SSH Key Passphrase about ssh-action HOT 19 CLOSED

I suspect a lot of people running into this private key auth issue might have forgotten to add the public key to the authorized_keys file of the user they are trying to connect with, since it's counter-intuitive for a user on a server to connect to that same server.

So, to summarize:

• Make sure you're logged in with the ${{ secrets.USERNAME }} user
• Generate a key pair ssh-keygen -t rsa -b 4096 -C "[email protected]"
• cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
• Add the contents of ~/.ssh/id_rsa as ${{ secrets.KEY }} to github

from ssh-action.

@dansteren See the following example:

  - name: ssh key passphrase
    uses: appleboy/ssh-action@master
    with:
      host: ${{ secrets.HOST }}
      username: ${{ secrets.USERNAME }}
      key: ${{ secrets.KEY }}
      port: ${{ secrets.PORT }}
+     passphrase: ${{ secrets.PASSPHRASE }}
      script: |
        whoami
        ls -al

Try the https://github.com/appleboy/ssh-action/releases/tag/v0.0.7 version

from ssh-action.

@dansteren I will take it for adding passphrase feature.

from ssh-action.

The issue is, is that it’s unable to decrypt SSH keys that have been generated with a paraphrase.

from ssh-action.

When creating an ssh key it is possible to add a passphrase to make the key more secure. See the following screenshot:

If you just hit enter it doesn't add a passphrase, which I'm guessing is what @appleboy has done. However, if you do enter a passphrase, there isn't a way to supply that to this ssh-action. I would expect to be able to do something like this in my action:

jobs:
  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    steps:
      - name: SSH and do stuff
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USERNAME }}
          key: ${{ secrets.KEY }}
          passphrase: ${{ secrets.PASSPHRASE }}
          script: |

However, this action doesn't have a passphrase input. I think what we're all hoping for is that this input gets added.

@appleboy I'm happy to help on this, I just don't understand how your action works well enough. If there is anything I can do just let me know.

from ssh-action.

Please post your YAML config.

from ssh-action.

@appleboy

Error: ssh.ParsePrivateKey: ssh: cannot decode encrypted private keys

I attempted to also provide password and I received and error that I cannot pass both. I removed some of the config.

    - name: 'Deploy'
      uses: appleboy/ssh-action@master
      with:
        host: host
        username: username
        port: 22
        key: ${{ secrets.KEY }}
        script_stop: true
        script: |

from ssh-action.

what is your private key format? you can refer the format in ~/.ssh/id_rsa

from ssh-action.

@appleboy

-----BEGIN OPENSSH PRIVATE KEY-----
XXXX
-----END OPENSSH PRIVATE KEY-----

from ssh-action.

Same issue for me. My private key is the same format of @BillChirico

The workflow config:

jobs:
  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    steps:
    - uses: appleboy/ssh-action@master
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.PRIVATE_KEY }}
        script: |

The log of the task:

 /usr/bin/docker run --name [redacted] --label [redacted] --workdir /github/workspace --rm -e INPUT_HOST -e INPUT_USERNAME -e INPUT_KEY -e INPUT_SCRIPT -e INPUT_PORT -e INPUT_PASSWORD -e INPUT_TIMEOUT -e INPUT_COMMAND_TIMEOUT -e INPUT_KEY_PATH -e INPUT_PROXY_HOST -e INPUT_PROXY_PORT -e INPUT_PROXY_USERNAME -e INPUT_PROXY_PASSWORD -e INPUT_PROXY_TIMEOUT -e INPUT_PROXY_KEY -e INPUT_PROXY_KEY_PATH -e INPUT_SCRIPT_STOP -e INPUT_ENVS -e INPUT_DEBUG -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/[redacted]":"/github/workspace" [redacted]
======CMD======
[redacted]
======END======
2019/12/14 21:11:35 ssh.ParsePrivateKey: ssh: cannot decode encrypted private keys
2019/12/14 21:11:36 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
##[error]Docker run failed with exit code 1

I tried multiple keys btw, one generated from macOS and one from Windows.

from ssh-action.

Please provide the detail steps about how to generate the private key and put the key to your remote server.

from ssh-action.

The problem is definitely not the remote, since it's not even connecting to the remote. It's the ssh-agent of the Docker image that returns that error.

The key is generated like that:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

The key is working perfectly to connect to the remote when I use it on my local machine.

from ssh-action.

I got it working, generating a key like this:

ssh-keygen -t rsa -b 2048 -m PEM

But this lower the security of the remote allowing a 2048 bits key... There's probably a configuration issue with the ssh-agent of the Docker image, or the agent is not up-to-date to accept 4096 bits keys.

from ssh-action.

@ThibaultVlacich

ssh-keygen -t rsa -b 4096 -C "[email protected]"

I try to generate the new key as above but it is still working for me.

from ssh-action.

Hello,
I am trying to use ssh-action to connect to my EC2 instance, since i took the sshKey from the AWS console, i followed the steps but i always have tis error with both key and key_path parameters:

can someone help me out ?

from ssh-action.

@MouaadAitSaid Please create a new issue not post here.

from ssh-action.

@ben-joostens I will update the documentation in READEME. Thanks.

from ssh-action.

I just can't get this to work. My yml

name: CI
on: [push]
jobs:
   deploy:
    if: github.ref == 'refs/heads/master'
    runs-on: [ubuntu-latest]
    steps:
      - uses: actions/checkout@v1
      - name: Push to server
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.SERVER_IP }}
          port: ${{ secrets.PORT }}
          username: ${{ secrets.SERVER_USERNAME }}
          password: ${{ secrets.SERVER_PASSWORD }}
          passphrase: ${{ secrets.SSHKEYPASSWORD }}
          script: cd ${{ secrets.PROJECT_PATH }} && git pull

I have secrets added in the repository. I can manually login to my server and do git pull. Then I enter password and it works like it should. However github actions say:

err: [email protected]: Permission denied (publickey).
2020/06/24 13:21:57 Process exited with status 1
err: fatal: Could not read from remote repository.

So what am I doing wrong here? I expected that passphrase would input the password. Or is there something else wrong? I also did this: cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Update: I removed my ssh key passphrase and then it works! But I really would like to secure my key with password. Looks like the passphrase is not working for some reason?

from ssh-action.

I suspect a lot of people running into this private key auth issue might have forgotten to add the public key to the authorized_keys file of the user they are trying to connect with, since it's counter-intuitive for a user on a server to connect to that same server.

So, to summarize:

• Make sure you're logged in with the ${{ secrets.USERNAME }} user
• Generate a key pair ssh-keygen -t rsa -b 4096 -C "[email protected]"
• cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
• Add the contents of ~/.ssh/id_rsa as ${{ secrets.KEY }} to github

yes that what happen to me but now it's Work :)

from ssh-action.