ssh-action icon indicating copy to clipboard operation
ssh-action copied to clipboard

Published 20 hours ago verified publisher icon appleboy

Trying to use this with secrethub and getting no authentication methods tried

Open randohinn opened this issue 4 years ago • 6 comments

Hi. I'm trying to combine secrethub and this into my workflow, with a simple yaml that looks like this:

# This is a basic workflow to help you get started with Actions

name: CI

# Controls when the action will run. Triggers the workflow on push or pull request
# events but only for the master branch
on:
  push:
    branches: [ dev ]

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  dev_deploy:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      - name: "Secrets setup"
        uses: secrethub/actions/[email protected]
        env:
         SECRETHUB_CREDENTIAL: ${{ secrets.SECRETHUB_CREDENTIAL }}
         SSH_HOST: secrethub://things/morethings/host
         SSH_USER: secrethub://things/morethings/user
         SSH_PASS: secrethub://things/morethings/password
         SSH_PORT: secrethub://things/morethings/port
      # Runs a single command using the runners shell
      - name: "Deploying dev branch to dev subdomain."
        uses: appleboy/ssh-action@master
        with:
          host: ${SSH_HOST}
          username: ${SSH_USER}
          password: ${SSH_PASS}
          port: ${SSH_PORT}
          script: whoami

Hovewer, the ssh action part fails with ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain. How could I solve this?

randohinn avatar Jul 15 '20 13:07 randohinn

The Variables from Secrethubs setup are not available in the shell context for the ssh action.

I'd suggest looking into secrethub to see if they have an example of how to securely set them in the context.

derrick-anderson avatar Jul 15 '20 19:07 derrick-anderson

@randohinn Could you try this syntax instead: password: ${{ env.SSH_PASS }}

florisvdg avatar Jul 16 '20 14:07 florisvdg

@randohinn Could you try this syntax instead: password: ${{ env.SSH_PASS }}

Still recieve the same error

randohinn avatar Jul 16 '20 19:07 randohinn

@randohinn

Secret Hub's Example located here shows that the ENV variables are available for the remainder of the job.

Try removing your entire with block on the SSH action. They should be picked up from the local env.

derrick-anderson avatar Jul 16 '20 21:07 derrick-anderson 

    steps:
      - name: "Secrets setup"
        uses: secrethub/actions/[email protected]
        env:
         SECRETHUB_CREDENTIAL: ${{ secrets.SECRETHUB_CREDENTIAL }}
         host: secrethub://thing/tong/host
         username: secrethub://thing/tong/user
         password: secrethub://thing/tong//password
         port: secrethub://thing/tong//port
         script: whoami
      # Runs a single command using the runners shell
      - name: "Deploying dev branch to dev subdomain. NB: Using production database."
        uses: appleboy/ssh-action@master

Changed the error to cant login without private key or password

randohinn avatar Jul 17 '20 09:07 randohinn

In the env block you'll have to use one of the EnvVar names from here: https://github.com/appleboy/drone-ssh/blob/master/main.go#L33-L185

For example:

    steps:
      - name: "Secrets setup"
        uses: secrethub/actions/[email protected]
        env:
          SECRETHUB_CREDENTIAL: ${{ secrets.SECRETHUB_CREDENTIAL }}
          SSH_HOST: secrethub://thing/tong/host
          SSH_USERNAME: secrethub://thing/tong/user
          SSH_PASSWORD: secrethub://thing/tong/password
          SSH_PORT: secrethub://thing/tong/port

florisvdg avatar Jul 17 '20 09:07 florisvdg

@randohinn Don't use the env variable.

appleboy avatar Apr 13 '23 08:04 appleboy