1

This is my workflow file.


name: Joint Fairy Deploy
on:
  push:
    branches:
      - main
jobs:
  build:
    name: Deploy...
    runs-on: ubuntu-latest
    steps:
      - name: executing remote ssh commands using password
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.SERVER_HOST }}
          password: ${{ secrets.SERVER_PASSWORD }}
          username: ${{ secrets.SERVER_USERNAME }}
          port: 22
          script_stop: true
          script: |
            cd /var/www/app/joint-fairy && ./deploy.sh

Due to some strange reason, everything named password is been hashed. Github Action hashing password

You can see from the image above that executing remote ssh commands using password has being transform to executing remote ssh commands using *** and password: *** is now ***:***.

Because of this I am getting this error.

2023/05/24 11:05:51 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

ssh: handshake failed: ssh: unable to authenticate, attempted methods

sylvesterasa
  • 105
  • 1
  • 8
  • Does this answer your question? [Why does Github action log show asterisk?](https://stackoverflow.com/questions/72173464/why-does-github-action-log-show-asterisk) – Azeem May 25 '23 at 04:37

2 Answers2

0

The parameter named "secrets.SERVER_PASSWORD" has the value "password". This value is only a placeholder and the person managing the secrets of that organization or repository has to provide the real value before the workflow will work.

This is also the reason why the attempted action fails (unless the password actually is "password" but then this looks like a lost cause anyway and I wouldn't care) even if it would be properly configured to use password authentication (enable debug mode of the Microsoft Github Action named "appleboy/ssh-action" to get better diagnostics).

Background

Any secret value commands Microsoft Github Actions to replace it - as it is a secret - with three times the asterisk "***" in the logs. Same for the other secrets.

Eric Sciple explains:

The current runner solution is designed to help prevent all workflow secrets from being printed. One example is debug tracing like set -x in bash. The trade off is that weak secrets could get incorrectly masked in other places.

As you now see the plain "password" getting replaced with three asterisk, you have uncovered this secret password. It is likely a default placeholder.

Cf. Why does Github action log show asterisk?; How to access the value of SECRETS in Github Actions?; Why The Action Cannot Access Secrets?

hakre
  • 193,403
  • 52
  • 435
  • 836
0

I was found sol

      - name: Deploy
        run: |
         sshpass -p ${{ secrets.PASSWORD }} ssh -o StrictHostKeyChecking=no 
         your_username@your_ip "bash -s" <<EOF 
         your script
         EOF

secrets.PASSWORD set it in your github repo

Otis
  • 156
  • 2
  • 11