ssh-action: ssh: handshake failed on every attempt
Hey there,
I’m stuck and wasn’t able to find a solution in reading previous issues. I keep getting the following error:
2020/08/29 01:19:13 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Here is my YAML:
name: Deploy branch to staging
on:
push:
branches: [ develop ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: executing remote ssh commands
uses: appleboy/ssh-action@master
with:
script_stop: true
host: ${{ secrets.NEWDEV_HOST }}
username: ${{ secrets.NEWDEV_USERNAME }}
key: ${{ secrets.NEWDEV_SSH_KEY }}
port: ${{ secrets.NEWDEV_SSH_PORT }}
script: whoami
My ssh key is a pem file:
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
The correct values are in .ssh/authorized_keys
on the remote server. I am able to ssh from multiple other machines using this key. There is no passcode.
I’m stumped! This is on EC2 if that makes a difference.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 38
- Comments: 131 (12 by maintainers)
Commits related to this issue
- chore: update ssh key part part from https://github.com/appleboy/ssh-action/issues/80 — committed to appleboy/ssh-action by appleboy 3 years ago
I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines
to my
/etc/ssh/sshd_config
after restarting the ssh server all worked as needed.https://github.com/appleboy/ssh-action#setting-up-ssh-key
Failing for me as well:
2020/09/23 07:48:52 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
It’s hosted on Digital Ocean.
I an confirm this error. All of a sudden it started to fail. Nothing has changed on the secrets
After debugged for hours, successfully resolved mine. Found out I missed following steps.
Error
2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Server
Solution
cat ~/.ssh/id_rsa.pub
nano ~/.ssh/authorized_keys
chmod 700 ~/.ssh/authorized_keys
Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.
I had this problem. The server was refusing the authentication with this message :
ssh-rsa refers to a RSA key with a SHA1 signature, which is considered weak, and therefore refused by my server.
Switching to ed25519 will probably fix it in the most easiest manner for most.
I had the same symptom than @rgrunbla :
And found some hints here and there. The solution for me was to add
ssh-rsa
to the configuration with:The second post gets you to the following page that says that
ssh-rsa
has been removed because it uses the SHA-1 signature that is not secure anymore.The solution is probably to update somehow the ssh client in the action.
Adding what worked for me, FWIW, though it makes little sense to me…
As per the advice at http://www.linuxproblem.org/art_9.html, “Depending on your version of SSH you might also have to do the following changes: Put the public key in .ssh/authorized_keys2…”
As soon as I copied .ssh/id_rsa.pub to .ssh/authorized_keys2, it started working…
This got me working. The best way to configure this would be to generate the keys in the remote machine where you want to ssh into and copy the content of the public key to the authorized_keys.
Then you can get the content of the private key and use it in the keys of appleboy/ssh-action
I just resolve the issue my RSA PRIVATE KEY was incomplete Try to run
cat ~/.ssh/id_rsa
Thx.
Not able to resolve using this issue so move to https://github.com/marketplace/actions/remote-ssh-commands which work like charm
Simple way just:
ssh-keygen -t ed25519 -a 200 -C "your@email.com"
– enter name of ssh-key for example: thorn
cat thorn.pub >> ~/.ssh/authorized_keys
finally copy a ssh private key:
cat thorn
– Copy value between ` -----BEGIN OPENSSH PRIVATE KEY----- some value of ssh-key -----END OPENSSH PRIVATE KEY-----
`
I got this same error but finally got it working. I’m using a DigitalOcean Ubuntu 20.04 droplet.
I ran into both errors mention in this issue.
The first is this error:
If you are seeing [none] in attempted methods, then its not attempting any authentication methods. This seems to come up for two reasons (atleast that I could find) but it’s a simple fix:
publickey
(see the “Using private key” code block in the README)-----BEGIN OPENSSH PRIVATE KEY-----
at the start and-----END OPENSSH PRIVATE KEY-----
at the endThe second is this error:
Here you can see [none publickey] in attempted methods so there is some mismatch with your ssh handshake.
Might be worth remaking your secrets.SSH_HOST and secrets,SSH_USER (I initially put the wrong ip addr in to my secrets.SSH_HOST and got this same error)
If that doesn’t work, make sure you copied in the correct keys. IMPORTANT: You have to make sure you specify the email associated with your github account. Github looks for this email in your server’s authorized keys to authenticate. I ran into this issue as well and had to run the below on my server to fix:
After this, open the github_keys file (or whatever you named it) in a text editor and copy the contents to your secrets.SSH_KEY Also don’t open and copy the files contents from a terminal window, I’ve noticed it gets formatted weird.
Looking at these logs made it easier to debug (different based on the linux distro used)
Hope this helps!
Also I think it was mentioned before but this is another good alternative: https://github.com/marketplace/actions/remote-ssh-commands
EDIT: If you have a password for your user and have PasswordAuth enabled in
/etc/ssh/ssh_config/
you can try adding the password key in your .yml file and passing the password for your user. But this is less secureSolution: I found that I must put the attributes in this exact order!
This one works much better https://github.com/marketplace/actions/remote-ssh-commands
This worked for me
Had the exact same issue. Turns out when I copied ssh private key into the Github secrets, it was adding unnecessary whitespaces – even though the formatting looked fine!
Try copy and pasting to a plain text editor, and then paste it into the website.
It works! any reason why extra configuration is needed as opposed to ssh in from local environment?
This one might be the right answer. The key point is authorized_keys copying from id_rsa.pub.
I fixed it by creating a
rsa
key instead ofed25519
. The GitHub docs advice to use this encryption type:But that didn’t seem to work with
ssh-action
So using rsa fixed it:
@integral-llc this works with EC2
In my case, I found this in the ssh log on my server:
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
This led me to this ArchLinux forum, which implicates a change in the latest openssh version. https://bbs.archlinux.org/viewtopic.php?pid=1995438#p1995438 Following that comment’s advice, I regenerated keys using ed25519 instead of rsa, and this solved the problem for me.Mine also showed
I was able to find my issue by looking at ssh auth logs.
I checked my home directory permissions with
ls -l /home
After doing
chmod go-w /home/user
I was able to connect & my action worked again.
I solved this problem. Check if the private key has a newline character at the end
The mistake I got caught on was I put the private key from the server as SERVER_KEY in Github secrets.
What fixed this for me was to put the public key from my dev machine into authorized keys on the server, and then pass in the corresponding private key (from my dev machine) as SERVER_KEY in Github secrets.
According to the documentation, “The best practice is create the SSH Keys on local machine not remote machine.”
v0.1.4 vs master version:
https://github.com/appleboy/ssh-action/compare/v0.1.4...master
I think no difference between v0.1.4 and master.
This worked for me on a new VPS. Thanks @hamochigames
https://github.com/fifsky/ssh-action worked for me.
Worked for me also!
Please note for whom this problem still exists, it may solve your problem:
This worked for me. It’s worth adding that I used the master branch.
Had the same error with AWS EC2
error message: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
but forgot to defineusername
in the .yml file. Now it works fine.HOST is Public IPv4 DNS, for example,
ec2-11-111-111-11.compute-1.amazonaws.com
and SSH_KEY is all content from .pem file, for example:I fixed this problem by generating new pairs of ssh keys. I used this command:
ssh-keygen -t ecdsa
. The problem occurs when I upgraded my Ubuntu to the news version. It looks like the OpenSSH library is in the new version.I’d like to highlight the only 2 answers that actually help with debugging instead of wild-guessing:
https://github.com/appleboy/ssh-action/issues/80#issuecomment-757089408 https://github.com/appleboy/ssh-action/issues/80#issuecomment-943116137 (!)
Thanks guys, using
sudo tail -f /var/log/auth.log
I quickly have found that I actually did a mistake in username and even repeated it when re-entered creds trying to fix the issue.If you’re using nektos/act for local testing, then write secret key like so:
KEY="-----BEGIN OPENSSH PRIVATE KEY-----\nPRIVATE_TOKEN_HERE\n-----END OPENSSH PRIVATE KEY-----"
just remove the actual line breaks with\n
. Hope it will be useful for someone.My mistake was that I copied the text but it came with a strange format; each line was kind of cut
Solve it, use ssh-keygen -t rsa, without any additional keys open keys in editor, don’t copy from terminal
In case it’s helpful for anyone else, I dropped down to ssh as a quick hack to unblock myself (in addition to double-checking the authorized_keys on my DigitalOcean droplet):
I was using this package for a custom CI pipeline on my digital ocean server, but due to this error I had to stop. If anyone else is using DO i recommend using their new app platform which comes with a built in CI pipeline!
Yea. I’m stumped on this too, can’t find what is wrong
The cause of this problem may be an issue with directory permissions: /home/username —The user home directory can only be 700 or 755, not 775/777 /home/username/.ssh —can only be 700 This directory can only be automatically generated. /home/username/.ssh/authorized_keys —can only be 600
this is works!!! thx!!!
Worked for me 🙌🏽
After the many threads I went through and endless redirection to other threads where it wasn’t solved, I can say that switching from: uses: appleboy/ssh-action@master to: uses: appleboy/ssh-action@v0.1.4 has solved my problem.
I ran into this on an EC2 CentOS instance. Big thanks to everyone who suggested checking the ssh logs:
I had my username defined at the top of the file, as described in https://docs.github.com/en/actions/learn-github-actions/variables
Seems weird that
appleboy/scp-action@master
doesn’t play nice with that sort of declaration. Things are working fine now that I moved the username over to be a secret.FWIW an earlier step using
fifsky/ssh-action@master
worked fine with the above variable declaration.This works perfect 🥳🎉
Yes, can confirm these two lines are required. I updated my server to Ubuntu 22.04 and it stopped working. Added these two lines, and it started working again.
@saninstein credit goes to @integral-llc 😃
Same happens with ubuntu-22.04 host, same worflow with connection to 18.04 works perfect. Also in both cases actions
appleboy/scp-action@master
works.My workflow:
PS
Solution from @noellimx works for me too. Thank you
If you are using EC2 then generate an ssh key using:- ssh-keygen -t ed25519 -a 200 -C “[your_email@example.com]”
hello, it’s work for me too, but I added id_rsa.pub to ~/.ssh/authorized_keys
If I’m not wrong, it seems that the upstream issue is tracked here: https://github.com/golang/go/issues/49952. For the record, I observe the same behavior on the terraform
remote-exec
provider with the same solution.Wow I got it fixed as well, I had done it earlier but what I missed out was copying all the entire content as they are.
Hello, I had the same error, for me the problem was due to an error for the username. The only thing I can advise when this error appears is to start from 0 by being twice as attentive and not to miss any step and not to make any mistake, even minimal (for example I had put a capital letter in my username when it was not necessary and I blocked two hours on it)
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Perhaps this will be useful for those who use PyCharm. As suggested to me @matacoder, the problem may be due to hidden line wrapping.
I got it! @v0.1.4 work at the moment I guess something is broken in the master branch. So don’t use @master.
This is failing for me too, haven’t had issues before today’s attempted deployment.
Failing for me too. Running server on digital ocean. Was working fine a few days ago.
I’m also unable to get it to work. Getting 2020/09/20 20:24:23 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain