Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Inquisitive's avatar

ssh: handshake failed: ssh: unable to authenticate on github actions

I am trying to update the remote VPS server automatically whenever there is a push on the branch.

My .github/workflow/deploy.sh looks like this:

name: Deploy

# Trigger the workflow on push and
# pull request events on the master branch
on:
  push:
    branches: ["master"]
  pull_request:
    branches: ["master"]

# Authenticate to the the server via ssh
# and run our deployment script
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Deploy to Server
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USERNAME }}
          password: ${{ secrets.PASSWORD }}
          port: ${{ secrets.PORT }}
          key: ${{ secrets.SSHKEY }}
          script: "cd /var/www/example.com && ./.scripts/deploy.sh"

Then I added the above-mentioned secret variables on github secret variables:

HOST => xx.xxx.xxx.xxx (IP)
USERNAME => xxxx
PASSWORD => xxxxxxxxxxx
PORT => 22
SSHKEY => private ssh key

On the server, I created ssh keys:

ssh-keygen -t ed25519 -a 200 -C "[email protected]"

Then, I added the public keys to the authorized keys,

My config file on the server is:

Host github.com
  HostName github.com
  User xx-xxxxx
  IdentityFile ~/.ssh/id_ed25519
  IdentitiesOnly yes

I could pull the updates from the GitHub repo manually with git pull origin master, however, on automatic deploy it is throwing the error:

2024/05/05 07:35:53 ssh.ParsePrivateKey: ssh: this private key is passphrase protected
======CMD======
cd /var/www/example.com && ./.scripts/deploy.sh
======END======
2024/05/05 07:35:55 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password], no supported methods remain
Error: Process completed with exit code 1.

What am I doing wrong here?

0 likes
1 reply
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

It looks like the issue you're encountering is due to the SSH private key being passphrase protected. When using SSH keys that are protected by a passphrase in automated scripts like GitHub Actions, you need to ensure that the passphrase is also provided, or use a key without a passphrase.

Here are the steps to resolve the issue:

  1. Remove the passphrase from the existing SSH key (not recommended for production environments due to security concerns):

    • You can remove the passphrase from the SSH key using the following command: 
      ssh-keygen -p -f ~/.ssh/id_ed25519
    • When prompted for the passphrase, enter it and then press enter when asked for the new passphrase to remove it.

  2. Create a new SSH key without a passphrase:

    • This is a safer approach for production. Generate a new SSH key without a passphrase: 
      ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/id_ed25519_ci -N ""
    • Replace "[email protected]" with your actual email address. The -N "" option sets an empty passphrase directly.

  3. Update the GitHub Secrets:

    • Update the SSHKEY secret in your GitHub repository to use the new SSH key (either the passphrase-removed key or the new key without a passphrase).

  4. Update the server's authorized keys:

    • Make sure that the public key corresponding to the modified or new private key is added to the ~/.ssh/authorized_keys on the server where you are deploying.

  5. Modify the GitHub Actions workflow:

    • Ensure that your workflow is using the correct secrets and that the SSH action setup is correct. Here is a revised version of your workflow step for deploying to the server: 
      - name: Deploy to Server
  uses: appleboy/ssh-action@master
  with:
    host: ${{ secrets.HOST }}
    username: ${{ secrets.USERNAME }}
    port: ${{ secrets.PORT }}
    key: ${{ secrets.SSHKEY }}
    script: |
      cd /var/www/example.com && ./.scripts/deploy.sh

By following these steps, you should be able to resolve the SSH authentication issue in your GitHub Actions workflow. Remember, handling SSH keys securely is crucial, especially in production environments. Avoid using keys without passphrases unless absolutely necessary and ensure secure handling of all secrets.

Please or to participate in this conversation.