed25519 type.

    - name: SSH ED25519 Private Key
      uses: ./
      with:
        host: ${{ secrets.TUNNEL_HOST }}
        username: ${{ secrets.TUNNEL_USERNAME }}
        key: ${{ secrets.ID_ED25519 }}
        port: ${{ secrets.TUNNEL_PORT }}
        script: whoami
adityacrypstal commented 3 years ago

I also had the same problem. But my public key was not there in authorized_keys, so I just used my private key from pem file replacing the newly created one. Not it's working.

vamotest commented 3 years ago

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Perhaps this will be useful for those who use PyCharm. As suggested to me @matacoder, the problem may be due to hidden line wrapping.

Akecel commented 3 years ago

Hello, I had the same error, for me the problem was due to an error for the username. The only thing I can advise when this error appears is to start from 0 by being twice as attentive and not to miss any step and not to make any mistake, even minimal (for example I had put a capital letter in my username when it was not necessary and I blocked two hours on it)

redSlug commented 3 years ago

The mistake I got caught on was I put the private key from the server as SERVER_KEY in Github secrets.

What fixed this for me was to put the public key from my dev machine into authorized keys on the server, and then pass in the corresponding private key (from my dev machine) as SERVER_KEY in Github secrets.

According to the documentation, "The best practice is create the SSH Keys on local machine not remote machine."

alexshchegretsov commented 3 years ago

Solve it, use ssh-keygen -t rsa, without any additional keys open keys in editor, don't copy from terminal

sridharei commented 3 years ago

Adding what worked for me, FWIW, though it makes little sense to me..

As per the advice at http://www.linuxproblem.org/art_9.html, "Depending on your version of SSH you might also have to do the following changes: Put the public key in .ssh/authorized_keys2..."

As soon as I copied .ssh/id_rsa.pub to .ssh/authorized_keys2, it started working..

appleboy commented 3 years ago

@sridharei Good point. I will update the README.

holmofy commented 3 years ago

I solved this problem. Check if the private key has a newline character at the end