handshake failed: ssh: unable to authenticate, attempted methods [publickey], no supported methods remain.

[Roman-Dev00]

Hello, @Cabalist , @appleboy.
Hello, everyone
Sorry about reposting the same issue like as 80.
I have read your solutions carefully and tried to follow all of your suggestions such as

1. changed the master to v.0.1.14.
2. give the permission to .ssh and authorizedkeys.
3. copy pub file to authorizedkeys.

But I still have [none publickey] error.
Please help me.
Thanks.
Here is my mail.yml file.

name: Laravel CI/CD

on:
push:
branches:

• main

jobs:
setup:
runs-on: ubuntu-latest

steps:

• name: Checkout Repository
  uses: actions/checkout@v2

• name: Set up PHP
  uses: shivammathur/setup-php@v2
  with:
  php-version: "8.1"
  deploy:
  runs-on: ubuntu-latest
  needs: setup
  steps:

• name: Checkout Repository
  uses: actions/checkout@v2

  • name: Deploy to FTP
    uses: SamKirkland/FTP-Deploy-Action@v4.3.4
    with:
    server: ${{ secrets.FTP_SERVER }}
    username: ${{ secrets.FTP_USERNAME }}
    password: ${{ secrets.FTP_PASSWORD }}
    local-dir: ./ # Change this to the path of your Laravel app
    server-dir: / # Change this to the remote directory on your FTP server

  • name: SSH into Server and Run Migration
    uses: appleboy/ssh-action@v0.1.4
    with:
    host: ${{ secrets.SSH_HOST }}
    username: ${{ secrets.SSH_USERNAME}}
    key: ${{ secrets.SSH_PRIVATE_KEY }}
    port: ${{ secrets.SSH_PORT }}
    passphrase: ${{ secrets.SSH_PASSPHRASE }}
    script: |
    cd /home/lcgen/public_html/backend
    php artisan migrate --force
    php artisan config:cache
    php artisan cache:clear
    php artisan config:clear
    php artisan route:clear
    php artisan view:clear
    I already confirmed the public key in the authorizedkeys. It is same with public key which authorized key in my cpanel.
    I also have a SSH_PASSWORD variable in github secrets.
    Should I add this one in the yml like "password: ${{ SSH_PASSWORD }}" even though I set the .ssh permission with 700?
    And also what can be wrong in my current status?
    I am not sure why this error has been occurred?

[appleboy]

Can you help to try the v1.0.3 version?

[appleboy]

Please provide the ssh server version and /etc/sshd/sshd_config config file. What is your VM host like DigitalOcean or Linode?

[appleboy]

@Roman-Dev00

Please provide the following information:

1. Your hosting provider information, such as DigitalOcean, Linode, AWS, or GCP.
2. The version information of your host's SSH service.
3. The information from your host's SSH configuration file.

[Roman-Dev00]

Hi, @appleboy
Thanks for your asking but I don't understand these information.
Currently, I am using GitHub to deploy and cpanel to manage the server.
And I don't have sshd_config file in etc folder.

[ariwijayaikd]

@Roman-Dev00 have you try this?

[appleboy]

@Roman-Dev00 Where is the Cpanel? Can you provide more detailed information? I need the information to reproduce the issue.

[Roman-Dev00]

I manage the ssh key in the cpanel like above.

[Roman-Dev00]

This one is deploying error.

[Roman-Dev00]

This one is work flow file.
All of these are the detailed information what I can provide.

[appleboy]

@Roman-Dev00 I need the information about what is your CPanel Provider. I want to register a new account and reproduce the problem.

[Roman-Dev00]

we used a managed VPS at namecheap.
loyaltycardgenerator.com/cpanel

[appleboy]

@Roman-Dev00

What is your solution?

[Roman-Dev00]

I didn't find the solution yet.

[Roman-Dev00]

I found new error.
Every version doesn't work now.

[appleboy]

@Roman-Dev00 Try appleboy/ssh-action@v1.0.3 version

[Roman-Dev00]

Hi, @appleboy
Hope you are doing well today.
v1.0.3 also doesn't work.
Currently new error has been occurred.
error -> above image
What is the reason?

[appleboy]

@Roman-Dev00 you missing typo v

appleboy/ssh-action@v0.1.4

[Roman-Dev00]

thanks. I fixed it, but the initial error still remains.

If you want, you can access my computer using Anydesk and fix my problems.

[SmeLros]

I've also had issues with methods [none], my server version is Ubuntu22.04, so I added a "/etc/ssh/sshd_config.d/enable_rsa_keys.conf" file as per the docs and it worked fine

https://github.com/appleboy/ssh-action?tab=readme-ov-file#if-you-are-using-openssh

[Jamesinit]

Hello Guys.
I have encountered the same problem.
I was up all night debugging.
I suspect a lot of aspects like that firmware or cnetos7 are too old? or ssh server config or the repository code has a bug but those don't cause the problem.
As the sun rises, I think I found the bug position and found the solution, but I don't know why have the problem.

