ssh: handshake failed on every attempt

[Cabalist]

Hey there,

I'm stuck and wasn't able to find a solution in reading previous issues. I keep getting the following error:
2020/08/29 01:19:13 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Here is my YAML:

name: Deploy branch to staging

on:
  push:
    branches: [ develop ]


jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: executing remote ssh commands
        uses: appleboy/ssh-action@master
        with:
          script_stop: true
          host: ${{ secrets.NEWDEV_HOST }}
          username: ${{ secrets.NEWDEV_USERNAME }}
          key: ${{ secrets.NEWDEV_SSH_KEY }}
          port: ${{ secrets.NEWDEV_SSH_PORT }}
          script: whoami

My ssh key is a pem file:

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

The correct values are in .ssh/authorized_keys on the remote server. I am able to ssh from multiple other machines using this key. There is no passcode.

I'm stumped! This is on EC2 if that makes a difference.

[appleboy]

https://github.com/appleboy/ssh-action#setting-up-ssh-key

[Cabalist]

I just followed those steps exactly (adding another key).

I get the same error on the Github action page. I'm able to log in fine using SSH from the terminal using that newly created key.

I must be missing something else. I don't believe it is Firewall related as SSH does respond and gives the handshake failed response. The key works from the ssh on the terminal when I use ssh -i github_deploy_id_rsa [email protected]

Just checking the basics here:

host is the dns name of the server (for example newdevsite.example.com)
username is the ssh username (my username does have a hyphen in it ec2-user)
key is the text of the private keyfile. No encoding just copied and pasted.
port is 22 (I tried leaving this off since it is the default but that made no difference)

I'm not sure what else could be going wrong. Hmmm

[mcameloa]

I got the same error

My action file

name: deploy

on:
  push:
    branches: [ master ]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Connect and run Scripts
        uses: appleboy/[email protected]
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          HOST: ${{ secrets.HOST }}
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USERNAME }}
          key: ${{ secrets.PRIVATE_KEY }}
          port: ${{ secrets.PORT }}
          script: |
            whoami
            echo "$HOST"
            ls -a

[mcameloa]

I just resolve the issue my RSA PRIVATE KEY was incomplete
Try to run cat ~/.ssh/id_rsa

Thx.

[Cabalist]

@militem-code Thanks! However you got the ParsePrivateKey: ssh: invalid openssh private key format error which is helpful. Unfortunately I get none of that. I'm able to confirm my key is correct from the command line. There is something else going on

executing remote ssh commands1s
proxy_use_insecure_cipher: false
Run appleboy/ssh-action@master
/usr/bin/docker run --name e5ae592eecc69186d449d19429204e230021df_e58eb3 --label e5ae59 --workdir /github/workspace --rm -e INPUT_SCRIPT_STOP -e INPUT_HOST -e INPUT_USERNAME -e INPUT_KEY -e INPUT_PORT -e INPUT_SCRIPT -e INPUT_DEBUG -e INPUT_PASSPHRASE -e INPUT_PASSWORD -e INPUT_SYNC -e INPUT_USE_INSECURE_CIPHER -e INPUT_CIPHER -e INPUT_TIMEOUT -e INPUT_COMMAND_TIMEOUT -e INPUT_KEY_PATH -e INPUT_FINGERPRINT -e INPUT_PROXY_HOST -e INPUT_PROXY_PORT -e INPUT_PROXY_USERNAME -e INPUT_PROXY_PASSWORD -e INPUT_PROXY_PASSPHRASE -e INPUT_PROXY_TIMEOUT -e INPUT_PROXY_KEY -e INPUT_PROXY_KEY_PATH -e INPUT_PROXY_FINGERPRINT -e INPUT_PROXY_CIPHER -e INPUT_PROXY_USE_INSECURE_CIPHER -e INPUT_ENVS -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/xxx/xxx":"/github/workspace" e5ae59:2eecc69186d449d19429204e230021df
======CMD======
whoami
======END======
======ENV======
2020/09/11 19:43:51 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

======END======

[Siedlerchr]

I an confirm this error. All of a sudden it started to fail. Nothing has changed on the secrets

[Oliyy]

Yea. I'm stumped on this too, can't find what is wrong

[timahrentlov]

I'm also unable to get it to work. Getting 2020/09/20 20:24:23 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

[Cabalist]

@Siedlerchr @Oliyy @timahrentlov Where is the target ssh server hosted? I'm curious is this is specific to AWS.

