ssh: handshake failed on every attempt

[Cabalist]

Hey there,

I'm stuck and wasn't able to find a solution in reading previous issues. I keep getting the following error: 2020/08/29 01:19:13 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Here is my YAML:

name: Deploy branch to staging

on:
  push:
    branches: [ develop ]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: executing remote ssh commands
        uses: appleboy/ssh-action@master
        with:
          script_stop: true
          host: ${{ secrets.NEWDEV_HOST }}
          username: ${{ secrets.NEWDEV_USERNAME }}
          key: ${{ secrets.NEWDEV_SSH_KEY }}
          port: ${{ secrets.NEWDEV_SSH_PORT }}
          script: whoami

My ssh key is a pem file:

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

The correct values are in .ssh/authorized_keys on the remote server. I am able to ssh from multiple other machines using this key. There is no passcode.

I'm stumped! This is on EC2 if that makes a difference.

[appleboy]

@sridharei I updated the readme. See https://github.com/appleboy/ssh-action/commit/29007ce6fb5efec2eaa8fd3b1220343a6f1d913e

[mannyanebi]

Adding what worked for me, FWIW, though it makes little sense to me..

As per the advice at http://www.linuxproblem.org/art_9.html, "Depending on your version of SSH you might also have to do the following changes: Put the public key in .ssh/authorized_keys2..."

As soon as I copied .ssh/id_rsa.pub to .ssh/authorized_keys2, it started working..

If I may ask, I'm new into this, why is it authorized_key2 and not authorized_keys which is already available. Thanks

[sridharei]

I'm not really sure, can check out https://serverfault.com/questions/116177/whats-the-difference-between-authorized-keys-and-authorized-keys2Apparently introduced in SSH 2.0 and deprecated but seems necessary for this fix... Sridhar __     ---- On Thu, 23 Sep 2021 22:38:27 +0530 @.*** wrote ----

Adding what worked for me, FWIW, though it makes little sense to me.. As per the advice at http://www.linuxproblem.org/art_9.html, "Depending on your version of SSH you might also have to do the following changes: Put the public key in .ssh/authorized_keys2..." As soon as I copied .ssh/id_rsa.pub to .ssh/authorized_keys2, it started working..

If I may ask, I'm new into this, why is it authorized_key2 and not authorized_keys which is already available. Thanks

—You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub, or unsubscribe.Triage notifications on the go with GitHub Mobile for iOS or Android.

Disclaimer: The information contained in this e-mail is for the exclusive use of the intended recipient(s) and may be confidential, proprietary, and/or legally privileged. Inadvertent disclosure of this message does not constitute a waiver of any privilege. If you receive this message in error, please do not directly or indirectly use, print, copy, forward, or disclose any part of this message. Please also delete this e-mail and all copies and notify the sender. Thank you.

[Aericio]

Mine also showed

======CMD====== whoami ======END====== 2021/10/14 07:26:31 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

I was able to find my issue by looking at ssh auth logs.

sudo tail -f /var/log/auth.log Authentication refused: bad ownership or modes for directory /home/user

I checked my home directory permissions with ls -l /home

drwxrwx--- 25 user user 4096 Oct 14 07:37 user

After doing chmod go-w /home/user

drwxr-x--- 25 user user 4096 Oct 14 07:37 user

I was able to connect & my action worked again.

======CMD====== whoami ======END====== out: ***

✅ Successfully executed commands to all host.

[hamochigames]

After debugged for hours, successfully resolved mine. Found out I missed following steps.

Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Server

• Digital Ocean
• Ubuntu 20.04
• Apache2

Solution

1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
2. Add it into authorised keys nano ~/.ssh/authorized_keys
3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

[PatrickNiyogitare28]

After debugged for hours, successfully resolved mine. Found out I missed following steps.

Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Server

• Digital Ocean
• Ubuntu 20.04
• Apache2

Solution

1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
2. Add it into authorised keys nano ~/.ssh/authorized_keys
3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

Wow I got it fixed as well, I had done it earlier but what I missed out was copying all the entire content as they are.

[daniamcode]

After debugged for hours, successfully resolved mine. Found out I missed following steps. Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain Server

• Digital Ocean
• Ubuntu 20.04
• Apache2

Solution

1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
2. Add it into authorised keys nano ~/.ssh/authorized_keys
3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

Wow I got it fixed as well, I had done it earlier but what I missed out was copying all the entire content as they are.

My mistake was that I copied the text but it came with a strange format; each line was kind of cut

[rgrunbla]

I had this problem. The server was refusing the authentication with this message :

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms

ssh-rsa refers to a RSA key with a SHA1 signature, which is considered weak, and therefore refused by my server.

Switching to ed25519 will probably fix it in the most easiest manner for most.

[SwaySZ]

After debugged for hours, successfully resolved mine. Found out I missed following steps.

Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Server

• Digital Ocean
• Ubuntu 20.04
• Apache2

Solution

1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
2. Add it into authorised keys nano ~/.ssh/authorized_keys
3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

This one might be the right answer. The key point is authorized_keys copying from id_rsa.pub.

[pavelgo314]

Hi, I facing the same error ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain but I'm trying to ssh into windows-2016 EC2, is it still should work? any suggestions?

[forwardomg]

If you're using nektos/act for local testing, then write secret key like so: KEY="-----BEGIN OPENSSH PRIVATE KEY-----\nPRIVATE_TOKEN_HERE\n-----END OPENSSH PRIVATE KEY-----" just remove the actual line breaks with \n. Hope it will be useful for someone.

[YakovL]

I'd like to highlight the only 2 answers that actually help with debugging instead of wild-guessing:

https://github.com/appleboy/ssh-action/issues/80#issuecomment-757089408 https://github.com/appleboy/ssh-action/issues/80#issuecomment-943116137 (!)

Thanks guys, using sudo tail -f /var/log/auth.log I quickly have found that I actually did a mistake in username and even repeated it when re-entered creds trying to fix the issue.

[rokulis]

I want to share my experience.

I was using rsync in my pipeline which is uploading static files to remote server, to path ~. This changes root (~) access rights and ssh starts not to work (ssh has strict rights policy). Be aware of that!

[antoinemartin]

I had the same symptom than @rgrunbla :

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms

And found some hints here and there. The solution for me was to add ssh-rsa to the configuration with:

> echo "PubkeyAcceptedKeyTypes=+ssh-rsa" >> /etc/ssh/sshd_config
> rc-service sshd restart

The second post gets you to the following page that says that ssh-rsa has been removed because it uses the SHA-1 signature that is not secure anymore.

The solution is probably to update somehow the ssh client in the action.

[antoinemartin]

If I'm not wrong, it seems that the upstream issue is tracked here: https://github.com/golang/go/issues/49952. For the record, I observe the same behavior on the terraform remote-exec provider with the same solution.

• My project including the fix.
• Working workflow

[CodeNinjaUG]

they dont support scripts

[jiewuko]

Adding what worked for me, FWIW, though it makes little sense to me..

As per the advice at http://www.linuxproblem.org/art_9.html, "Depending on your version of SSH you might also have to do the following changes: Put the public key in .ssh/authorized_keys2..."

As soon as I copied .ssh/id_rsa.pub to .ssh/authorized_keys2, it started working..

hello, it's work for me too, but I added id_rsa.pub to ~/.ssh/authorized_keys

[avdept]

So, seeing this many ppl with errors - easiest way for anybody to debug it - watch ssh logs - tail -f /var/log/auth.log

PS you might need to add sudo depending on type of your user

[mannyanebi]

After debugged for hours, successfully resolved mine. Found out I missed following steps.

Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Server

• Digital Ocean
• Ubuntu 20.04
• Apache2

Solution

1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
2. Add it into authorised keys nano ~/.ssh/authorized_keys
3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

This worked for me on a new VPS. Thanks @hamochigames

[rohnjeynolds]

In my case, I found this in the ssh log on my server: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] This led me to this ArchLinux forum, which implicates a change in the latest openssh version. https://bbs.archlinux.org/viewtopic.php?pid=1995438#p1995438 Following that comment's advice, I regenerated keys using ed25519 instead of rsa, and this solved the problem for me.

[JSchatten]

In my case it's about trailing spaces in the end of variable in a drone-secrets. I removed spaces in the end and it works. ` - name: ssh commands image: appleboy/drone-ssh settings: host: from_secret: sshHost username: from_secret: sshUser passphrase: from_secret: sshPassword key: from_secret: sshKey port: from_secret: sshPort script:

• ./some/path/to/script.sh when: event:
• push
• pull_request branch: [master] ` Every variable is in the drone-secrets variables in settings of project

[johntravolta1]

In my case, I found this in the ssh log on my server: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] This led me to this ArchLinux forum, which implicates a change in the latest openssh version. https://bbs.archlinux.org/viewtopic.php?pid=1995438#p1995438 Following that comment's advice, I regenerated keys using ed25519 instead of rsa, and this solved the problem for me.

I was having the same error on my ssh log. Generated my keys using ed25519 and it also worked for me. Thank you @rohnjeynolds command to watch logs from @avdept: sudo tail -f /var/log/auth.log command to generate key from appleboy: ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" Thank you!

