scp-action: error message: ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1], server offered: [diffie-hellman-group-exchange-sha256]

I’m getting this error

error message: ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1], server offered: [diffie-hellman-group-exchange-sha256]

complete log

Run appleboy/scp-action@master
/usr/bin/docker run --name e87b527fba6baf54c84d1986dd256d118c9a77_72534a --label e87b52 --workdir /github/workspace --rm -e INPUT_HOST -e INPUT_USERNAME -e INPUT_PASSWORD -e INPUT_PORT -e INPUT_SOURCE -e INPUT_TARGET -e INPUT_TIMEOUT -e INPUT_COMMAND_TIMEOUT -e INPUT_KEY -e INPUT_KEY_PATH -e INPUT_PASSPHRASE -e INPUT_RM -e INPUT_STRIP_COMPONENTS -e INPUT_OVERWRITE -e INPUT_TAR_TMP_PATH -e INPUT_PROXY_HOST -e INPUT_PROXY_PORT -e INPUT_PROXY_USERNAME -e INPUT_PROXY_PASSWORD -e INPUT_PROXY_PASSPHRASE -e INPUT_PROXY_TIMEOUT -e INPUT_PROXY_KEY -e INPUT_PROXY_KEY_PATH -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/b-hero/b-hero":"/github/workspace" e87b52:7fba6baf54c84d1986dd256d118c9a77
tar all files into /tmp/743109829/wrZAXlscBR.tar
scp file to server.
2020/03/22 17:47:08 error copy file to dest: ***, error message: ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1], server offered: [diffie-hellman-group-exchange-sha256]
drone-scp error:  error copy file to dest: ***, error message: ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1], server offered: [diffie-hellman-group-exchange-sha256]

About this issue

Original URL
State: closed
Created 4 years ago
Comments: 26 (10 by maintainers)

Commits related to this issue

chore: add use insecure cipher flag fix server offered: [diffie-hellman-group-exchange-sha256] error See https://github.com/appleboy/scp-action/issues/15 — committed to appleboy/scp-action by appleboy 4 years ago

Most upvoted comments

@appleboy I copy/pasted the above but kept my source, target, and changed SSH2 to SSHKEY since that’s my secret’s name. I received the below error. Please let me know if there’s anything I need to do on the server side or change within the action.

clairmont32 on May 25, 2020

@clairmont32 Please try the https://github.com/appleboy/scp-action/releases/tag/v0.1.0 version and update config as following:

    - name: use insecure cipher
      uses: appleboy/scp-action@v0.1.0
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.SSH2 }}
        passphrase: ${{ secrets.PASSPHRASE }}
        port: ${{ secrets.PORT }}
        source: "tests/a.txt,tests/b.txt"
        target: "test"
        use_insecure_cipher: true

You must make sure the use_insecure_cipher set as true.

appleboy on May 24, 2020

@clairmont32 Please update your client ssh config:

open /etc/ssh/ssh_config
update KexAlgorithms setting and add diffie-hellman-group-exchange-sha256

appleboy on May 23, 2020

Problem has been fixed

use_insecure_cipher: true

webbyus on Mar 30, 2023

@appleboy i used your suggested config, but i’m still receiving the following error:

error copy file to dest: ***, error message: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

my config:

      - id: create-secret-files
        name: Create secret files
        run: |
          mkdir -p $SSL_SOURCE

          echo $DOPPLER_PROJECT >> .env.doppler
          echo $DOPPLER_TOKEN >> .env.doppler
          echo $SSL_CERTIFICATE >> $SSL_SOURCE/fullchain.pem
          echo $SSL_CERTIFICATE_KEY >> $SSL_SOURCE/privkey.pem
          echo $SSL_TRUSTED_CERTIFICATE >> $SSL_SOURCE/chain.pem
        env:
          DOPPLER_PROJECT: ${{ secrets.DOPPLER_PROJECT }}
          DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN_VM }}
          SSL_CERTIFICATE: ${{ secrets.SSL_CERTIFICATE }}
          SSL_CERTIFICATE_KEY: ${{ secrets.SSL_CERTIFICATE_KEY }}
          SSL_SOURCE: nginx/ssl/letsencrypt/${{ secrets.HOSTNAME }}
          SSL_TRUSTED_CERTIFICATE: ${{ secrets.SSL_TRUSTED_CERTIFICATE }}
      - id: ssh-root-files
        name: Upload root project files to VM
        uses: appleboy/scp-action@v0.1.2
        with:
          debug: true
          host: ${{ secrets.SSH_HOST }}
          key: ${{ secrets.SSH_KEY }}
          rm: true
          source: .env.doppler,docker-cloud.yml,docker-compose.yml
          target: /opt/sneusers/
          use_insecure_cipher: true
          username: ${{ secrets.SSH_USERNAME }}
      - id: ssh-nginx-config
        name: Upload Nginx configuration to VM
        uses: appleboy/scp-action@v0.1.2
        with:
          debug: true
          host: ${{ secrets.SSH_HOST }}
          key: ${{ secrets.SSH_KEY }}
          rm: true
          source: nginx/
          strip_components: 1
          target: /opt/sneusers/nginx/
          use_insecure_cipher: true
          username: ${{ secrets.SSH_USERNAME }}

unicornware on Jan 26, 2022

@clairmont32 I updated the docs.

appleboy on May 4, 2020