ssh-action: ssh: handshake failed on every attempt

Hey there,

I’m stuck and wasn’t able to find a solution in reading previous issues. I keep getting the following error: 2020/08/29 01:19:13 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Here is my YAML:

name: Deploy branch to staging

on:
  push:
    branches: [ develop ]


jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: executing remote ssh commands
        uses: appleboy/ssh-action@master
        with:
          script_stop: true
          host: ${{ secrets.NEWDEV_HOST }}
          username: ${{ secrets.NEWDEV_USERNAME }}
          key: ${{ secrets.NEWDEV_SSH_KEY }}
          port: ${{ secrets.NEWDEV_SSH_PORT }}
          script: whoami

My ssh key is a pem file:

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

The correct values are in .ssh/authorized_keys on the remote server. I am able to ssh from multiple other machines using this key. There is no passcode.

I’m stumped! This is on EC2 if that makes a difference.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 38
  • Comments: 131 (12 by maintainers)

Commits related to this issue

Most upvoted comments

I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines

PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa

to my /etc/ssh/sshd_config after restarting the ssh server all worked as needed.

Failing for me as well: 2020/09/23 07:48:52 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

It’s hosted on Digital Ocean.

I an confirm this error. All of a sudden it started to fail. Nothing has changed on the secrets

After debugged for hours, successfully resolved mine. Found out I missed following steps.

Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Server

  • Digital Ocean
  • Ubuntu 20.04
  • Apache2

Solution

  1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
  2. Add it into authorised keys nano ~/.ssh/authorized_keys
  3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

I had this problem. The server was refusing the authentication with this message :

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms

ssh-rsa refers to a RSA key with a SHA1 signature, which is considered weak, and therefore refused by my server.

Switching to ed25519 will probably fix it in the most easiest manner for most.

I had the same symptom than @rgrunbla :

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms

And found some hints here and there. The solution for me was to add ssh-rsa to the configuration with:

> echo "PubkeyAcceptedKeyTypes=+ssh-rsa" >> /etc/ssh/sshd_config
> rc-service sshd restart

The second post gets you to the following page that says that ssh-rsa has been removed because it uses the SHA-1 signature that is not secure anymore.

The solution is probably to update somehow the ssh client in the action.

Adding what worked for me, FWIW, though it makes little sense to me…

As per the advice at http://www.linuxproblem.org/art_9.html, “Depending on your version of SSH you might also have to do the following changes: Put the public key in .ssh/authorized_keys2…”

As soon as I copied .ssh/id_rsa.pub to .ssh/authorized_keys2, it started working…

This got me working. The best way to configure this would be to generate the keys in the remote machine where you want to ssh into and copy the content of the public key to the authorized_keys.

HOSTNAME=`hostname` ssh-keygen -t rsa -b 4096 -C "$HOSTNAME" -f "$HOME/.ssh/id_rsa" -P ""
cat id_rsa.pub > authorized_keys
chmod 600 authorized_keys

Then you can get the content of the private key and use it in the keys of appleboy/ssh-action

I just resolve the issue my RSA PRIVATE KEY was incomplete Try to run cat ~/.ssh/id_rsa

Thx.

Not able to resolve using this issue so move to https://github.com/marketplace/actions/remote-ssh-commands which work like charm

Simple way just:

ssh-keygen -t ed25519 -a 200 -C "your@email.com"

– enter name of ssh-key for example: thorn

cat thorn.pub >> ~/.ssh/authorized_keys

finally copy a ssh private key:

cat thorn

– Copy value between ` -----BEGIN OPENSSH PRIVATE KEY----- some value of ssh-key -----END OPENSSH PRIVATE KEY-----

`

I got this same error but finally got it working. I’m using a DigitalOcean Ubuntu 20.04 droplet.

I ran into both errors mention in this issue.

