ssh: handshake failed on every attempt

[Cabalist]

Hey there,

I'm stuck and wasn't able to find a solution in reading previous issues. I keep getting the following error: 2020/08/29 01:19:13 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Here is my YAML:

name: Deploy branch to staging

on:
  push:
    branches: [ develop ]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: executing remote ssh commands
        uses: appleboy/ssh-action@master
        with:
          script_stop: true
          host: ${{ secrets.NEWDEV_HOST }}
          username: ${{ secrets.NEWDEV_USERNAME }}
          key: ${{ secrets.NEWDEV_SSH_KEY }}
          port: ${{ secrets.NEWDEV_SSH_PORT }}
          script: whoami

My ssh key is a pem file:

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

The correct values are in .ssh/authorized_keys on the remote server. I am able to ssh from multiple other machines using this key. There is no passcode.

I'm stumped! This is on EC2 if that makes a difference.

[imsyuan]

Here is my steps create a SSH key in cPanel.

1. SSH Access > Manage SSH Keys > Generate a New Key

2. Key Name: id_rsa_your_name
   Key Type: RSA
   Key Size: 4096

3. View/Download your id_rsa_your_name
4. Grab your PRIVATE KEY put it in your github action secrets

[miguelforero19]

I fixed this problem by generating new pairs of ssh keys. I used this command: ssh-keygen -t ecdsa. The problem occurs when I upgraded my Ubuntu to the news version. It looks like the OpenSSH library is in the new version.

It Works !!

[julianramireze]

Simple way just:

ssh-keygen -t ed25519 -a 200 -C "your@email.com"

-- enter name of ssh-key for example: thorn

cat thorn.pub >> ~/.ssh/authorized_keys

finally copy a ssh private key:

cat thorn

-- Copy value between ` -----BEGIN OPENSSH PRIVATE KEY----- some value of ssh-key -----END OPENSSH PRIVATE KEY-----

`

This works perfect 🥳🎉

[Layoric]

Simple way just:

ssh-keygen -t ed25519 -a 200 -C "your@email.com"

-- enter name of ssh-key for example: thorn

cat thorn.pub >> ~/.ssh/authorized_keys

finally copy a ssh private key:

cat thorn

-- Copy value between ` -----BEGIN OPENSSH PRIVATE KEY----- some value of ssh-key -----END OPENSSH PRIVATE KEY-----

Good steps, I'll add that make sure your GitHub Action step is using appleboy/ssh-action@v0.1.5+.

[charles-uno]

I ran into this on an EC2 CentOS instance. Big thanks to everyone who suggested checking the ssh logs:

Feb  4 04:53:26 ip-172-26-10-246 sshd[3196]: Invalid user $AWS_USERNAME from 13.83.3.161 port 5249
Feb  4 04:53:26 ip-172-26-10-246 sshd[3196]: input_userauth_request: invalid user $AWS_USERNAME [preauth]

I had my username defined at the top of the file, as described in https://docs.github.com/en/actions/learn-github-actions/variables

env:
  AWS_USERNAME: ec2-user

Seems weird that appleboy/scp-action@master doesn't play nice with that sort of declaration. Things are working fine now that I moved the username over to be a secret.

FWIW an earlier step using fifsky/ssh-action@master worked fine with the above variable declaration.

[R8ghid]

After the many threads I went through and endless redirection to other threads where it wasn't solved, I can say that switching from: uses: appleboy/ssh-action@master to: uses: appleboy/ssh-action@v0.1.4 has solved my problem.

[kshkrao3]

After debugged for hours, successfully resolved mine. Found out I missed following steps.

Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Server

• Digital Ocean
• Ubuntu 20.04
• Apache2

Solution

1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
2. Add it into authorised keys nano ~/.ssh/authorized_keys
3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

This worked for me

[appleboy]

@CorpoScum The latest version of ssh-action doesn't work with you?

[R8ghid]

@appleboy nope, after troubleshooting and making sure nothing from my side was causing the issue I tried changing back to v0.1.4 and that was it, build worked perfectly.

[appleboy]

@CorpoScum ok, thanks for your feedback.

[dokicro]

After debugged for hours, successfully resolved mine. Found out I missed following steps. Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain Server

• Digital Ocean
• Ubuntu 20.04
• Apache2

Solution

1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
2. Add it into authorised keys nano ~/.ssh/authorized_keys
3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

This worked for me on a new VPS. Thanks @hamochigames

This worked for me. It's worth adding that I used the master branch.

Worked for me as well :)

[AlexeyKurepin]

After the many threads I went through and endless redirection to other threads where it wasn't solved, I can say that switching from: uses: appleboy/ssh-action@master to: uses: appleboy/ssh-action@v0.1.4 has solved my problem.

