Closed Cabalist closed 1 year ago
@sridharei I updated the readme. See https://github.com/appleboy/ssh-action/commit/29007ce6fb5efec2eaa8fd3b1220343a6f1d913e
Adding what worked for me, FWIW, though it makes little sense to me..
As per the advice at http://www.linuxproblem.org/art_9.html, "Depending on your version of SSH you might also have to do the following changes: Put the public key in .ssh/authorized_keys2..."
As soon as I copied .ssh/id_rsa.pub to .ssh/authorized_keys2, it started working..
If I may ask, I'm new into this, why is it authorized_key2 and not authorized_keys which is already available. Thanks
I'm not really sure, can check out https://serverfault.com/questions/116177/whats-the-difference-between-authorized-keys-and-authorized-keys2Apparently introduced in SSH 2.0 and deprecated but seems necessary for this fix... Sridhar __ ---- On Thu, 23 Sep 2021 22:38:27 +0530 @.*** wrote ----
Adding what worked for me, FWIW, though it makes little sense to me.. As per the advice at http://www.linuxproblem.org/art_9.html, "Depending on your version of SSH you might also have to do the following changes: Put the public key in .ssh/authorized_keys2..." As soon as I copied .ssh/id_rsa.pub to .ssh/authorized_keys2, it started working..
If I may ask, I'm new into this, why is it authorized_key2 and not authorized_keys which is already available. Thanks
—You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub, or unsubscribe.Triage notifications on the go with GitHub Mobile for iOS or Android.
Disclaimer: The information contained in this e-mail is for the exclusive use of the intended recipient(s) and may be confidential, proprietary, and/or legally privileged. Inadvertent disclosure of this message does not constitute a waiver of any privilege. If you receive this message in error, please do not directly or indirectly use, print, copy, forward, or disclose any part of this message. Please also delete this e-mail and all copies and notify the sender. Thank you.
Mine also showed
======CMD====== whoami ======END====== 2021/10/14 07:26:31 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
I was able to find my issue by looking at ssh auth logs.
sudo tail -f /var/log/auth.log Authentication refused: bad ownership or modes for directory /home/user
I checked my home directory permissions with ls -l /home
drwxrwx--- 25 user user 4096 Oct 14 07:37 user
After doing chmod go-w /home/user
drwxr-x--- 25 user user 4096 Oct 14 07:37 user
I was able to connect & my action worked again.
======CMD====== whoami ======END====== out: ***
✅ Successfully executed commands to all host.
After debugged for hours, successfully resolved mine. Found out I missed following steps.
Error
2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Server
Solution
cat ~/.ssh/id_rsa.pub
nano ~/.ssh/authorized_keys
chmod 700 ~/.ssh/authorized_keys
Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.
After debugged for hours, successfully resolved mine. Found out I missed following steps.
Error
2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Server
- Digital Ocean
- Ubuntu 20.04
- Apache2
Solution
- Copy your public SSH key
cat ~/.ssh/id_rsa.pub
- Add it into authorised keys
nano ~/.ssh/authorized_keys
- Update permission of the file
chmod 700 ~/.ssh/authorized_keys
Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.
Wow I got it fixed as well, I had done it earlier but what I missed out was copying all the entire content as they are.
After debugged for hours, successfully resolved mine. Found out I missed following steps. Error
2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Server
- Digital Ocean
- Ubuntu 20.04
- Apache2
Solution
- Copy your public SSH key
cat ~/.ssh/id_rsa.pub
- Add it into authorised keys
nano ~/.ssh/authorized_keys
- Update permission of the file
chmod 700 ~/.ssh/authorized_keys
Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.
Wow I got it fixed as well, I had done it earlier but what I missed out was copying all the entire content as they are.
My mistake was that I copied the text but it came with a strange format; each line was kind of cut
I had this problem. The server was refusing the authentication with this message :
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms
ssh-rsa refers to a RSA key with a SHA1 signature, which is considered weak, and therefore refused by my server.
Switching to ed25519 will probably fix it in the most easiest manner for most.
After debugged for hours, successfully resolved mine. Found out I missed following steps.
Error
2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Server
- Digital Ocean
- Ubuntu 20.04
- Apache2
Solution
- Copy your public SSH key
cat ~/.ssh/id_rsa.pub
- Add it into authorised keys
nano ~/.ssh/authorized_keys
- Update permission of the file
chmod 700 ~/.ssh/authorized_keys
Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.
This one might be the right answer. The key point is authorized_keys copying from id_rsa.pub.
Hi,
I facing the same error
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
but I'm trying to ssh into windows-2016 EC2, is it still should work? any suggestions?