The first is this error:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

If you are seeing [none] in attempted methods, then its not attempting any authentication methods. This seems to come up for two reasons (atleast that I could find) but it’s a simple fix:

  1. Make sure you supply the key, host, and username values in your yml files. Otherwise it wont attempt to authenticate with publickey (see the “Using private key” code block in the README)
  2. Make sure the private key is copied correctly. i.e make sure to include the whole file including the -----BEGIN OPENSSH PRIVATE KEY----- at the start and -----END OPENSSH PRIVATE KEY----- at the end

The second is this error:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Here you can see [none publickey] in attempted methods so there is some mismatch with your ssh handshake.

Might be worth remaking your secrets.SSH_HOST and secrets,SSH_USER (I initially put the wrong ip addr in to my secrets.SSH_HOST and got this same error)

If that doesn’t work, make sure you copied in the correct keys. IMPORTANT: You have to make sure you specify the email associated with your github account. Github looks for this email in your server’s authorized keys to authenticate. I ran into this issue as well and had to run the below on my server to fix:

# mkdir tmp
# cd tmp
# ssh-keygen -t rsa -C 'myemail@email.com' 
Generating public/private rsa key pair.
Enter file in which to save the key (~/.ssh/id_rsa): github_keys <--- name it whatever but don't leave blank
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in github_keys
Your public key has been saved in github_keys.pub
The key fingerprint is:
 ...

# cat github._keys.pub >> ~/.ssh/authorized_keys

After this, open the github_keys file (or whatever you named it) in a text editor and copy the contents to your secrets.SSH_KEY Also don’t open and copy the files contents from a terminal window, I’ve noticed it gets formatted weird.

Looking at these logs made it easier to debug (different based on the linux distro used)

grep sshd /var/log/auth.log
grep sshd /var/log/messages
grep sshd /var/log/secure

Hope this helps!

Also I think it was mentioned before but this is another good alternative: https://github.com/marketplace/actions/remote-ssh-commands

EDIT: If you have a password for your user and have PasswordAuth enabled in /etc/ssh/ssh_config/ you can try adding the password key in your .yml file and passing the password for your user. But this is less secure

Solution: I found that I must put the attributes in this exact order!

host: "${{ secrets.NODE1 }},${{ secrets.NODE2 }},${{ secrets.NODE3 }}"
port: ${{ secrets.SSH_PORT }}
username: ${{ secrets.SSH_USERNAME }}
key: ${{ secrets.SSH_KEY_ACTIONS }}
passphrase: ${{ secrets.SSH_KEY_ACTIONS_PASSPHRASE }}

After debugged for hours, successfully resolved mine. Found out I missed following steps.

Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Server

  • Digital Ocean
  • Ubuntu 20.04
  • Apache2

Solution

  1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
  2. Add it into authorised keys nano ~/.ssh/authorized_keys
  3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

This worked for me

Had the exact same issue. Turns out when I copied ssh private key into the Github secrets, it was adding unnecessary whitespaces – even though the formatting looked fine!

Try copy and pasting to a plain text editor, and then paste it into the website.

I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines

PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa

to my /etc/ssh/sshd_config after restarting the ssh server all worked as needed.

It works! any reason why extra configuration is needed as opposed to ssh in from local environment?

After debugged for hours, successfully resolved mine. Found out I missed following steps.

Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Server

  • Digital Ocean
  • Ubuntu 20.04
  • Apache2

Solution

  1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
  2. Add it into authorised keys nano ~/.ssh/authorized_keys
  3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

This one might be the right answer. The key point is authorized_keys copying from id_rsa.pub.

I fixed it by creating a rsa key instead of ed25519. The GitHub docs advice to use this encryption type:

$ ssh-keygen -t ed25519 -C "your_email@example.com"

But that didn’t seem to work with ssh-action

So using rsa fixed it:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines

PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa

to my /etc/ssh/sshd_config after restarting the ssh server all worked as needed.

@integral-llc this works with EC2

In my case, I found this in the ssh log on my server: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] This led me to this ArchLinux forum, which implicates a change in the latest openssh version. https://bbs.archlinux.org/viewtopic.php?pid=1995438#p1995438 Following that comment’s advice, I regenerated keys using ed25519 instead of rsa, and this solved the problem for me.

