Comments (19)
I suspect a lot of people running into this private key auth issue might have forgotten to add the public key to the authorized_keys
file of the user they are trying to connect with, since it's counter-intuitive for a user on a server to connect to that same server.
So, to summarize:
- Make sure you're logged in with the
${{ secrets.USERNAME }}
user - Generate a key pair
ssh-keygen -t rsa -b 4096 -C "[email protected]"
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
- Add the contents of
~/.ssh/id_rsa
as${{ secrets.KEY }}
to github
from ssh-action.
@dansteren See the following example:
- name: ssh key passphrase
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ passphrase: ${{ secrets.PASSPHRASE }}
script: |
whoami
ls -al
Try the https://github.com/appleboy/ssh-action/releases/tag/v0.0.7 version
from ssh-action.
@dansteren I will take it for adding passphrase
feature.
from ssh-action.
The issue is, is that itβs unable to decrypt SSH keys that have been generated with a paraphrase.
from ssh-action.
When creating an ssh key it is possible to add a passphrase to make the key more secure. See the following screenshot:
If you just hit enter it doesn't add a passphrase, which I'm guessing is what @appleboy has done. However, if you do enter a passphrase, there isn't a way to supply that to this ssh-action. I would expect to be able to do something like this in my action:
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
steps:
- name: SSH and do stuff
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
script: |
However, this action doesn't have a passphrase
input. I think what we're all hoping for is that this input gets added.
@appleboy I'm happy to help on this, I just don't understand how your action works well enough. If there is anything I can do just let me know.
from ssh-action.
Please post your YAML config.
from ssh-action.
Error: ssh.ParsePrivateKey: ssh: cannot decode encrypted private keys
I attempted to also provide password and I received and error that I cannot pass both. I removed some of the config.
- name: 'Deploy'
uses: appleboy/ssh-action@master
with:
host: host
username: username
port: 22
key: ${{ secrets.KEY }}
script_stop: true
script: |
from ssh-action.
what is your private key format? you can refer the format in ~/.ssh/id_rsa
from ssh-action.
-----BEGIN OPENSSH PRIVATE KEY-----
XXXX
-----END OPENSSH PRIVATE KEY-----
from ssh-action.
Same issue for me. My private key is the same format of @BillChirico
The workflow config:
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
steps:
- uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.PRIVATE_KEY }}
script: |
The log of the task:
/usr/bin/docker run --name [redacted] --label [redacted] --workdir /github/workspace --rm -e INPUT_HOST -e INPUT_USERNAME -e INPUT_KEY -e INPUT_SCRIPT -e INPUT_PORT -e INPUT_PASSWORD -e INPUT_TIMEOUT -e INPUT_COMMAND_TIMEOUT -e INPUT_KEY_PATH -e INPUT_PROXY_HOST -e INPUT_PROXY_PORT -e INPUT_PROXY_USERNAME -e INPUT_PROXY_PASSWORD -e INPUT_PROXY_TIMEOUT -e INPUT_PROXY_KEY -e INPUT_PROXY_KEY_PATH -e INPUT_SCRIPT_STOP -e INPUT_ENVS -e INPUT_DEBUG -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/[redacted]":"/github/workspace" [redacted]
======CMD======
[redacted]
======END======
2019/12/14 21:11:35 ssh.ParsePrivateKey: ssh: cannot decode encrypted private keys
2019/12/14 21:11:36 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
##[error]Docker run failed with exit code 1
I tried multiple keys btw, one generated from macOS and one from Windows.
from ssh-action.
Please provide the detail steps about how to generate the private key and put the key to your remote server.
from ssh-action.
The problem is definitely not the remote, since it's not even connecting to the remote. It's the ssh-agent of the Docker image that returns that error.
The key is generated like that:
ssh-keygen -t rsa -b 4096 -C "[email protected]"
The key is working perfectly to connect to the remote when I use it on my local machine.
from ssh-action.
I got it working, generating a key like this:
ssh-keygen -t rsa -b 2048 -m PEM
But this lower the security of the remote allowing a 2048 bits key... There's probably a configuration issue with the ssh-agent of the Docker image, or the agent is not up-to-date to accept 4096 bits keys.
from ssh-action.
ssh-keygen -t rsa -b 4096 -C "[email protected]"
I try to generate the new key as above but it is still working for me.
from ssh-action.
Hello,
I am trying to use ssh-action to connect to my EC2 instance, since i took the sshKey from the AWS console, i followed the steps but i always have tis error with both key and key_path parameters:
can someone help me out ?
from ssh-action.
@MouaadAitSaid Please create a new issue not post here.
from ssh-action.
@ben-joostens I will update the documentation in READEME. Thanks.
from ssh-action.
I just can't get this to work. My yml
name: CI
on: [push]
jobs:
deploy:
if: github.ref == 'refs/heads/master'
runs-on: [ubuntu-latest]
steps:
- uses: actions/checkout@v1
- name: Push to server
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.SERVER_IP }}
port: ${{ secrets.PORT }}
username: ${{ secrets.SERVER_USERNAME }}
password: ${{ secrets.SERVER_PASSWORD }}
passphrase: ${{ secrets.SSHKEYPASSWORD }}
script: cd ${{ secrets.PROJECT_PATH }} && git pull
I have secrets added in the repository. I can manually login to my server and do git pull. Then I enter password and it works like it should. However github actions say:
err: [email protected]: Permission denied (publickey).
2020/06/24 13:21:57 Process exited with status 1
err: fatal: Could not read from remote repository.
So what am I doing wrong here? I expected that passphrase would input the password. Or is there something else wrong? I also did this: cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Update: I removed my ssh key passphrase and then it works! But I really would like to secure my key with password. Looks like the passphrase is not working for some reason?
from ssh-action.
I suspect a lot of people running into this private key auth issue might have forgotten to add the public key to the
authorized_keys
file of the user they are trying to connect with, since it's counter-intuitive for a user on a server to connect to that same server.So, to summarize:
- Make sure you're logged in with the
${{ secrets.USERNAME }}
user- Generate a key pair
ssh-keygen -t rsa -b 4096 -C "[email protected]"
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
- Add the contents of
~/.ssh/id_rsa
as${{ secrets.KEY }}
to github
yes that what happen to me but now it's Work :)
from ssh-action.
Related Issues (20)
- ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain HOT 4
- Image not building HOT 2
- Error: missing server host HOT 6
- Command not recognised HOT 4
- Deployment completed but nothing happens on my vps HOT 3
- (Multiple hosts) how to find out on which host the command is being executed. HOT 1
- Error in preparation before connecting to ssh HOT 11
- Connection refused HOT 8
- Downloading action fails HOT 5
- i/o timeout HOT 13
- feature request: pass common options via variables/secrets by default
- SSH connection failing with "ssh: handshake failed: read tcp 172.17.0.2:54510->***:22: read: connection reset by peer" HOT 1
- getKeyFile error: open key.pem: permission denied HOT 3
- Feature request: Support TOTP SSH 2FA authentication
- ssh: handshake failed: EOF HOT 2
- Error: missing server host when called from `workflow_call` HOT 6
- Unable to run bash script with master branch version HOT 14
- can't connect without a private SSH key or password HOT 2
- Running without stop HOT 1
- Action is blocked after the script commands are executed HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ssh-action.