ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

[sahgilbert]

I have an Asp.Net Core (.Net 8.0) app, straight out of the box from Visual Studio for Mac.

I'm using a MacBook Pro (Silicon chip).

I have generated an SSH RSA key pair on my local mac machine.

I have created an Azure Virtual Machine running Linux.

When I created the Virtual Machine in the Azure Portal, I uploaded my public key which was generated by my previous step.

I have added the 3 required secrets to the source code repository on GitHub, based on the secrets variables in the deploy.yml file, as per the below screenshot:

I'm getting the following error when trying to deploy Asp.Net Core to an Azure Virtual Machine using GitHub Actions & appleboy/ssh-action:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

I have created a deploy.yml file for the deployment via GitHub Actions, with the following contents

`name: Deploy to Azure VM

on: push: branches: - main

jobs: deploy: runs-on: ubuntu-latest

  steps:
    - name: Checkout Repository
      uses: actions/checkout@v2

    - name: Setup .NET Core
      uses: actions/setup-dotnet@v1
      with:
        dotnet-version: '8.x'

    - name: Build and Publish
      run: dotnet publish -c Release -o publish

    - name: Deploy to Azure VM
      uses: appleboy/ssh-action@master
      with:
        host: ${{ secrets.AZURE_VM_HOST }} # Azure VM IP address or hostname
        username: ${{ secrets.AZURE_VM_USERNAME }}
        key: ${{ secrets.AZURE_VM_SSH_PRIVATE_KEY }}
        script: |
          whoami
          cd /home/runner/work/
          git pull origin main
          sudo systemctl restart nameofmyvirtualmachineinmicrosoftazuregoeshere

` How do I debug this error? Are there some debug settings that I can add to my deploy.yml file?

Thanks

[Sven65]

Also experiencing this issue. I've set the debug input to true, yet it appears that no debug information is output.

[LucasRoquilly]

I have exact same problem. I followed every instruction in documentation but still same error : ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

However it works using this Github Action : https://github.com/marketplace/actions/copy-via-ssh

[sahgilbert]

I have exact same problem. I followed every instruction in documentation but still same error : ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

However it works using this Github Action : https://github.com/marketplace/actions/copy-via-ssh

Do you have a full working example of a workflow.yml file, for this implementation, that you could share? That would be greatly appreciated, thank you.

[real-F-00]

i'm getting the same thing here, after days of going crazy i couldn't figure out what i did wrong, and apparently i'm not the only one facing this issue, i should mention that i'm running a hardened SSH server on Debian 12 using the configuration provided by ssh-audit.com simply trying to follow this guide i found on Youtube and using a separate user as opposed to the root user.

[appleboy]

@real-F-00 Have you solved the problem?

[LucasRoquilly]

I fixed my problem and ssh-action is now working. I feel stupid, I was using SSH_USERNAME in my yml file but the secret was called SSH_USER in GitHub Secrets 😑

Here is my working yml file for anyone it might help :

name: Deploy to VPS

on:
  push:
    branches:
      - main  # Adjust this to your main branch name
  workflow_dispatch: 
  
jobs:
  deploy:
    runs-on: ubuntu-latest
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v2

    - name: Copy files to VPS
      uses: appleboy/scp-action@master
      with:
        host: ${{ secrets.SSH_HOST }}
        username: ${{ secrets.SSH_USER }}
        key: ${{ secrets.SSH_PRIVATE_KEY }}
        port: ${{ secrets.SSH_PORT }}  # If your SSH server uses a different port, add this line
        source: "public_html"  # Adjust this to the directory or files you want to copy
        target: "/var/www/domain.com/"  # Adjust this to the destination directory on your VPS
    - name: multiple command
      uses: appleboy/[email protected]
      with:
        host: ${{ secrets.SSH_HOST }}
        username: ${{ secrets.SSH_USER }}
        key: ${{ secrets.SSH_PRIVATE_KEY }}
        port: ${{ secrets.SSH_PORT }}
        script: |
          chown -R openvc:www-data /var/www/domain.com/public_html
          chmod -R 770 /var/www/domain.com/public_html`

[sahgilbert]

I fixed my problem and ssh-action is now working. I feel stupid, I was using SSH_USERNAME in my yml file but the secret was called SSH_USER in GitHub Secrets 😑

Here is my working yml file for anyone it might help :

name: Deploy to VPS

on:
  push:
    branches:
      - main  # Adjust this to your main branch name
  workflow_dispatch: 
  
jobs:
  deploy:
    runs-on: ubuntu-latest
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v2