If you're using nektos/act for local testing, then write secret key like so:
KEY="-----BEGIN OPENSSH PRIVATE KEY-----\nPRIVATE_TOKEN_HERE\n-----END OPENSSH PRIVATE KEY-----"
just remove the actual line breaks with \n
.
Hope it will be useful for someone.
I'd like to highlight the only 2 answers that actually help with debugging instead of wild-guessing:
https://github.com/appleboy/ssh-action/issues/80#issuecomment-757089408 https://github.com/appleboy/ssh-action/issues/80#issuecomment-943116137 (!)
Thanks guys, using sudo tail -f /var/log/auth.log
I quickly have found that I actually did a mistake in username and even repeated it when re-entered creds trying to fix the issue.
I want to share my experience.
I was using rsync in my pipeline which is uploading static files to remote server, to path ~. This changes root (~) access rights and ssh starts not to work (ssh has strict rights policy). Be aware of that!
I had the same symptom than @rgrunbla :
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms
And found some hints here and there. The solution for me was to add ssh-rsa
to the configuration with:
> echo "PubkeyAcceptedKeyTypes=+ssh-rsa" >> /etc/ssh/sshd_config
> rc-service sshd restart
The second post gets you to the following page that says that ssh-rsa
has been removed because it uses the SHA-1 signature that is not secure anymore.
The solution is probably to update somehow the ssh client in the action.
If I'm not wrong, it seems that the upstream issue is tracked here: https://github.com/golang/go/issues/49952. For the record, I observe the same behavior on the terraform remote-exec
provider with the same solution.
they dont support scripts
Adding what worked for me, FWIW, though it makes little sense to me..
As per the advice at http://www.linuxproblem.org/art_9.html, "Depending on your version of SSH you might also have to do the following changes: Put the public key in .ssh/authorized_keys2..."
As soon as I copied .ssh/id_rsa.pub to .ssh/authorized_keys2, it started working..
hello, it's work for me too, but I added id_rsa.pub to ~/.ssh/authorized_keys
So, seeing this many ppl with errors - easiest way for anybody to debug it - watch ssh logs - tail -f /var/log/auth.log
PS you might need to add sudo
depending on type of your user
After debugged for hours, successfully resolved mine. Found out I missed following steps.
Error
2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Server
- Digital Ocean
- Ubuntu 20.04
- Apache2
Solution
- Copy your public SSH key
cat ~/.ssh/id_rsa.pub
- Add it into authorised keys
nano ~/.ssh/authorized_keys
- Update permission of the file
chmod 700 ~/.ssh/authorized_keys
Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.
This worked for me on a new VPS. Thanks @hamochigames
In my case, I found this in the ssh log on my server:
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
This led me to this ArchLinux forum, which implicates a change in the latest openssh version.
https://bbs.archlinux.org/viewtopic.php?pid=1995438#p1995438
Following that comment's advice, I regenerated keys using ed25519 instead of rsa, and this solved the problem for me.
In my case it's about trailing spaces in the end of variable in a drone-secrets. I removed spaces in the end and it works. ` - name: ssh commands image: appleboy/drone-ssh settings: host: from_secret: sshHost username: from_secret: sshUser passphrase: from_secret: sshPassword key: from_secret: sshKey port: from_secret: sshPort script:
In my case, I found this in the ssh log on my server:
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
This led me to this ArchLinux forum, which implicates a change in the latest openssh version. https://bbs.archlinux.org/viewtopic.php?pid=1995438#p1995438 Following that comment's advice, I regenerated keys using ed25519 instead of rsa, and this solved the problem for me.
I was having the same error on my ssh log. Generated my keys using ed25519 and it also worked for me. Thank you @rohnjeynolds command to watch logs from @avdept: sudo tail -f /var/log/auth.log command to generate key from appleboy: ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" Thank you!
Thanks, @rohnjeynolds
This solved my issue as well. Many thanks
I got the same error
My action file
name: deploy on: push: branches: [ master ] jobs: deploy: runs-on: ubuntu-latest steps: - name: Connect and run Scripts uses: appleboy/ssh-action@v0.1.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} HOST: ${{ secrets.HOST }} with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} key: ${{ secrets.PRIVATE_KEY }} port: ${{ secrets.PORT }} script: | whoami echo "$HOST" ls -a
If you are using EC2 then generate an ssh key using:- ssh-keygen -t ed25519 -a 200 -C "[your_email@example.com]"
I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa
to my /etc/ssh/sshd_config
after restarting the ssh server all worked as needed.
@integral-llc This solution works!!
Thanks @integral-llc for the solution. It works to me as well.
This article really helped https://medium.com/swlh/how-to-deploy-your-application-to-digital-ocean-using-github-actions-and-save-up-on-ci-cd-costs-74b7315facc2 I just added public key to github`SSH keys and private key to secrets.
I fixed this problem by generating new pairs of ssh keys. I used this command: ssh-keygen -t ecdsa
. The problem occurs when I upgraded my Ubuntu to the news version. It looks like the OpenSSH library is in the new version.
Having the same problem here, I tried everything, I just actions not working, on console I can connect and make a pull without problems... no sense
I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines
PubkeyAuthentication yes PubkeyAcceptedKeyTypes=+ssh-rsa
to my
/etc/ssh/sshd_config
after restarting the ssh server all worked as needed.
@integral-llc I love you
This one works much better https://github.com/marketplace/actions/remote-ssh-commands
I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines
PubkeyAuthentication yes PubkeyAcceptedKeyTypes=+ssh-rsa
to my
/etc/ssh/sshd_config
after restarting the ssh server all worked as needed.
@integral-llc this works with EC2
i love you
I had the same symptom than @rgrunbla :
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms
And found some hints here and there. The solution for me was to add
ssh-rsa
to the configuration with:> echo "PubkeyAcceptedKeyTypes=+ssh-rsa" >> /etc/ssh/sshd_config > rc-service sshd restart
The second post gets you to the following page that says that
ssh-rsa
has been removed because it uses the SHA-1 signature that is not secure anymore.The solution is probably to update somehow the ssh client in the action.
@antoinemartin Even people repeating your answer after it, I was checking the whole issue, and it was the first one I saw that actually worked. Thank you very much.
Everyone still having issues, you can solve it by bypassing appleboy/ssh-action
altogether. Instead of using:
- name: executing remote ssh commands using ssh key
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: whoami
You can:
- name: Load private SSH key
uses: webfactory/ssh-agent@v0.5.3
with:
ssh-private-key: ${{ secrets. secrets.KEY }}
- name: Atomic Deploy
run: |
ssh ${{ secrets.USERNAME }}@${{ secrets.HOST }} << EOF
whoami
EOF
And any default environment variable created can be accessed.
# at the top
env:
FOO: Bar
...
- name: Load private SSH key
uses: webfactory/ssh-agent@v0.5.3
with:
ssh-private-key: ${{ secrets. secrets.KEY }}
- name: Atomic Deploy
run: |
ssh ${{ secrets.USERNAME }}@${{ secrets.HOST }} << EOF
echo "Result: $FOO"
EOF
I hope it helps!
I got this same error but finally got it working. I'm using a DigitalOcean Ubuntu 20.04 droplet.
I ran into both errors mention in this issue.
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
If you are seeing [none] in attempted methods, then its not attempting any authentication methods. This seems to come up for two reasons (atleast that I could find) but it's a simple fix:
publickey
(see the "Using private key" code block in the README)-----BEGIN OPENSSH PRIVATE KEY-----
at the start and -----END OPENSSH PRIVATE KEY-----
at the endssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Here you can see [none publickey] in attempted methods so there is some mismatch with your ssh handshake.
Might be worth remaking your secrets.SSH_HOST and secrets,SSH_USER (I initially put the wrong ip addr in to my secrets.SSH_HOST and got this same error)
If that doesn't work, make sure you copied in the correct keys. IMPORTANT: You have to make sure you specify the email associated with your github account. Github looks for this email in your server's authorized keys to authenticate. I ran into this issue as well and had to run the below on my server to fix:
# mkdir tmp
# cd tmp
# ssh-keygen -t rsa -C 'myemail@email.com'
Generating public/private rsa key pair.
Enter file in which to save the key (~/.ssh/id_rsa): github_keys <--- name it whatever but don't leave blank
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in github_keys
Your public key has been saved in github_keys.pub
The key fingerprint is:
...
# cat github._keys.pub >> ~/.ssh/authorized_keys
After this, open the github_keys file (or whatever you named it) in a text editor and copy the contents to your secrets.SSH_KEY Also don't open and copy the files contents from a terminal window, I've noticed it gets formatted weird.
Looking at these logs made it easier to debug (different based on the linux distro used)
grep sshd /var/log/auth.log
grep sshd /var/log/messages
grep sshd /var/log/secure
Hope this helps!