Mine also showed

======CMD====== whoami ======END====== 2021/10/14 07:26:31 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

I was able to find my issue by looking at ssh auth logs.

sudo tail -f /var/log/auth.log Authentication refused: bad ownership or modes for directory /home/user

I checked my home directory permissions with ls -l /home

drwxrwx— 25 user user 4096 Oct 14 07:37 user

After doing chmod go-w /home/user

drwxr-x— 25 user user 4096 Oct 14 07:37 user

I was able to connect & my action worked again.

======CMD====== whoami ======END====== out: *** ============================================== ✅ Successfully executed commands to all host. ==============================================

I solved this problem. Check if the private key has a newline character at the end

The mistake I got caught on was I put the private key from the server as SERVER_KEY in Github secrets.

What fixed this for me was to put the public key from my dev machine into authorized keys on the server, and then pass in the corresponding private key (from my dev machine) as SERVER_KEY in Github secrets.

According to the documentation, “The best practice is create the SSH Keys on local machine not remote machine.”

v0.1.4 vs master version:

https://github.com/appleboy/ssh-action/compare/v0.1.4...master

I think no difference between v0.1.4 and master.

After debugged for hours, successfully resolved mine. Found out I missed following steps.

Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Server

  • Digital Ocean
  • Ubuntu 20.04
  • Apache2

Solution

  1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
  2. Add it into authorised keys nano ~/.ssh/authorized_keys
  3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

This worked for me on a new VPS. Thanks @hamochigames

Simple way just:

ssh-keygen -t ed25519 -a 200 -C "your@email.com"

– enter name of ssh-key for example: thorn

cat thorn.pub >> ~/.ssh/authorized_keys

finally copy a ssh private key:

cat thorn

– Copy value between ` -----BEGIN OPENSSH PRIVATE KEY----- some value of ssh-key -----END OPENSSH PRIVATE KEY-----

`

Worked for me also!

Please note for whom this problem still exists, it may solve your problem:

Put the public key in .ssh/authorized_keys2
Change the permissions of .ssh to 700 (chmod 700)
Change the permissions of .ssh/authorized_keys2 to 640 (chmod 640)

After debugged for hours, successfully resolved mine. Found out I missed following steps. Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain Server

  • Digital Ocean
  • Ubuntu 20.04
  • Apache2

Solution

  1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
  2. Add it into authorised keys nano ~/.ssh/authorized_keys
  3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

This worked for me on a new VPS. Thanks @hamochigames

This worked for me. It’s worth adding that I used the master branch.

Had the same error with AWS EC2 error message: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain but forgot to define username in the .yml file. Now it works fine.

name: scp files
on: [push]
jobs:

  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
    - name: copy file via ssh password
      uses: appleboy/scp-action@master
      with:
        host: ${{ secrets.HOST }}
        username: ec2-user
        key: ${{ secrets.SSH_KEY }}
        source: "README.md"
        target: "test"

HOST is Public IPv4 DNS, for example, ec2-11-111-111-11.compute-1.amazonaws.com and SSH_KEY is all content from .pem file, for example:

-----BEGIN RSA PRIVATE KEY-----
...
...
...
-----END RSA PRIVATE KEY-----

I fixed this problem by generating new pairs of ssh keys. I used this command: ssh-keygen -t ecdsa. The problem occurs when I upgraded my Ubuntu to the news version. It looks like the OpenSSH library is in the new version.

I’d like to highlight the only 2 answers that actually help with debugging instead of wild-guessing:

https://github.com/appleboy/ssh-action/issues/80#issuecomment-757089408 https://github.com/appleboy/ssh-action/issues/80#issuecomment-943116137 (!)

Thanks guys, using sudo tail -f /var/log/auth.log I quickly have found that I actually did a mistake in username and even repeated it when re-entered creds trying to fix the issue.

If you’re using nektos/act for local testing, then write secret key like so: KEY="-----BEGIN OPENSSH PRIVATE KEY-----\nPRIVATE_TOKEN_HERE\n-----END OPENSSH PRIVATE KEY-----" just remove the actual line breaks with \n. Hope it will be useful for someone.

After debugged for hours, successfully resolved mine. Found out I missed following steps. Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain Server

  • Digital Ocean
  • Ubuntu 20.04
  • Apache2

Solution

  1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
  2. Add it into authorised keys nano ~/.ssh/authorized_keys
  3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

Wow I got it fixed as well, I had done it earlier but what I missed out was copying all the entire content as they are.

My mistake was that I copied the text but it came with a strange format; each line was kind of cut

Solve it, use ssh-keygen -t rsa, without any additional keys open keys in editor, don’t copy from terminal

In case it’s helpful for anyone else, I dropped down to ssh as a quick hack to unblock myself (in addition to double-checking the authorized_keys on my DigitalOcean droplet):

- name: Deploy
   run: |
     TEMP=$(mktemp)
     echo "${{ secrets.SSH_PRIVATE_KEY }}" > $TEMP
     ssh -o 'StrictHostKeyChecking no' -i $TEMP myuser@mysite.com 'bash -s' < scripts/deploy.sh

I was using this package for a custom CI pipeline on my digital ocean server, but due to this error I had to stop. If anyone else is using DO i recommend using their new app platform which comes with a built in CI pipeline!

Yea. I’m stumped on this too, can’t find what is wrong

The cause of this problem may be an issue with directory permissions: /home/username —The user home directory can only be 700 or 755, not 775/777 /home/username/.ssh —can only be 700 This directory can only be automatically generated. /home/username/.ssh/authorized_keys —can only be 600

After the many threads I went through and endless redirection to other threads where it wasn’t solved, I can say that switching from: uses: appleboy/ssh-action@master to: uses: appleboy/ssh-action@v0.1.4 has solved my problem.

this is works!!! thx!!!

Simple way just:

ssh-keygen -t ed25519 -a 200 -C "your@email.com"

– enter name of ssh-key for example: thorn

cat thorn.pub >> ~/.ssh/authorized_keys

finally copy a ssh private key:

cat thorn

– Copy value between ` -----BEGIN OPENSSH PRIVATE KEY----- some value of ssh-key -----END OPENSSH PRIVATE KEY-----

`

Worked for me 🙌🏽

After the many threads I went through and endless redirection to other threads where it wasn’t solved, I can say that switching from: uses: appleboy/ssh-action@master to: uses: appleboy/ssh-action@v0.1.4 has solved my problem.

I ran into this on an EC2 CentOS instance. Big thanks to everyone who suggested checking the ssh logs:

Feb  4 04:53:26 ip-172-26-10-246 sshd[3196]: Invalid user $AWS_USERNAME from 13.83.3.161 port 5249
Feb  4 04:53:26 ip-172-26-10-246 sshd[3196]: input_userauth_request: invalid user $AWS_USERNAME [preauth]

I had my username defined at the top of the file, as described in https://docs.github.com/en/actions/learn-github-actions/variables

env:
  AWS_USERNAME: ec2-user

Seems weird that appleboy/scp-action@master doesn’t play nice with that sort of declaration. Things are working fine now that I moved the username over to be a secret.

FWIW an earlier step using fifsky/ssh-action@master worked fine with the above variable declaration.

Simple way just:

ssh-keygen -t ed25519 -a 200 -C "your@email.com"

– enter name of ssh-key for example: thorn

cat thorn.pub >> ~/.ssh/authorized_keys

finally copy a ssh private key:

cat thorn

– Copy value between ` -----BEGIN OPENSSH PRIVATE KEY----- some value of ssh-key -----END OPENSSH PRIVATE KEY-----

`

This works perfect 🥳🎉

I had the same problem with an EC2 instance. After checking ssh logs< I add to add these lines

PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa

to my /etc/ssh/sshd_config after restarting the ssh server all worked as needed.

thank you it works

Yes, can confirm these two lines are required. I updated my server to Ubuntu 22.04 and it stopped working. Added these two lines, and it started working again.

@saninstein credit goes to @integral-llc 😃

Same happens with ubuntu-22.04 host, same worflow with connection to 18.04 works perfect. Also in both cases actions appleboy/scp-action@master works.

My workflow:

    - name: Copy files via SCP
      uses: appleboy/scp-action@master
      env:
        KEY: ${{ secrets.SSH_KEY }}
        HOST: ${{ secrets.SSH_HOST }}
        USERNAME: ${{ secrets.SSH_USER }}
      with:
        source: "*"
        target: "/home/ubuntu/app"

    - name: Up app
      uses: appleboy/ssh-action@v0.1.4
      env:
        KEY: ${{ secrets.SSH_KEY }}
        HOST: ${{ secrets.SSH_HOST }}
        USERNAME: ${{ secrets.SSH_USER }}
      with:
        script: |
          ./home/ubuntu/app/start.sh
          

PS

Solution from @noellimx works for me too. Thank you

I got the same error

image

My action file

name: deploy

on:
  push:
    branches: [ master ]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Connect and run Scripts
        uses: appleboy/ssh-action@v0.1.3
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          HOST: ${{ secrets.HOST }}
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USERNAME }}
          key: ${{ secrets.PRIVATE_KEY }}
          port: ${{ secrets.PORT }}
          script: |
            whoami
            echo "$HOST"
            ls -a

If you are using EC2 then generate an ssh key using:- ssh-keygen -t ed25519 -a 200 -C “[your_email@example.com]”

Adding what worked for me, FWIW, though it makes little sense to me…

As per the advice at http://www.linuxproblem.org/art_9.html, “Depending on your version of SSH you might also have to do the following changes: Put the public key in .ssh/authorized_keys2…”

As soon as I copied .ssh/id_rsa.pub to .ssh/authorized_keys2, it started working…

hello, it’s work for me too, but I added id_rsa.pub to ~/.ssh/authorized_keys

If I’m not wrong, it seems that the upstream issue is tracked here: https://github.com/golang/go/issues/49952. For the record, I observe the same behavior on the terraform remote-exec provider with the same solution.

After debugged for hours, successfully resolved mine. Found out I missed following steps.

Error 2021/10/28 12:15:21 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Server

  • Digital Ocean
  • Ubuntu 20.04
  • Apache2

Solution

  1. Copy your public SSH key cat ~/.ssh/id_rsa.pub
  2. Add it into authorised keys nano ~/.ssh/authorized_keys
  3. Update permission of the file chmod 700 ~/.ssh/authorized_keys

Note Although the steps I took is slightly different, it is mentioned in the https://github.com/appleboy/ssh-action README.md. Hope this helps out.

Wow I got it fixed as well, I had done it earlier but what I missed out was copying all the entire content as they are.

Hello, I had the same error, for me the problem was due to an error for the username. The only thing I can advise when this error appears is to start from 0 by being twice as attentive and not to miss any step and not to make any mistake, even minimal (for example I had put a capital letter in my username when it was not necessary and I blocked two hours on it)

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Perhaps this will be useful for those who use PyCharm. As suggested to me @matacoder, the problem may be due to hidden line wrapping.

I got it! @v0.1.4 work at the moment I guess something is broken in the master branch. So don’t use @master.

      - 
        name: Run scripts on servers via SSH
        uses: appleboy/ssh-action@v0.1.4
        with:
          host: "${{ secrets.NODE1 }},${{ secrets.NODE2 }},${{ secrets.NODE3 }}"
          #sync: true
          port: ${{ secrets.SSH_PORT }}
          username: ${{ secrets.SSH_USERNAME }}
          key: ${{ secrets.SSH_KEY_ACTIONS }}
          passphrase: ${{ secrets.SSH_KEY_ACTIONS_PASSPHRASE }}
          script: |
            echo && hostname
            cd ${{ secrets.DEPLOY_SETUP_PATH }}
            git rev-parse --short HEAD

This is failing for me too, haven’t had issues before today’s attempted deployment.

Failing for me too. Running server on digital ocean. Was working fine a few days ago.

I’m also unable to get it to work. Getting 2020/09/20 20:24:23 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain