SFTP-Deploy-Action Invalid key format

Bug description

Invalid key format. I'm sure the key is correct: I use it personally to connect to the server.

My config

on: push
name: Deploy to CI over SFTP
jobs:
  FTP-Deploy-Action:
    name: FTP-Deploy-Action
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
      with:
        fetch-depth: 2
    - name: deploy file
      uses: wlixcc/[email protected]
      with:
        username: 'aeris'
        server: 'ci-apps-dev.yunohost.org'
        private_key: ${{ secrets.DeployKey }} 
        local_path: './*'
        remote_path: '/data/pterodactyl_ynh' #make sure dir exist
        args: '-o ConnectTimeout=5'

Logs

sftp start
Warning: Permanently added 'ci-apps-dev.yunohost.org,51.15.209.133' (ECDSA) to the list of known hosts.
Debian GNU/Linux 9
Load key "../private_key.pem": invalid format
[email protected]: Permission denied (publickey,password).
Connection closed

Mar 23 '20 15:03 Aeris1One

Make sure your file format is correct with .pem , this action generate pem file connect to server

I have modified the private key, this is an example

Apr 16 '20 01:04 wlixcc

Hi. I'm also having this issue. I've tried generating some brand new .pem keys to see if those are accepted as valid input, but they don't appear to be accepted.

MIIEoQIBAAKCAQEAk8Iae64JZwnN8zstLd0Uz32p+qCRGRvlgYaJEKProLeWThmU
6tyC5ba2cp1dhy9f3tSbteJdeR6ZUqvTVoP1tkOqd/+y+RXmccR3siDMDAaBaj/1
fpDMHIUZTsmtaoYB5Hb4WrcEVJV4wjB17mK9joVQE6H/HYkAQxHNFZlisuHQ4Kws
cGip8FIrbsw744S9DFCi+lrL4OI9GdB2/4LbM/wphTXKuOgyYhw8CPgxb/LR6Pwp
DuNWueHrvLARiYze0P8hWVK6ja5RcpO7eLnIy2DqZIX1ZFLBdUusPtZwZ+HS/zyM
pP3/VIFLh2JsBi9KmqPXuxbjyCDqO9GpnlmZUQIBJQKCAQAv6+zp15RYxOjZQ5/z
MvH+GusFLSgj0bI32Jsn/c/hGPJ6Mc9uxA7HCtNjcU7ED11dBq8KjprbLITA3cgA
YiYtRmDM+PvGZ/e2MeGhjhip9EWl6zrc8LDmp7UuTz8pd5HpO1d3XfORDeH5yocc
4cDv8+KelWd/M1oH6hkAFhIsLQ4tH2o9cfWhnPFIfTZZb5JS1V+t9+MwxkUCYbaz
vZmU54JRbxTPqCOT3i+8Ph/Qb/FrSkuu7927Bd3XOKiza1Zn8eTTxQOfMZXNhxkG
3wPcMtLqCgQmfX2N1n0oKycyrTh4612q9JMscBaSEbsdMPZKWG2SiyyDm2xlaDtW
rKvtAoGBAPYvZkHTwfmTQBvWak4nMlXkaWAZups4myC31GA0fgLoEXYLWp79Gxqe
U4I7feQvXVJzMPpaGyA7yOrBcX/FUMT0hwEHL6wKk0MIZ+jnRpwbyE6CA0ZSbBof
Pfe3gL7dTg/Io3qGBAJ3aytc4Mb3hw1coKdmUTV7gCa3EdiC8pwFAoGBAJmmJQ20
h1BVbiejioYoj7lTKrEy497R48eapCN2Julrdjb+xKuQ2/9mhlFJEBXTPFcVphqu
ufV9cZT4+ombBnob+PQag5itl4CFy0Vm7jYd++bmOSJF47mLYwf2JfiuUv/Bw1v6
h+G+vIU9daQfUUXYx957mI+21t/2vm960pXdAoGBAMecDbjVNX5ACndvlHa3/0yP
r2KtE9fNCChdsx2SWFViN6vR2sYZVD8Ylrye8HPTYGxdZftrp0qRVswuJKzJf8JJ
uZIhgJlUrsC6tR20mh21qVRpanBegSnv0WERU6GshHuAFdj3CiuDa6aeVWMN4x+X
NibdVpoRG8xdFWNxF7zFAoGAHRGYTrNzi70irY2klev/g+0jwKjDU6srF+zS8fPC
LCkWXW54PCJTInsuKw3SnFhlXJVknUOmpBDQTJ3OiLx22NTcEoGOhKs4VpXaWTz8
onRgFu1JFFJpWnRRAYGYeyfmMGLtm8edKrVh77GueP8BicE6keAIGzBt11gx3b1K
b2ECgYABNqKnwtt9W04X4B4WaVTFibENBrXmJBnJ7eNHpLexdJ+5U5LlxiSeVzTM
0y2Sur8zWNRBr2goK89WasiHQCYeoSc8YHcyt1CciL1FksbJs7dc7G3V2Q+xAmGa
gwou2roQgp7v0zk9Fc6dqVyb74h+S6uY1nFL2zuCpJGe0cl5lw==
-----END RSA PRIVATE KEY-----

Here's a key that gives me the log Load key "../private_key.pem": invalid format

is there something else to it? Thank you.

May 05 '20 11:05 zkrising

@zkldi forget "-----BEGIN RSA PRIVATE KEY-----" ?

May 08 '20 07:05 wlixcc

No, sorry; just a mistake in my formatting:

May 08 '20 12:05 zkrising

Why closing, as @zkldi said, there's a bug.

May 12 '20 16:05 Aeris1One

@Aeris1One as @zkldi say "just a mistake in formatting"

May 17 '20 06:05 wlixcc

The mistake in formatting is in the comment. Look at the screenshot ^^

May 17 '20 11:05 Aeris1One

hi, @Aeris1One I have tested it. If the correct format is used, I have not reported an error here

May 19 '20 02:05 wlixcc

Hi, having the same problem, I've added the PEM content into a secret "SSH_PRIVATE_KEY" (including the header and footer but still having the same error as mentioned.

What's the correct way of specifing the key?

Thank you

Jun 20 '20 02:06 elmokono

@elmokono It seems that this problem exists, but there is currently no more information for me to test. I also don't know exactly where the problem occurred. This action will extract the secret and generate a pem file for verification. You can try to use sftp to connect to the server directly

Jun 20 '20 07:06 wlixcc

here having the same issue. Added the content of the .pem key in a secret variable in my git repo > Settings > Secrets. why the log says: "Load key "../private_key.pem": invalid format" ?

Anyone interested you can create your own script to connect to your SFTP with the following instruction. Note I use the same key defined in the secret as @wlixcc says.

on:
 push:
   branches: [ master ]
 pull_request:
   branches: [ master ]
jobs:
 deploy_job:
   runs-on: ubuntu-latest
   name: deploy
   steps:
     - name: Checkout
       uses: actions/checkout@v2

     - name: create ssh folder
       run: mkdir /home/runner/.ssh/
       
     - name: create know hosts
       run: ssh-keyscan -H your.ftp.host > /home/runner/.ssh/known_hosts
       
     - name: create private key
       run: touch /home/runner/.ssh/private_key.pem
       
     - name: copy private key
       run: 'echo "$SSH_KEY" > /home/runner/.ssh/private_key.pem'
       env:
         SSH_KEY: ${{secrets.SFTP_PASSWORD}}
               
     - name: change permission to private key
       run: chmod 400 /home/runner/.ssh/private_key.pem
                                                                                             
     - name: sftp run
       run: sftp -i /home/runner/.ssh/private_key.pem your-user@your-host

Jun 26 '20 06:06 kronosboy

Getting the same error. Load key "../private_key.pem": invalid format.

The provided secret is valid.

Aug 11 '20 21:08 Exitare

+1 for the "invalid format" error. I can login to my server using the same key.

I tried generating a new key pair in ubuntu with ssh-keygen -t rsa and used that instead, still get the same error though.

Jan 06 '21 11:01 kevquirk

As mentioned here: https://serverfault.com/a/941893, it looks like some versions of ssh-keygen don't export keys in the old PEM format anymore by default. You can try to explicitly force PEM like this: ssh-keygen -m PEM when generating a new key pair.

Feb 12 '21 00:02 timschneeb

ssh-keygen -m PEM

Thank you, this is useful to me.

Jun 14 '21 13:06 eryajf

In case anyone else gets here. This has nothing to do with the format of the PEM file. In my case, I had created an Environment Secret instead of a Repository secret, so nothing was being passed to the container.

Mar 20 '22 01:03 mrunkel

Okay, so we can't use organization environment secrets. The key must be placed in the repository secrets section (as mentioned in the readme lol) and it must be ssh-keygen -m PEM. Then it will work.

May 01 '22 09:05 Stolzenberg

If you use the Ed25519 algorithm to generate an SSH key pair ssh-keygen -t ed25519 -C "[email protected]", you need to note that the last line of the private key is a blank line. You need to keep it when adding Repository secrets, otherwise it may lead to an 'invalid format' error.

Aug 21 '23 06:08 wlixcc

SFTP-Deploy-Action SFTP-Deploy-Action copied to clipboard

Invalid key format

Bug description

My config

Logs

SFTP-Deploy-Action
SFTP-Deploy-Action copied to clipboard