Worked for me

[CodingWithTashi]

After debugged for hours, successfully resolved mine. Found out I missed following steps. Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain Server

• Digital Ocean
• Ubuntu 20.04
• Apache2

Solution

1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
2. Add it into authorised keys nano ~/.ssh/authorized_keys
3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

This worked for me on a new VPS. Thanks @hamochigames

This worked for me. It's worth adding that I used the master branch.

worked for me as well

[dandry]

I got the same error. I was able to ssh into the server manually using the key but it would fail in GH Actions. It turned out that I initially used actions@github email address when using ssh-keygen. Then I tried username@github.com which did not work as well.

In the end, I used the email address I have my GitHub account associated with. And that one worked.

For debugging purposes, I suggest running a separate SSH session on different port on your server with the following command (source):

sudo /usr/sbin/sshd -d -p 2200

and then point GH Actions to that port. Remember that you most likely need to open this port in the firewall of your server distro.

[adampatterson]

I originally had the same error before reading the directions in the repo.

I was following an article that said to copy the servers private key which seemed odd to me.

After getting ssh: handshake failed on every attempt I found this issue.

On my local computer I ran ssh-keygen -t ed25519 -C "email@domain.com" saving it as github_actions

I then ran cat github_actions and placed the contents in my GitHub Action Secret

Next I then ran cat github_actions.pub and and logged into my server running echo ssh-ed25519 superSecretkey email@domain.com >> ~/.ssh/authorized_keys

Re-running the previously failed job was successful.

[ikapeykin]

Please note for whom this problem still exists, it may solve your problem:

Put the public key in .ssh/authorized_keys2
Change the permissions of .ssh to 700 (chmod 700)
Change the permissions of .ssh/authorized_keys2 to 640 (chmod 640)

[adampatterson]

@ikapeykin any reason why it wouldn't work in authorized_keys?

[ikapeykin]

@adampatterson it depends on the SSH version. I do not know the real reason, but just applied this fix after a thousand runs and it works :)

[appleboy]

I closed the issue. Please open a new issue if you facing another problem.

[adampatterson]

@ikapeykin I resolved my issue by adding in my case github.com to the /.ssh/config file and entering my private key there.

[verdotte]

Simple way just:

ssh-keygen -t ed25519 -a 200 -C "your@email.com"

-- enter name of ssh-key for example: thorn

cat thorn.pub >> ~/.ssh/authorized_keys

finally copy a ssh private key:

cat thorn

-- Copy value between ` -----BEGIN OPENSSH PRIVATE KEY----- some value of ssh-key -----END OPENSSH PRIVATE KEY-----

`

Worked for me 🙌🏽

[aarondeloach]

Simple way just:

ssh-keygen -t ed25519 -a 200 -C "your@email.com"

-- enter name of ssh-key for example: thorn

cat thorn.pub >> ~/.ssh/authorized_keys

finally copy a ssh private key:

cat thorn

-- Copy value between ` -----BEGIN OPENSSH PRIVATE KEY----- some value of ssh-key -----END OPENSSH PRIVATE KEY-----

`

Worked for me also!

[VANGAZOR]

After the many threads I went through and endless redirection to other threads where it wasn't solved, I can say that switching from: uses: appleboy/ssh-action@master to: uses: appleboy/ssh-action@v0.1.4 has solved my problem.

this is works!!!! thx!!!

[liuyangbo]

The cause of this problem may be an issue with directory permissions: /home/username ---The user home directory can only be 700 or 755, not 775/777 /home/username/.ssh ---can only be 700 This directory can only be automatically generated. /home/username/.ssh/authorized_keys ---can only be 600

[mortzkeblar]

This same problem happened to me, it turns out that I was filling the username field with a secret that had an incorrect name which I did not have defined in my secrets. But I didn't get the error that I wasn't entering a user or it was incorrect, as it does when trying to do the same with the key field.

[tomihbk]

I was so used to ssh agent auto connecting me to my server that I had forgotten I had created a passphrase for my SSH key. I added passphrase: ${{ secrets.SSH_PASSPHRASE }} to my yml file and also defined the variable SSH_PASSPHRASE on GitHub secrets. After that, everything worked beautifully. I hope this helps.

[elitan]

https://github.com/fifsky/ssh-action worked for me.

[kvendingoldo]

fifsky/ssh-action works for me too

[byusupdzhanov]

29.02, I used fifsky/ssh-action@master and it works too

[retail-bazar]

Failing for me too. Running server on digital ocean. Was working fine a few days ago.

did you solve this ?

[jsteinberg-rbi]

switching to v0.1.4 fixed my problem. What I discovered was that on my target machine either the runner or the scp action was changing the permissions of my target directory, in this case /root, to be owned by the ubuntu github runner UUID which is by default 1001 and then changing the group to 127. This is not a guess, this is for certain. In other words I would correct the permissions on the target host and then run scp-action and afterwards I would be unable to ssh from my laptop to the target host because sshd would be choking on the ownership permissions that the action had caused. So then I would get on the target host by other means, revert these permissions and then ssh from my laptop to the target host would again be possible. Then I switched to scp-action v0.1.4 and voís la: everything "just worked".