    - name: Copy files to VPS
      uses: appleboy/scp-action@master
      with:
        host: ${{ secrets.SSH_HOST }}
        username: ${{ secrets.SSH_USER }}
        key: ${{ secrets.SSH_PRIVATE_KEY }}
        port: ${{ secrets.SSH_PORT }}  # If your SSH server uses a different port, add this line
        source: "public_html"  # Adjust this to the directory or files you want to copy
        target: "/var/www/domain.com/"  # Adjust this to the destination directory on your VPS
    - name: multiple command
      uses: appleboy/[email protected]
      with:
        host: ${{ secrets.SSH_HOST }}
        username: ${{ secrets.SSH_USER }}
        key: ${{ secrets.SSH_PRIVATE_KEY }}
        port: ${{ secrets.SSH_PORT }}
        script: |
          chown -R openvc:www-data /var/www/domain.com/public_html
          chmod -R 770 /var/www/domain.com/public_html`

Does this deploy to Microsoft Azure? Or are you using a different Cloud Provider? Thanks

[real-F-00]

@real-F-00 Have you solved the problem?

Yes! after days of headaches i finally solved the issue, i think this should be added to the documentation (if it isn't already) but the problem was that the user i was trying to use was locked, to keep the user locked but allowing ssh access to it i used usermod -p '*' user that solved my issue.

[LucasRoquilly]

Does this deploy to Microsoft Azure? Or are you using a different Cloud Provider? Thanks

@sahgilbert This was made for deployment to a OVHCloud VPS (Virtual Private Server) but I believe it should work for any Linux machine

[appleboy]

@LucasRoquilly Can you provide the ssh username and password through email (appleboy.tw AT gmail.com). Maybe I can try it and get you back soon?

Thanks.

[appleboy]

@LucasRoquilly

I will try out OVHCloud and promptly inform you if the product becomes available.

[appleboy]

Sorry, I misunderstood @LucasRoquilly. The issue lies with @sahgilbert problem on Azure. I will find time to test the issue on Azure again.

[RishabhBajpai97]

Hey guys, changing the version for master for ssh worked for me. steps: - name: SSH into EC2 and deploy uses: appleboy/ssh-action@master with: host: ${{ secrets.EC2_HOST }} username: ${{ secrets.EC2_USER }} key: ${{ secrets.EC2_SSH_KEY }} As you can see i used appleboy/ssh-action@master. Doing this worked for me.

[appleboy]

@RishabhBajpai97

I think the behavior of the master version is consistent with the v1.0.3 version. There should be no differences. Could you please provide the following detailed information:

1. SSH version and sshd_config content
2. Ubuntu version?
3. GitHub Actions logs.

[RishabhBajpai97]

@RishabhBajpai97

I think the behavior of the master version is consistent with the v1.0.3 version. There should be no differences. Could you please provide the following detailed information:

1. SSH version and sshd_config content
2. Ubuntu version?
3. GitHub Actions logs.

Sure i will be happy to.....

1. ssh version - OpenSSH_9.6p1 Ubuntu-3ubuntu13 sshd_config content:

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#CASignatureAlgorithms +ssh-rsa
#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem	sftp	/usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server`

2. Ubuntu version - 24.04 LTS
3. Github logs - This one is for v0.1.3 /usr/bin/docker run --name d7a5d858670fa222224b9aa04d51824205eba0_aff2f2 --label d7a5d8 --workdir /github/workspace --rm -e "PRIVATE_KEY" -e "HOSTNAME" -e "USER_NAME" -e "INPUT_HOST" -e "INPUT_USERNAME" -e "INPUT_KEY" -e "INPUT_SCRIPT" -e "INPUT_PORT" -e "INPUT_PASSPHRASE" -e "INPUT_PASSWORD" -e "INPUT_SYNC" -e "INPUT_USE_INSECURE_CIPHER" -e "INPUT_CIPHER" -e "INPUT_TIMEOUT" -e "INPUT_COMMAND_TIMEOUT" -e "INPUT_KEY_PATH" -e "INPUT_FINGERPRINT" -e "INPUT_PROXY_HOST" -e "INPUT_PROXY_PORT" -e "INPUT_PROXY_USERNAME" -e "INPUT_PROXY_PASSWORD" -e "INPUT_PROXY_PASSPHRASE" -e "INPUT_PROXY_TIMEOUT" -e "INPUT_PROXY_KEY" -e "INPUT_PROXY_KEY_PATH" -e "INPUT_PROXY_FINGERPRINT" -e "INPUT_PROXY_CIPHER" -e "INPUT_PROXY_USE_INSECURE_CIPHER" -e "INPUT_SCRIPT_STOP" -e "INPUT_ENVS" -e "INPUT_DEBUG" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_RESULTS_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/lets-talk-backend/lets-talk-backend":"/github/workspace" d7a5d8:58670fa222224b9aa04d51824205eba0 ======CMD====== echo "$PRIVATE_KEY" > private_key && chmod 600 private_key ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} ' docker pull ***/lets-talk:$GITHUB_SHA docker stop lets-talk || true docker rm lets-talk || true docker run -d -p 3000:3000 --name lets-talk ***/lets-talk:$GITHUB_SHA