I will be your fan if you tell me the reason.

It's a problem that beginners don't know why, but veterans don't encounter.
老手遇不到，新手不知道原因

Solution

1. You must add your secrets in the Repository Secrets of the Github Setting page(look at the picture). Don't create secrets with GitHub ACTION Plugin at the vscode.
   
2. You must copy the complete key like below:

-----BEGIN OPENSSH PRIVATE KEY-----
sdfasdfasdfasa
-----END OPENSSH PRIVATE KEY-----

Include the BEGIN and END lines.

3. Use secrets auto complement with the GitHub Action Plugin at the Vscode. Don't manually input the Secrets name.

Let's recover the Problem

ENV

WEB_SERVER:CentOS7

My ssh config is default basically.

#       $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

Wokerflows:

name: remote ssh command
on: [push]
jobs:

  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
    - name: executing remote ssh commands using password
      uses: appleboy/ssh-action@v1.0.3
      with:
          host: ${{ secrets.SERVER_HOST }}
          username: ${{ secrets.SERVER_USER }}
          key: ${{ secrets.SERVER_KEY }}
          port: ${{ secrets.SERVER_PORT }}
          script: whoami

ERROR1 handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

2024/06/11 22:45:38 ssh.ParsePrivateKey: ssh: no key found
======CMD======
whoami
======END======
2024/06/11 22:45:38 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

Steps

I use ed25519 encropty.

1. Take your key. The key format is that

-----BEGIN OPENSSH PRIVATE KEY-----
jlakjsdf;lkajsdf;lkajsd;fkja;df
asdflkjas;dkf;askjdf;aksjdf;
-----END OPENSSH PRIVATE KEY-----

You need copy all include BEGIN and END.

2. Update your private key using Github Action Plugin at Vsocde.
   

3. Go to your GitHub repository on the web and manually run the workflow .

4. You will get the error

Let's see a (miracle).

Now upate the key with the same vlue on the web

It's work!

Error2 ssh.ParsePrivateKey: ssh: no key found

2024/06/11 23:44:06 ssh.ParsePrivateKey: ssh: no key found
======CMD======
whoami
======END======

Maybe you don't set your Secrets not below the Repository Secrets or you copy you key but don't completion.

What doesn't matter, and you just need to copy your comple key set the Secrets on right positon on the web, you will not encounter the problem.

[umakantp]

Going through the same problem. I have literally tried everything I could from documentation or any other suggestion given on the internet. Let me put some of the settings which I had used and hope it helps.

1. I put the private key in the github secrets of the repo copied from this file: cat ~/.ssh/id_ed25519
2. I put the public key on the server ~/.ssh/authorized_keys from this file: cat ~/.ssh/id_ed25519.pub
3. My workflow looks like this, (keeping it minimal and simple for understanding).

 - name: Stop the server
    uses: appleboy/ssh-action@master
    with:
        debug: true
        host: ${{ secrets.DEPLOY_DEV_HOST }}
         port: ${{ secrets.DEPLOY_DEV_PORT }}
        user: ${{ secrets.DEPLOY_DEV_USER }}
        key: ${{ secrets.DEPLOY_DEV_KEY }}
        script: cd /root/project/deploy; pm2 stop project;

4. Just to confirm I check spellings/names of these secrets N number of times already. I can also ssh root@my-server without password actually from local (as I had created keys on local). So it confirms by public/private key setup correctly.
5. Following is the error I get

Will download drone-ssh-1.7.7-linux-amd64 from https://github.com/appleboy/drone-ssh/releases/download/v1.7.7
======= CLI Version =======
Drone SSH version 1.7.7
===========================
======CMD======
cd /***/project/deploy; pm2 stop batman; rm -rf /***/project/deploy; mkdir -p /***/project/deploy
======END======
2024/07/29 13:17:31 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Error: Process completed with exit code 1.

6. Adding debug flag does nothing beyond just printing the script. I would have expect more details

I'm on DigitalOcean basic $6 droplet having Ubuntu 24.04 LTS
Typing ssh -v localhost on my server gives: OpenSSH_9.6p1 Ubuntu-3ubuntu13.4, OpenSSL 3.0.13

I had tried RSA keys also, same issue. I had tried authorized_keys2 solution given in the repo, same issue.

@appleboy Let me know if you need more information.

[kingraphaii]

Add ~/.ssh/id_[...].pub basically your user's public key to ~/.ssh/authorized_keys. Also make sure to have the private key in your repo's action secrets and add it with your action config.

[alifey]

adding a line break to the end of the secret key worked for me, credit;

https://groups.google.com/a/chromium.org/g/chromium-hterm/c/X-_u_5hJyKw/m/EwBqmHVqIAAJ

[shehata412]

I resolved this issue before by uncommenting this line of code
#PubkeyAuthentication yes

and commenting the authorized keys line so that it allows all the keys on my vps. Try that and let me know how it goes.