Anyway...I don't know what the exact issue is, but there is for sure a discprepancy/bug either on the action side or the sshd side between v0.1.4 and v0.1.7/master.

@appleboy

you should be able to replicate this using ubuntu-latest as a runner image and debian as a deployment target. also this issue should be reopened.

[Roman-Dev00]

Hello, @Cabalist , @appleboy. Hello, everyone I have read your solutions carefully but tried to follow all of your suggestions such as

• changed the master to v.0.1.14.
• give the permission to .ssh and authorizedkeys.
• copy pub file to authorizedkeys. But I still have [none publickey] error. Please help me. Thanks.

Here is my mail.yml file.

name: Laravel CI/CD

on: push: branches:

• main

jobs: setup: runs-on: ubuntu-latest

steps:
  - name: Checkout Repository
    uses: actions/checkout@v2

  - name: Set up PHP
    uses: shivammathur/setup-php@v2
    with:
      php-version: "8.1"

deploy: runs-on: ubuntu-latest needs: setup steps:

• name: Checkout Repository uses: actions/checkout@v2

• name: Deploy to FTP uses: SamKirkland/FTP-Deploy-Action@v4.3.4 with: server: ${{ secrets.FTP_SERVER }} username: ${{ secrets.FTP_USERNAME }} password: ${{ secrets.FTP_PASSWORD }} local-dir: ./ # Change this to the path of your Laravel app server-dir: / # Change this to the remote directory on your FTP server

• name: SSH into Server and Run Migration uses: appleboy/ssh-action@v0.1.4 with: host: ${{ secrets.SSH_HOST }} username: ${{ secrets.SSH_USERNAME}} key: ${{ secrets.SSH_PRIVATE_KEY }} port: ${{ secrets.SSH_PORT }} passphrase: ${{ secrets.SSH_PASSPHRASE }} script: | cd /home/lcgen/public_html/backend php artisan migrate --force php artisan config:cache php artisan cache:clear php artisan config:clear php artisan route:clear php artisan view:clear

  I already confirmed the public key in the authorizedkeys. It is same with public key which authorized key in my cpanel. I also have a SSH_PASSWORD variable in github secrets. Should I add this one in the yml like "password: ${{ SSH_PASSWORD }}" even though I set the .ssh permission with 700? And also what can be wrong in my current status? I am not sure why this error has been occurred?

[Roman-Dev00]

Hello, @Cabalist , @appleboy. Hello, everyone I have read your solutions carefully but tried to follow all of your suggestions such as

• changed the master to v.0.1.14.
• give the permission to .ssh and authorizedkeys.
• copy pub file to authorizedkeys. But I still have [none publickey] error. Please help me. Thanks.

Here is my mail.yml file.

name: Laravel CI/CD

on: push: branches: - main

jobs: setup: runs-on: ubuntu-latest

steps:
  - name: Checkout Repository
    uses: actions/checkout@v2

  - name: Set up PHP
    uses: shivammathur/setup-php@v2
    with:
      php-version: "8.1"

deploy: runs-on: ubuntu-latest needs: setup steps: - name: Checkout Repository uses: actions/checkout@v2

  - name: Deploy to FTP
    uses: SamKirkland/FTP-Deploy-Action@v4.3.4
    with:
      server: ${{ secrets.FTP_SERVER }}
      username: ${{ secrets.FTP_USERNAME }}
      password: ${{ secrets.FTP_PASSWORD }}
      local-dir: ./ # Change this to the path of your Laravel app
      server-dir: / # Change this to the remote directory on your FTP server

  - name: SSH into Server and Run Migration
    uses: appleboy/ssh-action@v0.1.4
    with:
      host: ${{ secrets.SSH_HOST }}
      username: ${{ secrets.SSH_USERNAME}}
      key: ${{ secrets.SSH_PRIVATE_KEY }}
      port: ${{ secrets.SSH_PORT }}
      passphrase: ${{ secrets.SSH_PASSPHRASE }}
      script: |
        cd /home/lcgen/public_html/backend
        php artisan migrate --force
        php artisan config:cache
        php artisan cache:clear
        php artisan config:clear
        php artisan route:clear
        php artisan view:clear

I already confirmed the public key in the authorizedkeys. It is same with public key which authorized key in my cpanel. I also have a SSH_PASSWORD variable in github secrets. Should I add this one in the yml like "password: ${{ SSH_PASSWORD }}" even though I set the .ssh permission with 700? And also what can be wrong in my current status? I am not sure why this error has been occurred?

[appleboy]

@jsteinberg-rbi @Roman-Dev00 The latest version is v1.0.3, Could you help to try it out?

[appleboy]

move to https://github.com/appleboy/ssh-action/issues/323 for further discussion.