ssh-action
ssh-action copied to clipboard
appleboy
Passhprase not working
I tried to add passphrase option as mentioned in this ticket: https://github.com/appleboy/ssh-action/issues/16 But it is not working for unknown reason. Here is my yml.
name: CI
on: [push]
jobs:
deploy:
if: github.ref == 'refs/heads/master'
runs-on: [ubuntu-latest]
steps:
- uses: actions/checkout@v1
- name: Push to server
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.SERVER_IP }}
port: ${{ secrets.PORT }}
username: ${{ secrets.SERVER_USERNAME }}
password: ${{ secrets.SERVER_PASSWORD }}
passphrase: ${{ secrets.SSHKEYPASSWORD }}
script: cd ${{ secrets.PROJECT_PATH }} && git pull
I have secrets added in the repository. I can manually ssh login to my server and do git pull. Then I enter password and it works like it should. However github actions say:
err: [email protected]: Permission denied (publickey).
2020/06/24 13:21:57 Process exited with status 1
err: fatal: Could not read from remote repository.
So what am I doing wrong here? I expected that passphrase would input the password for my ssh key. Or is there something else wrong? I also did this: cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
I later removed my ssh key passphrase and then it works! But I really would like to secure my key with password. Looks like the passphrase is not working for some reason?
If I may ask what's the passphrase for. I dont think you have a private key in your secrets on the repo. Do you?
@mojo706 I have set up a password for my ssh key like this: https://github.com/appleboy/ssh-action/issues/16#issuecomment-569561335 The feature seems to be implemented but it doesn't work for me. Or did I understand it wrong? I thought using passphrase it would enter the password when trying to pull. I don't have my private key in the repo secrets. Is that the issue? It can't use the key directly from the server?
@shnigi The private key is in your personal computer under ~/.ssh assuming that you're on Mac or Linux use pb copy like so pbcopy < ~/.ssh/id_rsa then in your repo secrets add it as SSH_PKEY or any name you find useful. Then you can remove the SERVER_PASSWORD from your yml
@mojo706 Yes I know. But isn't the difference between: password and passphrase the following: password is used to login the server. Can be any user/password. Passphrase is used to pull from Github, again can be any key? So two different passwords. I have ssh login password and Github key password which needs to be entered. I also tried adding my key to Github secrets but it doesn't work.
@shnigi That's not it. You use the SSH_PKEY to log in to your server instead of a password. Then you use the secrets.GITHUB_TOKEN to log in to Github.
There is the modification if you need your SSH Key to log in to your server:
- name: Push to server
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.SERVER_IP }}
port: ${{ secrets.PORT }}
username: ${{ secrets.SERVER_USERNAME }}
- password: ${{ secrets.SERVER_PASSWORD }}
+ key: ${{ secrets.SSH_KEY }}
passphrase: ${{ secrets.SSHKEYPASSWORD }}
script: cd ${{ secrets.PROJECT_PATH }} && git pull
Now that you are inside your server, you need credentials to pull from github, if you use HTTPS with username/password try:
git pull "https://<username>:<password>@github.com/<github_account>/<repository_name>.git" <branch_name>
Complete example, not sure if it's a good practice and I didn't test it :
- name: Push to server
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.SERVER_IP }}
port: ${{ secrets.PORT }}
username: ${{ secrets.SERVER_USERNAME }}
password: ${{ secrets.SERVER_PASSWORD }}
key: ${{ secrets.SSH_KEY }}
passphrase: ${{ secrets.SSHKEYPASSWORD }}
script: |
cd ${{ secrets.PROJECT_PATH }}
git pull "https://${{ secrets.GITHUB_USERNAME }}:${{ secrets.GITHUB_PASSWORD }}@github.com/shnigi/my_repo.git" master
I have the same issue, passphrase not working. Relevant part from ssh -vT [email protected] is
err: debug1: read_passphrase: can't open /dev/tty: No such device or address
I think echo $SSH_AUTH_SOCK command on runner script should return something, now it its empty. I have tried various ways to modify my server .ssh/rc file according to https://gist.github.com/martijnvermaat/8070533 but none of them work for me.
There is the modification if you need your SSH Key to log in to your server:
- name: Push to server uses: appleboy/ssh-action@master with: host: ${{ secrets.SERVER_IP }} port: ${{ secrets.PORT }} username: ${{ secrets.SERVER_USERNAME }} - password: ${{ secrets.SERVER_PASSWORD }} + key: ${{ secrets.SSH_KEY }} passphrase: ${{ secrets.SSHKEYPASSWORD }} script: cd ${{ secrets.PROJECT_PATH }} && git pullNow that you are inside your server, you need credentials to pull from github, if you use HTTPS with username/password try:
git pull "https://<username>:<password>@github.com/<github_account>/<repository_name>.git" <branch_name>Complete example, not sure if it's a good practice and I didn't test it :
- name: Push to server uses: appleboy/ssh-action@master with: host: ${{ secrets.SERVER_IP }} port: ${{ secrets.PORT }} username: ${{ secrets.SERVER_USERNAME }} password: ${{ secrets.SERVER_PASSWORD }} key: ${{ secrets.SSH_KEY }} passphrase: ${{ secrets.SSHKEYPASSWORD }} script: | cd ${{ secrets.PROJECT_PATH }} git pull "https://${{ secrets.GITHUB_USERNAME }}:${{ secrets.GITHUB_PASSWORD }}@github.com/shnigi/my_repo.git" master
What I am actually doing is that I ssh into my server with name and password, then in the server I have github ssh key which is used to pull the code. I can get this to work if I remove my ssh key password from the server. So appleboy script works to the point where I login to the server but fails when it tries to pull from Github as my sshkey is asking for the password. Then I get the usual error message to github actions center:
err: [email protected]: Permission denied (publickey). err: fatal: Could not read from remote repository. 2021/01/21 13:57:35 Process exited with status 1 err: err: Please make sure you have the correct access rights err: and the repository exists.
Hello, I'm stumbling upon the same thing and can't find out how I can do this. I can connect to my server with ssh-actions but then when trying to "git pull", I'm asked for my github passphrase but getting the same error:
err: [email protected]: Permission denied (publickey). err: fatal: Could not read from remote repository. err: err: Please make sure you have the correct access rights err: and the repository exists.
@shnigi did you come up with a solution ? I would love to know.
I've had the same problem. What I did https://zellwk.com/blog/github-actions-deploy/
Generate new key and leave "passphrase" empty.
I've had the same problem. What I did https://zellwk.com/blog/github-actions-deploy/
Generate new key and leave "passphrase" empty.
that's really great tips, thx
- name: clone private repository
uses: appleboy/[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script_stop: true
script: |
git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository
rm -rf test_repository
create your personal token from user setting and store value in secret page.