[timahrentlov]

It's hosted on Digital Ocean.

[Siedlerchr]

@Cabalist our server is hosted at Hetzner

[joegatt]

@Cabalist This is failing for me too, exactly in this way, on a custom server.

[muhammad-abdul-raheem]

Failing for me as well:
2020/09/23 07:48:52 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

[kraj011]

Failing for me too. Running server on digital ocean. Was working fine a few days ago.

[cafesk8]

I can confirm the error

[angbongon]

Any news about the error? I've been having the same issue too.

[shealavington]

This is failing for me too, haven't had issues before today's attempted deployment.

[kraj011]

I was using this package for a custom CI pipeline on my digital ocean server, but due to this error I had to stop. If anyone else is using DO i recommend using their new app platform which comes with a built in CI pipeline!

[appleboy]

@kraj011 What new app platform do you use?

[appleboy]

I will create a new video to demo how to use the plugin with the DO server.

[kraj011]

@appleboy It came out very recently; here's a link to it: DO App Platform

[aguinaldotupy]

I've been having the same issue too, someone already solved?

[JoCat]

a similar error, I haven't found a solution yet
although the authorization key works on the server

UPD
re-entered all data in secret and it worked
the IP or username may have been entered incorrectly

[angbongon]

Well I was finally able to make it work. I don't remember well what I changed because it was so long ago, but here is my YAML file:

name: CD
on:
  push:
    branches: [main]
jobs:
  deploy:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - name: Repository checkout
        uses: actions/checkout@v2
      - name: Connects to VPS via SSH
        uses: appleboy/[email protected]
        with:
          host: ${{ secrets.SERVER_IP }}
          port: ${{ secrets.SERVER_PORT }}
          username: ${{ secrets.SERVER_USERNAME }}
          key: ${{ secrets.SERVER_KEY }}
          passphrase: ${{ secrets.SERVER_PASSPHRASE }}
          script: |
            cd ${{ secrets.PROJECT_PATH }}
            sudo git checkout main
            sudo git pull origin main
            python3 manage.py migrate
            sudo systemctl restart crm-backend

[pascalandy]

I got it! @v0.1.4 work at the moment
I guess something is broken in the master branch. So don't use @master.

      - 
        name: Run scripts on servers via SSH
        uses: appleboy/[email protected]
        with:
          host: "${{ secrets.NODE1 }},${{ secrets.NODE2 }},${{ secrets.NODE3 }}"
          #sync: true
          port: ${{ secrets.SSH_PORT }}
          username: ${{ secrets.SSH_USERNAME }}
          key: ${{ secrets.SSH_KEY_ACTIONS }}
          passphrase: ${{ secrets.SSH_KEY_ACTIONS_PASSPHRASE }}
          script: |
            echo && hostname
            cd ${{ secrets.DEPLOY_SETUP_PATH }}
            git rev-parse --short HEAD

[appleboy]

v0.1.4 vs master version:

v0.1.4...master

I think no difference between v0.1.4 and master.

[pascalandy]

LOL that's so weird :-p

[leadscloud]

i found reason. because ssh_key is incorrect.

cat ~/.ssh/id_rsa don't run at server. use cat ~/.ssh/known_hosts You need to use the matching pub key.

[bcherny]

In case it's helpful for anyone else, I dropped down to ssh as a quick hack to unblock myself (in addition to double-checking the authorized_keys on my DigitalOcean droplet):

- name: Deploy
   run: |
     TEMP=$(mktemp)
     echo "${{ secrets.SSH_PRIVATE_KEY }}" > $TEMP
     ssh -o 'StrictHostKeyChecking no' -i $TEMP [email protected] 'bash -s' < scripts/deploy.sh

[R8ghid]

@appleboy nope, after troubleshooting and making sure nothing from my side was causing the issue I tried changing back to v0.1.4 and that was it, build worked perfectly.

[appleboy]

@CorpoScum ok, thanks for your feedback.

