Closed Cabalist closed 1 year ago
I just followed those steps exactly (adding another key).
I get the same error on the Github action page. I'm able to log in fine using SSH from the terminal using that newly created key.
I must be missing something else. I don't believe it is Firewall related as SSH does respond and gives the handshake failed response. The key works from the ssh on the terminal when I use ssh -i github_deploy_id_rsa ec2-user@newdevsite.example.com
Just checking the basics here:
host is the dns name of the server (for example newdevsite.example.com
)
username is the ssh username (my username does have a hyphen in it ec2-user
)
key is the text of the private keyfile. No encoding just copied and pasted.
port is 22 (I tried leaving this off since it is the default but that made no difference)
I'm not sure what else could be going wrong. Hmmm
I got the same error
My action file
name: deploy
on:
push:
branches: [ master ]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Connect and run Scripts
uses: appleboy/ssh-action@v0.1.3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HOST: ${{ secrets.HOST }}
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.PRIVATE_KEY }}
port: ${{ secrets.PORT }}
script: |
whoami
echo "$HOST"
ls -a
I just resolve the issue my RSA PRIVATE KEY was incomplete
Try to run cat ~/.ssh/id_rsa
Thx.
@militem-code Thanks! However you got the ParsePrivateKey: ssh: invalid openssh private key format
error which is helpful. Unfortunately I get none of that. I'm able to confirm my key is correct from the command line. There is something else going on
executing remote ssh commands1s proxy_use_insecure_cipher: false Run appleboy/ssh-action@master /usr/bin/docker run --name e5ae592eecc69186d449d19429204e230021df_e58eb3 --label e5ae59 --workdir /github/workspace --rm -e INPUT_SCRIPT_STOP -e INPUT_HOST -e INPUT_USERNAME -e INPUT_KEY -e INPUT_PORT -e INPUT_SCRIPT -e INPUT_DEBUG -e INPUT_PASSPHRASE -e INPUT_PASSWORD -e INPUT_SYNC -e INPUT_USE_INSECURE_CIPHER -e INPUT_CIPHER -e INPUT_TIMEOUT -e INPUT_COMMAND_TIMEOUT -e INPUT_KEY_PATH -e INPUT_FINGERPRINT -e INPUT_PROXY_HOST -e INPUT_PROXY_PORT -e INPUT_PROXY_USERNAME -e INPUT_PROXY_PASSWORD -e INPUT_PROXY_PASSPHRASE -e INPUT_PROXY_TIMEOUT -e INPUT_PROXY_KEY -e INPUT_PROXY_KEY_PATH -e INPUT_PROXY_FINGERPRINT -e INPUT_PROXY_CIPHER -e INPUT_PROXY_USE_INSECURE_CIPHER -e INPUT_ENVS -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/xxx/xxx":"/github/workspace" e5ae59:2eecc69186d449d19429204e230021df ======CMD====== whoami ======END====== ======ENV====== 2020/09/11 19:43:51 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
======END======
I an confirm this error. All of a sudden it started to fail. Nothing has changed on the secrets
Yea. I'm stumped on this too, can't find what is wrong
I'm also unable to get it to work. Getting 2020/09/20 20:24:23 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
@Siedlerchr @Oliyy @timahrentlov Where is the target ssh server hosted? I'm curious is this is specific to AWS.
It's hosted on Digital Ocean.
@Cabalist our server is hosted at Hetzner
@Cabalist This is failing for me too, exactly in this way, on a custom server.
Failing for me as well:
2020/09/23 07:48:52 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
Failing for me too. Running server on digital ocean. Was working fine a few days ago.
I can confirm the error
Any news about the error? I've been having the same issue too.
This is failing for me too, haven't had issues before today's attempted deployment.
I was using this package for a custom CI pipeline on my digital ocean server, but due to this error I had to stop. If anyone else is using DO i recommend using their new app platform which comes with a built in CI pipeline!
@kraj011 What new app platform do you use?
I will create a new video to demo how to use the plugin with the DO server.
@appleboy It came out very recently; here's a link to it: DO App Platform
I've been having the same issue too, someone already solved?
a similar error, I haven't found a solution yet although the authorization key works on the server
UPD re-entered all data in secret and it worked the IP or username may have been entered incorrectly
Well I was finally able to make it work. I don't remember well what I changed because it was so long ago, but here is my YAML file:
name: CD
on:
push:
branches: [main]
jobs:
deploy:
# The type of runner that the job will run on
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Repository checkout
uses: actions/checkout@v2
- name: Connects to VPS via SSH
uses: appleboy/ssh-action@v0.1.3
with:
host: ${{ secrets.SERVER_IP }}
port: ${{ secrets.SERVER_PORT }}
username: ${{ secrets.SERVER_USERNAME }}
key: ${{ secrets.SERVER_KEY }}
passphrase: ${{ secrets.SERVER_PASSPHRASE }}
script: |
cd ${{ secrets.PROJECT_PATH }}
sudo git checkout main
sudo git pull origin main
python3 manage.py migrate
sudo systemctl restart crm-backend
I got it! @v0.1.4 work at the moment I guess something is broken in the master branch. So don't use @master.