======END====== 2024/06/15 22:50:28 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

This one for master :

Will download drone-ssh-1.7.4-linux-amd64 from https://github.com/appleboy/drone-ssh/releases/download/v1.7.4 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

100 5580k 100 5580k 0 0 9401k 0 --:--:-- --:--:-- --:--:-- 9401k ======CMD====== docker pull ***/lets-talk:$GITHUB_SHA docker stop lets-talk || true docker rm lets-talk || true docker run -d -p 3000:3000 --name lets-talk ***/lets-talk:$GITHUB_SHA

======END====== err: invalid reference format err: Error response from daemon: No such container: lets-talk err: Error response from daemon: No such container: lets-talk err: docker: invalid reference format. err: See 'docker run --help'. 2024/06/15 23:31:09 Process exited with status 125 Error: Process completed with exit code 1.

I did get error but it was because of docker commands. However i did get logged in. Please do let me know if i am wrong. I thought that it worked for me so i should share it.

[mathurinhauville]

I had exactly the same problem. First, I noticed that my variables did not have the same names in my YAML file and in the secrets repository. Then I realized that I had a passphrase for my private key, so I added it to my YAML file. Finally, the problem was that my key copy contained line breaks. I removed them from each line, and everything worked.

This is my YAML file

  - name: Deploy to server via SSH
    uses: appleboy/ssh-action@master
    with:
      host: ${{ secrets.SSH_HOST }}
      username: ${{ secrets.SSH_USER }}
      key: ${{ secrets.SSH_PRIVATE_KEY }}
      passphrase: ${{ secrets.SSH_PASSPHRASE }}
      script: whoami

This is my initial private key when I copied it from my terminal

This is after I removed the line breaks

(It's a fake private key)

[mohammed5420]

I had exactly the same problem. First, I noticed that my variables did not have the same names in my YAML file and in the secrets repository. Then I realized that I had a passphrase for my private key, so I added it to my YAML file. Finally, the problem was that my key copy contained line breaks. I removed them from each line, and everything worked.

This is my YAML file

  - name: Deploy to server via SSH
    uses: appleboy/ssh-action@master
    with:
      host: ${{ secrets.SSH_HOST }}
      username: ${{ secrets.SSH_USER }}
      key: ${{ secrets.SSH_PRIVATE_KEY }}
      passphrase: ${{ secrets.SSH_PASSPHRASE }}
      script: whoami

This is my initial private key when I copied it from my terminal

This is after I removed the line breaks

Sorry but it's better not to share your private keys

[appleboy]

@aswanth6000 I don't know what you mean. This repo is appleboy/ssh-action

[100001010]

master

I changed to master and passed, but I am a super novice, I hope I can help everyone.

[iMohammadd]

use your local machine private key instead of your vps pvk

[chibyk101]

use your local machine private key instead of your vps pvk

I just followed your comment and it didn't work

it shouldn't, since the handshake is not between my local machine & GitHub runners, but rather btw my VPS & GitHub

[chibyk101]

I have this same issue, I copied a working workflow to a new repo and it didn't work

name: Deploy to VPS

on:
  push:
    branches:
      - dev

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v2

    - name: Deploy to VPS
      uses: appleboy/ssh-action@master
      with:
        host: ${{ secrets.VPS_HOST }}
        username: ${{ secrets.VPS_USER }}
        key: ${{ secrets.VPS_KEY }}
        script: |
          cd /var/www/domain.dev
          git pull origin dev
          composer install --no-interaction --prefer-dist
          php artisan migrate:fresh --seed

[chibyk101]

I removed the secrets and added them again and it worked I can't tell what the problem was