[ashishkumar68]

Thanks, @rohnjeynolds

[dozykeys]

https://github.com/appleboy/ssh-action

This solved my issue as well. Many thanks

[AJInventam]

I got the same error

My action file

name: deploy

on:
  push:
    branches: [ master ]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Connect and run Scripts
        uses: appleboy/ssh-action@v0.1.3
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          HOST: ${{ secrets.HOST }}
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USERNAME }}
          key: ${{ secrets.PRIVATE_KEY }}
          port: ${{ secrets.PORT }}
          script: |
            whoami
            echo "$HOST"
            ls -a

If you are using EC2 then generate an ssh key using:- ssh-keygen -t ed25519 -a 200 -C "[your_email@example.com]"

[integral-llc]

I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines

PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa

to my /etc/ssh/sshd_config after restarting the ssh server all worked as needed.

[SeungWookHan]

@integral-llc This solution works!!

[Santosh155]

Thanks @integral-llc for the solution. It works to me as well.

[e4t4g]

This article really helped https://medium.com/swlh/how-to-deploy-your-application-to-digital-ocean-using-github-actions-and-save-up-on-ci-cd-costs-74b7315facc2 I just added public key to github`SSH keys and private key to secrets.

[mkalkowski83]

I fixed this problem by generating new pairs of ssh keys. I used this command: ssh-keygen -t ecdsa. The problem occurs when I upgraded my Ubuntu to the news version. It looks like the OpenSSH library is in the new version.

[SrPeterr]

Having the same problem here, I tried everything, I just actions not working, on console I can connect and make a pull without problems... no sense

[arielvinas]

I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines

PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa

to my /etc/ssh/sshd_config after restarting the ssh server all worked as needed.

@integral-llc I love you

[iShift]

This one works much better https://github.com/marketplace/actions/remote-ssh-commands

[RofieSagara]

I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines

PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa

to my /etc/ssh/sshd_config after restarting the ssh server all worked as needed.

@integral-llc this works with EC2

[GabrielKrysa]

i love you

[joao-gabriel-gois]

I had the same symptom than @rgrunbla :

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms

And found some hints here and there. The solution for me was to add ssh-rsa to the configuration with:

> echo "PubkeyAcceptedKeyTypes=+ssh-rsa" >> /etc/ssh/sshd_config
> rc-service sshd restart

The second post gets you to the following page that says that ssh-rsa has been removed because it uses the SHA-1 signature that is not secure anymore.

The solution is probably to update somehow the ssh client in the action.

@antoinemartin Even people repeating your answer after it, I was checking the whole issue, and it was the first one I saw that actually worked. Thank you very much.

[webrgp]

Everyone still having issues, you can solve it by bypassing appleboy/ssh-action altogether. Instead of using:

- name: executing remote ssh commands using ssh key
  uses: appleboy/ssh-action@master
  with:
    host: ${{ secrets.HOST }}
    username: ${{ secrets.USERNAME }}
    key: ${{ secrets.KEY }}
    port: ${{ secrets.PORT }}
    script: whoami

You can:

- name: Load private SSH key
  uses: webfactory/ssh-agent@v0.5.3
  with:
    ssh-private-key: ${{ secrets. secrets.KEY }}

- name: Atomic Deploy
  run: |
    ssh ${{ secrets.USERNAME }}@${{ secrets.HOST }} << EOF
      whoami
    EOF

And any default environment variable created can be accessed.

# at the top
env:
  FOO: Bar

...

- name: Load private SSH key
  uses: webfactory/ssh-agent@v0.5.3
  with:
    ssh-private-key: ${{ secrets. secrets.KEY }}

- name: Atomic Deploy
  run: |
    ssh ${{ secrets.USERNAME }}@${{ secrets.HOST }} << EOF
      echo "Result: $FOO"
    EOF

I hope it helps!

[vchitepu]

I got this same error but finally got it working. I'm using a DigitalOcean Ubuntu 20.04 droplet.

I ran into both errors mention in this issue.

The first is this error:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

If you are seeing [none] in attempted methods, then its not attempting any authentication methods. This seems to come up for two reasons (atleast that I could find) but it's a simple fix:

1. Make sure you supply the key, host, and username values in your yml files. Otherwise it wont attempt to authenticate with publickey (see the "Using private key" code block in the README)
2. Make sure the private key is copied correctly. i.e make sure to include the whole file including the -----BEGIN OPENSSH PRIVATE KEY----- at the start and -----END OPENSSH PRIVATE KEY----- at the end

The second is this error:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Here you can see [none publickey] in attempted methods so there is some mismatch with your ssh handshake.

Might be worth remaking your secrets.SSH_HOST and secrets,SSH_USER (I initially put the wrong ip addr in to my secrets.SSH_HOST and got this same error)

If that doesn't work, make sure you copied in the correct keys. IMPORTANT: You have to make sure you specify the email associated with your github account. Github looks for this email in your server's authorized keys to authenticate. I ran into this issue as well and had to run the below on my server to fix:

# mkdir tmp
# cd tmp
# ssh-keygen -t rsa -C 'myemail@email.com' 
Generating public/private rsa key pair.
Enter file in which to save the key (~/.ssh/id_rsa): github_keys <--- name it whatever but don't leave blank
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in github_keys
Your public key has been saved in github_keys.pub
The key fingerprint is:
 ...