-
name: Run scripts on servers via SSH
uses: appleboy/ssh-action@v0.1.4
with:
host: "${{ secrets.NODE1 }},${{ secrets.NODE2 }},${{ secrets.NODE3 }}"
#sync: true
port: ${{ secrets.SSH_PORT }}
username: ${{ secrets.SSH_USERNAME }}
key: ${{ secrets.SSH_KEY_ACTIONS }}
passphrase: ${{ secrets.SSH_KEY_ACTIONS_PASSPHRASE }}
script: |
echo && hostname
cd ${{ secrets.DEPLOY_SETUP_PATH }}
git rev-parse --short HEAD
v0.1.4 vs master version:
https://github.com/appleboy/ssh-action/compare/v0.1.4...master
I think no difference between v0.1.4 and master.
LOL that's so weird :-p
i found reason. because ssh_key is incorrect.
cat ~/.ssh/id_rsa
don't run at server. use cat ~/.ssh/known_hosts
You need to use the matching pub key.
In case it's helpful for anyone else, I dropped down to ssh as a quick hack to unblock myself (in addition to double-checking the authorized_keys on my DigitalOcean droplet):
- name: Deploy
run: |
TEMP=$(mktemp)
echo "${{ secrets.SSH_PRIVATE_KEY }}" > $TEMP
ssh -o 'StrictHostKeyChecking no' -i $TEMP myuser@mysite.com 'bash -s' < scripts/deploy.sh
That's a good hack :-p
I dropped down to ssh as a quick hack to unblock myself (in addition to double-checking the authorized_keys on my DigitalOcean droplet):
Not able to resolve using this issue so move to https://github.com/marketplace/actions/remote-ssh-commands which work like charm
Solution: I found that I must put the attributes in this exact order!
host: "${{ secrets.NODE1 }},${{ secrets.NODE2 }},${{ secrets.NODE3 }}"
port: ${{ secrets.SSH_PORT }}
username: ${{ secrets.SSH_USERNAME }}
key: ${{ secrets.SSH_KEY_ACTIONS }}
passphrase: ${{ secrets.SSH_KEY_ACTIONS_PASSPHRASE }}
Had the exact same issue. Turns out when I copied ssh private key into the Github secrets, it was adding unnecessary whitespaces -- even though the formatting looked fine!
Try copy and pasting to a plain text editor, and then paste it into the website.
I only hit this problem when I try to use envs
with a value from ${{ secrets.* }}
.
Eg, this fails to authenticate with ssh
- name: remote docker-compose up via ssh
uses: appleboy/ssh-action@v0.1.4
env:
APPTOKEN: ${{ secrets.CR_PAT }}
with:
host: ${{ secrets.DEPLOY_HOST }}
username: ${{ secrets.DEPLOY_USERNAME }}
key: ${{ secrets.DEPLOY_KEY }}
port: ${{ secrets.DEPLOY_PORT }}
envs: APPTOKEN
script: |
echo $APPTOKEN | docker login ghcr.io -u Layoric --password-stdin
But this succeeds to authenticate with ssh (ignore that the remote script will fail):
- name: remote docker-compose up via ssh
uses: appleboy/ssh-action@v0.1.4
env:
APPTOKEN: ${{ github.repository_owner }}
with:
host: ${{ secrets.DEPLOY_HOST }}
username: ${{ secrets.DEPLOY_USERNAME }}
key: ${{ secrets.DEPLOY_KEY }}
port: ${{ secrets.DEPLOY_PORT }}
envs: APPTOKEN
script: |
echo $APPTOKEN | docker login ghcr.io -u Layoric --password-stdin
Is this a limitation that secrets can only be used within the action with
or specifically not with env
rather than an issue with this action itself?