Also I think it was mentioned before but this is another good alternative: https://github.com/marketplace/actions/remote-ssh-commands
EDIT: If you have a password for your user and have PasswordAuth enabled in /etc/ssh/ssh_config/
you can try adding the password key in your .yml file and passing the password for your user. But this is less secure
Had the same error with AWS EC2
error message: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
but forgot to define username
in the .yml file. Now it works fine.
name: scp files
on: [push]
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: copy file via ssh password
uses: appleboy/scp-action@master
with:
host: ${{ secrets.HOST }}
username: ec2-user
key: ${{ secrets.SSH_KEY }}
source: "README.md"
target: "test"
HOST is Public IPv4 DNS, for example, ec2-11-111-111-11.compute-1.amazonaws.com
and SSH_KEY is all content from .pem file, for example:
-----BEGIN RSA PRIVATE KEY-----
...
...
...
-----END RSA PRIVATE KEY-----
I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines
PubkeyAuthentication yes PubkeyAcceptedKeyTypes=+ssh-rsa
to my
/etc/ssh/sshd_config
after restarting the ssh server all worked as needed.
It works! any reason why extra configuration is needed as opposed to ssh in from local environment?
Same happens with ubuntu-22.04 host, same worflow with connection to 18.04 works perfect. Also in both cases actions appleboy/scp-action@master
works.
My workflow:
- name: Copy files via SCP
uses: appleboy/scp-action@master
env:
KEY: ${{ secrets.SSH_KEY }}
HOST: ${{ secrets.SSH_HOST }}
USERNAME: ${{ secrets.SSH_USER }}
with:
source: "*"
target: "/home/ubuntu/app"
- name: Up app
uses: appleboy/ssh-action@v0.1.4
env:
KEY: ${{ secrets.SSH_KEY }}
HOST: ${{ secrets.SSH_HOST }}
USERNAME: ${{ secrets.SSH_USER }}
with:
script: |
./home/ubuntu/app/start.sh
PS
Solution from @noellimx works for me too. Thank you
@saninstein credit goes to @integral-llc :)
I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines
PubkeyAuthentication yes PubkeyAcceptedKeyTypes=+ssh-rsa
to my
/etc/ssh/sshd_config
after restarting the ssh server all worked as needed.
This work for me.
3. chmod 700 ~/.ssh/authorized_keys
This is help me too! env:
After debugged for hours, successfully resolved mine. Found out I missed following steps. Error
2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Server
- Digital Ocean
- Ubuntu 20.04
- Apache2
Solution
- Copy your public SSH key
cat ~/.ssh/id_rsa.pub
- Add it into authorised keys
nano ~/.ssh/authorized_keys
- Update permission of the file
chmod 700 ~/.ssh/authorized_keys
Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.
This worked for me on a new VPS. Thanks @hamochigames
This worked for me. It's worth adding that I used the master branch.
I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines
PubkeyAuthentication yes PubkeyAcceptedKeyTypes=+ssh-rsa
to my
/etc/ssh/sshd_config
after restarting the ssh server all worked as needed.
thank you it works
I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines
PubkeyAuthentication yes PubkeyAcceptedKeyTypes=+ssh-rsa
to my
/etc/ssh/sshd_config
after restarting the ssh server all worked as needed.thank you it works
Yes, can confirm these two lines are required. I updated my server to Ubuntu 22.04 and it stopped working. Added these two lines, and it started working again.
Make sure that your GitHub secrets are valid and set correctly, and that root user login is enabled on your server.
This got me working. The best way to configure this would be to generate the keys in the remote machine where you want to ssh into and copy the content of the public key to the authorized_keys.
HOSTNAME=`hostname` ssh-keygen -t rsa -b 4096 -C "$HOSTNAME" -f "$HOME/.ssh/id_rsa" -P ""
cat id_rsa.pub > authorized_keys
chmod 600 authorized_keys
Then you can get the content of the private key and use it in the keys of appleboy/ssh-action
Simple way just:
ssh-keygen -t ed25519 -a 200 -C "your@email.com"
-- enter name of ssh-key for example: thorn
cat thorn.pub >> ~/.ssh/authorized_keys
finally copy a ssh private key:
cat thorn
-- Copy value between ` -----BEGIN OPENSSH PRIVATE KEY----- some value of ssh-key -----END OPENSSH PRIVATE KEY-----
`
Hey there,
I'm stuck and wasn't able to find a solution in reading previous issues. I keep getting the following error:
2020/08/29 01:19:13 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Here is my YAML:
My ssh key is a pem file:
The correct values are in
.ssh/authorized_keys
on the remote server. I am able to ssh from multiple other machines using this key. There is no passcode.I'm stumped! This is on EC2 if that makes a difference.