# cat github._keys.pub >> ~/.ssh/authorized_keys

After this, open the github_keys file (or whatever you named it) in a text editor and copy the contents to your secrets.SSH_KEY Also don't open and copy the files contents from a terminal window, I've noticed it gets formatted weird.

Looking at these logs made it easier to debug (different based on the linux distro used)

grep sshd /var/log/auth.log
grep sshd /var/log/messages
grep sshd /var/log/secure

Hope this helps!

Also I think it was mentioned before but this is another good alternative: https://github.com/marketplace/actions/remote-ssh-commands

EDIT: If you have a password for your user and have PasswordAuth enabled in /etc/ssh/ssh_config/ you can try adding the password key in your .yml file and passing the password for your user. But this is less secure

[eneszv]

Had the same error with AWS EC2 error message: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain but forgot to define username in the .yml file. Now it works fine.

name: scp files
on: [push]
jobs:

  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
    - name: copy file via ssh password
      uses: appleboy/scp-action@master
      with:
        host: ${{ secrets.HOST }}
        username: ec2-user
        key: ${{ secrets.SSH_KEY }}
        source: "README.md"
        target: "test"

HOST is Public IPv4 DNS, for example, ec2-11-111-111-11.compute-1.amazonaws.com and SSH_KEY is all content from .pem file, for example:

-----BEGIN RSA PRIVATE KEY-----
...
...
...
-----END RSA PRIVATE KEY-----

[noellimx]

I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines

PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa

to my /etc/ssh/sshd_config after restarting the ssh server all worked as needed.

It works! any reason why extra configuration is needed as opposed to ssh in from local environment?

[saninstein]

Same happens with ubuntu-22.04 host, same worflow with connection to 18.04 works perfect. Also in both cases actions appleboy/scp-action@master works.

My workflow:

    - name: Copy files via SCP
      uses: appleboy/scp-action@master
      env:
        KEY: ${{ secrets.SSH_KEY }}
        HOST: ${{ secrets.SSH_HOST }}
        USERNAME: ${{ secrets.SSH_USER }}
      with:
        source: "*"
        target: "/home/ubuntu/app"

    - name: Up app
      uses: appleboy/ssh-action@v0.1.4
      env:
        KEY: ${{ secrets.SSH_KEY }}
        HOST: ${{ secrets.SSH_HOST }}
        USERNAME: ${{ secrets.SSH_USER }}
      with:
        script: |
          ./home/ubuntu/app/start.sh

PS

Solution from @noellimx works for me too. Thank you

[noellimx]

@saninstein credit goes to @integral-llc :)

[mzarallo]

I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines

PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa

to my /etc/ssh/sshd_config after restarting the ssh server all worked as needed.

This work for me.

[fatihaziz]

3. chmod 700 ~/.ssh/authorized_keys

This is help me too! env:

• AWS EC2 Centos 7

[uchennaemeruche]

After debugged for hours, successfully resolved mine. Found out I missed following steps. Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain Server

• Digital Ocean
• Ubuntu 20.04
• Apache2

Solution

1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
2. Add it into authorised keys nano ~/.ssh/authorized_keys
3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

This worked for me on a new VPS. Thanks @hamochigames

This worked for me. It's worth adding that I used the master branch.

[woozxn]

I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines

PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa

to my /etc/ssh/sshd_config after restarting the ssh server all worked as needed.

thank you it works

[joegatt]

I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines

PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa

to my /etc/ssh/sshd_config after restarting the ssh server all worked as needed.

thank you it works

Yes, can confirm these two lines are required. I updated my server to Ubuntu 22.04 and it stopped working. Added these two lines, and it started working again.

[THammami01]

Make sure that your GitHub secrets are valid and set correctly, and that root user login is enabled on your server.

[shashwot]

This got me working. The best way to configure this would be to generate the keys in the remote machine where you want to ssh into and copy the content of the public key to the authorized_keys.

HOSTNAME=`hostname` ssh-keygen -t rsa -b 4096 -C "$HOSTNAME" -f "$HOME/.ssh/id_rsa" -P ""
cat id_rsa.pub > authorized_keys
chmod 600 authorized_keys

Then you can get the content of the private key and use it in the keys of appleboy/ssh-action

[chornthorn]

Simple way just:

ssh-keygen -t ed25519 -a 200 -C "your@email.com"

-- enter name of ssh-key for example: thorn

cat thorn.pub >> ~/.ssh/authorized_keys

finally copy a ssh private key:

cat thorn

-- Copy value between ` -----BEGIN OPENSSH PRIVATE KEY----- some value of ssh-key -----END OPENSSH PRIVATE KEY-----

`