EDIT: Copying secrets into env worked well for me. Eg
- name: Set the value
run: |
echo "GH_TOKEN=${{ secrets.CR_PAT }}" >> $GITHUB_ENV
echo "USERNAME=${{ secrets.DEPLOY_USERNAME }}" >> $GITHUB_ENV
- name: remote ssh
uses: appleboy/ssh-action@v0.1.4
env:
APPTOKEN: ${{ env.GH_TOKEN }}
USERNAME: ${{ env.USERNAME }}
I have the same issue with @master and @v0.1.4
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
here is my yaml :
- name: test
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.SSH_HOST }}
username: ${{ secrets.SSH_USER }}
key: ${{ secrets.SSH_KEY }}
passphrase: ${{ secrets.SSH_PASS }}
script: ls /
I try the master version. It is working for me. See the result: https://github.com/appleboy/ssh-action/actions/runs/562867945 and the following example:
name: remote ssh command
on: [push]
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v1
- name: executing remote ssh commands using password
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
script: whoami
- name: executing remote ssh commands using ssh key
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: whoami
- name: multiple command
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: |
whoami
ls -al
# - name: stop script if command error
# uses: ./
# with:
# host: ${{ secrets.HOST }}
# username: ${{ secrets.USERNAME }}
# key: ${{ secrets.KEY }}
# port: ${{ secrets.PORT }}
# script_stop: true
# script: |
# mkdir abc/def
# ls -al
- name: pass environment
uses: ./
env:
FOO: "BAR"
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
envs: FOO
script: |
echo "I am $FOO, thanks"
echo "I am $BAR, thanks"
- name: pass multiple environment
uses: ./
env:
FOO: "BAR"
BAR: "FOO"
SHA: ${{ github.sha }}
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
envs: FOO,BAR,SHA
script: |
echo "I am $FOO, thanks"
echo "I am $BAR, thanks"
echo "sha: $SHA"
- name: ssh key passphrase
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH2 }}
port: ${{ secrets.PORT }}
passphrase: ${{ secrets.PASSPHRASE }}
script: |
whoami
ls -al
- name: use insecure cipher
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
script: |
ls \
-lah
use_insecure_cipher: true
# https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271
- name: Multiline SSH commands interpreted as single lines
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
script_stop: true
script: |
ls \
-lah
use_insecure_cipher: true
# https://github.com/appleboy/ssh-action/issues/85
- name: Deployment to multiple hosts with different ports
uses: ./
with:
host: "${{ secrets.HOST }}:${{ secrets.PORT }}"
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: 1024
script_stop: true
script: |
ls \
-lah
use_insecure_cipher: true
See the source code: https://github.com/appleboy/ssh-action/blob/63dd9dd662e35cedefd05fa36e163608893bf31d/.github/workflows/ci.yml#L5-L134
I fixed it by creating a rsa
key instead of ed25519
. The GitHub docs advice to use this encryption type:
$ ssh-keygen -t ed25519 -C "your_email@example.com"
But that didn't seem to work with ssh-action
So using rsa fixed it:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
It can be a quick fix but RSA
is considered less secure than ed25519
It can be a quick fix but
RSA
is considered less secure thaned25519
I agree it's a quick fix and definitely not the solution to this problem.
Hi All,
We only support RSA (PKCS#1)
, PKCS#8
, DSA (OpenSSL)
, and ECDSA
private keys.
Hi All,
We only support
RSA (PKCS#1)
,PKCS#8
,DSA (OpenSSL)
, andECDSA
private keys.
Are you planning to add ed25519
?
@erfannariman I try to create private key using ssh-keygen -t ed25519 -C "your_email@example.com"
and it is working with ed25519
type.
- name: SSH ED25519 Private Key
uses: ./
with:
host: ${{ secrets.TUNNEL_HOST }}
username: ${{ secrets.TUNNEL_USERNAME }}
key: ${{ secrets.ID_ED25519 }}
port: ${{ secrets.TUNNEL_PORT }}
script: whoami
I also had the same problem. But my public key was not there in authorized_keys, so I just used my private key from pem file replacing the newly created one. Not it's working.
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Perhaps this will be useful for those who use PyCharm. As suggested to me @matacoder, the problem may be due to hidden line wrapping.
Hello, I had the same error, for me the problem was due to an error for the username. The only thing I can advise when this error appears is to start from 0 by being twice as attentive and not to miss any step and not to make any mistake, even minimal (for example I had put a capital letter in my username when it was not necessary and I blocked two hours on it)
The mistake I got caught on was I put the private key from the server as SERVER_KEY in Github secrets.
What fixed this for me was to put the public key from my dev machine into authorized keys on the server, and then pass in the corresponding private key (from my dev machine) as SERVER_KEY in Github secrets.
According to the documentation, "The best practice is create the SSH Keys on local machine not remote machine."
Solve it, use ssh-keygen -t rsa, without any additional keys open keys in editor, don't copy from terminal
Adding what worked for me, FWIW, though it makes little sense to me..
As per the advice at http://www.linuxproblem.org/art_9.html, "Depending on your version of SSH you might also have to do the following changes: Put the public key in .ssh/authorized_keys2..."
As soon as I copied .ssh/id_rsa.pub to .ssh/authorized_keys2, it started working..
@sridharei Good point. I will update the README.
I solved this problem. Check if the private key has a newline character at the end
Hey there,
I'm stuck and wasn't able to find a solution in reading previous issues. I keep getting the following error:
2020/08/29 01:19:13 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Here is my YAML:
My ssh key is a pem file:
The correct values are in
.ssh/authorized_keys
on the remote server. I am able to ssh from multiple other machines using this key. There is no passcode.I'm stumped! This is on EC2 if that makes a difference.