[dokicro]

After debugged for hours, successfully resolved mine. Found out I missed following steps.
Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Server

• Digital Ocean
• Ubuntu 20.04
• Apache2

Solution

1. Copy your public SSH key
   cat ~/.ssh/id_rsa.pub
2. Add it into authorised keys
   nano ~/.ssh/authorized_keys
3. Update permission of the file
   chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

This worked for me on a new VPS. Thanks @hamochigames

This worked for me. It's worth adding that I used the master branch.

Worked for me as well :)

[AlexeyKurepin]

After the many threads I went through and endless redirection to other threads where it wasn't solved, I can say that switching from: uses: appleboy/ssh-action@master to: uses: appleboy/[email protected] has solved my problem.

Worked for me

[CodingWithTashi]

After debugged for hours, successfully resolved mine. Found out I missed following steps.
Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Server

• Digital Ocean
• Ubuntu 20.04
• Apache2

Solution

1. Copy your public SSH key
   cat ~/.ssh/id_rsa.pub
2. Add it into authorised keys
   nano ~/.ssh/authorized_keys
3. Update permission of the file
   chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

This worked for me on a new VPS. Thanks @hamochigames

This worked for me. It's worth adding that I used the master branch.

worked for me as well

[dandry]

I got the same error.
I was able to ssh into the server manually using the key but it would fail in GH Actions.
It turned out that I initially used actions@github email address when using ssh-keygen.
Then I tried [email protected] which did not work as well.

In the end, I used the email address I have my GitHub account associated with. And that one worked.

For debugging purposes, I suggest running a separate SSH session on different port on your server with the following command (source):

sudo /usr/sbin/sshd -d -p 2200

and then point GH Actions to that port. Remember that you most likely need to open this port in the firewall of your server distro.

[adampatterson]

I originally had the same error before reading the directions in the repo.

I was following an article that said to copy the servers private key which seemed odd to me.

After getting ssh: handshake failed on every attempt I found this issue.

On my local computer I ran ssh-keygen -t ed25519 -C "[email protected]" saving it as github_actions

I then ran cat github_actions and placed the contents in my GitHub Action Secret

Next I then ran cat github_actions.pub and and logged into my server running echo ssh-ed25519 superSecretkey [email protected] >> ~/.ssh/authorized_keys

Re-running the previously failed job was successful.

[ikapeykin]

Please note for whom this problem still exists, it may solve your problem:

Put the public key in .ssh/authorized_keys2
Change the permissions of .ssh to 700 (chmod 700)
Change the permissions of .ssh/authorized_keys2 to 640 (chmod 640)

[adampatterson]

@ikapeykin any reason why it wouldn't work in authorized_keys?

[ikapeykin]

@adampatterson it depends on the SSH version. I do not know the real reason, but just applied this fix after a thousand runs and it works :)

[appleboy]

I closed the issue. Please open a new issue if you facing another problem.

[adampatterson]

@ikapeykin I resolved my issue by adding in my case github.com to the /.ssh/config file and entering my private key there.

[verdotte]

Simple way just:

ssh-keygen -t ed25519 -a 200 -C "[email protected]"

-- enter name of ssh-key for example: thorn

cat thorn.pub >> ~/.ssh/authorized_keys

finally copy a ssh private key:

cat thorn

-- Copy value between ` -----BEGIN OPENSSH PRIVATE KEY----- some value of ssh-key -----END OPENSSH PRIVATE KEY-----

`

Worked for me 🙌🏽

[aarondeloach]

Simple way just:

ssh-keygen -t ed25519 -a 200 -C "[email protected]"

-- enter name of ssh-key for example: thorn

cat thorn.pub >> ~/.ssh/authorized_keys

finally copy a ssh private key:

cat thorn

-- Copy value between ` -----BEGIN OPENSSH PRIVATE KEY----- some value of ssh-key -----END OPENSSH PRIVATE KEY-----

`

Worked for me also!

[VANGAZOR]

After the many threads I went through and endless redirection to other threads where it wasn't solved, I can say that switching from: uses: appleboy/ssh-action@master to: uses: appleboy/[email protected] has solved my problem.

this is works!!!! thx!!!

[liuyangbo]

The cause of this problem may be an issue with directory permissions:
/home/username ---The user home directory can only be 700 or 755, not 775/777
/home/username/.ssh ---can only be 700 This directory can only be automatically generated.
/home/username/.ssh/authorized_keys ---can only be 600

[mortzkeblar]

This same problem happened to me, it turns out that I was filling the username field with a secret that had an incorrect name which I did not have defined in my secrets. But I didn't get the error that I wasn't entering a user or it was incorrect, as it does when trying to do the same with the key field.

[tomihbk]

I was so used to ssh agent auto connecting me to my server that I had forgotten I had created a passphrase for my SSH key.
I added passphrase: ${{ secrets.SSH_PASSPHRASE }} to my yml file and also defined the variable SSH_PASSPHRASE on GitHub secrets. After that, everything worked beautifully. I hope this helps.

[elitan]

https://github.com/fifsky/ssh-action worked for me.

[kvendingoldo]

fifsky/ssh-action works for me too

[byusupdzhanov]

29.02, I used fifsky/ssh-action@master and it works too

[retail-bazar]

Failing for me too. Running server on digital ocean. Was working fine a few days ago.

did you solve this ?

[jsteinberg-rbi]

switching to v0.1.4 fixed my problem. What I discovered was that on my target machine either the runner or the scp action was changing the permissions of my target directory, in this case /root, to be owned by the ubuntu github runner UUID which is by default 1001 and then changing the group to 127. This is not a guess, this is for certain. In other words I would correct the permissions on the target host and then run scp-action and afterwards I would be unable to ssh from my laptop to the target host because sshd would be choking on the ownership permissions that the action had caused. So then I would get on the target host by other means, revert these permissions and then ssh from my laptop to the target host would again be possible. Then I switched to scp-action v0.1.4 and voís la: everything "just worked".

Anyway...I don't know what the exact issue is, but there is for sure a discprepancy/bug either on the action side or the sshd side between v0.1.4 and v0.1.7/master.

@appleboy

you should be able to replicate this using ubuntu-latest as a runner image and debian as a deployment target. also this issue should be reopened.

[Itech-Problem-Solving]

Hello, @Cabalist , @appleboy.
Hello, everyone
I have read your solutions carefully but tried to follow all of your suggestions such as

• changed the master to v.0.1.14.
• give the permission to .ssh and authorizedkeys.
• copy pub file to authorizedkeys.
  But I still have [none publickey] error.
  Please help me.
  Thanks.

Here is my mail.yml file.

name: Laravel CI/CD

on:
push:
branches:
- main

jobs:
setup:
runs-on: ubuntu-latest

steps:
  - name: Checkout Repository
    uses: actions/checkout@v2

  - name: Set up PHP
    uses: shivammathur/setup-php@v2
    with:
      php-version: "8.1"

deploy:
runs-on: ubuntu-latest
needs: setup
steps:
- name: Checkout Repository
uses: actions/checkout@v2

  - name: Deploy to FTP
    uses: SamKirkland/[email protected]
    with:
      server: ${{ secrets.FTP_SERVER }}
      username: ${{ secrets.FTP_USERNAME }}
      password: ${{ secrets.FTP_PASSWORD }}
      local-dir: ./ # Change this to the path of your Laravel app
      server-dir: / # Change this to the remote directory on your FTP server

  - name: SSH into Server and Run Migration
    uses: appleboy/[email protected]
    with:
      host: ${{ secrets.SSH_HOST }}
      username: ${{ secrets.SSH_USERNAME}}
      key: ${{ secrets.SSH_PRIVATE_KEY }}
      port: ${{ secrets.SSH_PORT }}
      passphrase: ${{ secrets.SSH_PASSPHRASE }}
      script: |
        cd /home/lcgen/public_html/backend
        php artisan migrate --force
        php artisan config:cache
        php artisan cache:clear
        php artisan config:clear
        php artisan route:clear
        php artisan view:clear

I already confirmed the public key in the authorizedkeys. It is same with public key which authorized key in my cpanel.
I also have a SSH_PASSWORD variable in github secrets.
Should I add this one in the yml like "password: ${{ SSH_PASSWORD }}" even though I set the .ssh permission with 700?
And also what can be wrong in my current status?
I am not sure why this error has been occurred?

[appleboy]

@jsteinberg-rbi @Roman-Dev00 The latest version is v1.0.3, Could you help to try it out?

[appleboy]

move to #323 for further discussion.