Deployment Failed, Permission denied (publickey,password).

[ItsYasser]

while doing GitHub actions to link with my digital ocean server im getting this error

Run easingthemes/[email protected] [general] GITHUB_WORKSPACE: /home/runner/work/laravelTest/laravelTest [SSH] Creating /home/runner/.ssh dir in /home/runner/work/laravelTest/laravelTest ✅ [SSH] dir created. [SSH] Creating /home/runner/.ssh/known_hosts file in /home/runner/work/laravelTest/laravelTest ✅ [SSH] file created. ✅ Ssh key added to .ssh` dir /home/runner/.ssh/deploy_key
[Rsync] Starting Rsync Action: /home/runner/work/laravelTest/laravelTest/ to @:***
[Rsync] exluding folders
⚠️ [Rsync] error: rsync exited with code 255
⚠️ [Rsync] stderr: Warning: Permanently added '***' (ED25519) to the list of known hosts.
Load key "/home/runner/.ssh/deploy_key": error in libcrypto
Permission denied, please try again.
Permission denied, please try again.
@: Permission denied (publickey,password).
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(231) [sender=3.2.7]

⚠️ [Rsync] stdout:
⚠️ [Rsync] cmd: rsync /home/runner/work/laravelTest/laravelTest/ @:*** --rsh "ssh -p 22 -i /home/runner/.ssh/deploy_key -o StrictHostKeyChecking=no" --recursive --exclude= -rltgoDzvO
1: 0xb090e0 node::Abort() [/home/runner/runners/2.311.0/externals/node16/bin/node]
2: 0xb79379 [/home/runner/runners/2.311.0/externals/node16/bin/node]
3: 0xd3df8e [/home/runner/runners/2.311.0/externals/node16/bin/node]
4: 0xd3f3af v8::internal::Builtin_HandleApiCall(int, unsigned long*, v8::internal::Isolate*) [/home/runner/runners/2.311.0/externals/node16/bin/node]`

1. I verified my private ssh key
2. I added the public key to the authorized keys
3. I added the key identity to the config file (IdentityFile)
4. I gave the permissions to the target dir file
5. I installed and upgraded the rsync
6. I verified the username and the host ip
7. Ssh key is in RSA format
8. I Enabled Password Authentication
9. tried to add space at the end of the private key

[AmineZeroual]

same issue :( PLEASE HELP

[QwiriTech]

we are having the same problem

[davyxx3]

Same issue, solved it by adding a new line at the end of private key.

[lzm0x219]

Same issue, solved it by adding a new line at the end of private key.

me too

[heavenmei]

Same issue, solved it by adding a new line at the end of private key.

it works for me

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[easingthemes]

Reopened, since it still require manual workaround.

[javidnikoo]

in my webhost hetzner is working but in 1&1 webhost getting error

Should we consider making some adjustments to our server?

premisson denied to change sshd_config however ...

1&1 ( ionos )
cat /etc/ssh/sshd_config

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0

# 2007-11-05 cg: kein SSHv1 mehr (HOST.342)
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

Compression yes

# 2015-12-09  TECCM-11090 :: 2 ssh client alive options
ClientAliveInterval 600
ClientAliveCountMax 3

# This NEEDS to be LOCAL0
SyslogFacility LOCAL0

LogLevel VERBOSE

# Authentication:
LoginGraceTime 30
PermitRootLogin no
StrictModes yes
AllowGroups ftpusers

PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog no
TCPKeepAlive yes
PermitUserEnvironment no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# Notes for subsystem sftp: We need to fulfill the constraint given by
#   rssh that the executable MUST READ /usr/lib/openssh/sftp-server
#   exactly, and therefore cannot be prepended with fakechroot
#   directly.  Therefore, we do all the details (fakechroot, ...) in a
#   wrapper script.  See package ui-infong-openssh-fakechroot-wrapper
#   for details.
#
Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

# Hide comment part of the version string: show `SSH-2.0-OpenSSH_7.9p1'
# instead of `SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u1~ui10+2`.
DebianBanner no

in 1&1 (ionos) :
cd ~/.ssh
-bash: cd: /kunden/homepages/8/xxxx/htdocs/.ssh: Permission denied

in hetzner : going to /ssh
if you need more info let me please know

[vajda-media]

Same issue, solved it by adding a new line at the end of private key.

Is this a bug? Why we need an extra line after -----END OPENSSH PRIVATE KEY----- ? Could this be maybe mentioned at the docs? I struggled 1 week because of this anomaly. Thanks for the right hint @davyxx3 👍

[easingthemes]

Can you try SCRIPT_BEFORE param, eg SCRIPT_BEFORE: ls. This will force known_hosts update, adding your host via ssh-keyscan.

Added info into REDME.
.

Probably the same issue: #143

[chungyeong]

i got the same error Deployment Failed, Permission denied (publickey).
All of the solutions presented above have failed.
i tried "ssh-keygen -t rsa -b 4096" to generate a key pair and it worked out.
but "ssh-keygen -m PEM -t rsa -b 4096" still not works for me.

[tecnologiaflashcardsconcursos]

@chungyeong in my case none of the solutions worked and also changing the key from PEM to RSA also didn't work :(
My host: Ubuntu 22

[supuwoerc]

I solved the authorisation failure problem by first adding a new line at the end of the private key, after which I also needed to run cat id_rsa.pub >> authorized_keys on the server.

The reason why this is needed, I thought ssh-deploy must be going password free login with the help of a private key, I tried to log in to the server on my computer via the private key as well, and expected this error, so I checked the relevant error messages, and finally I found out that I need to copy the public key paired with the private key to authorized_keys to open up the authorisation.

[supuwoerc]

I solved the authorisation failure problem by first adding a new line at the end of the private key, after which I also needed to run cat id_rsa.pub >> authorized_keys on the server.我首先在私钥末尾添加了一个新行，然后还需要在服务器上运行 cat id_rsa.pub >> authorized_keys ，从而解决了授权失败问题。

The reason why this is needed, I thought ssh-deploy must be going password free login with the help of a private key, I tried to log in to the server on my computer via the private key as well, and expected this error, so I checked the relevant error messages, and finally I found out that I need to copy the public key paired with the private key to authorized_keys to open up the authorisation.之所以需要这个，我以为ssh-deploy一定是在私钥的帮助下去免密码登录，我也尝试通过私钥登录到我电脑上的服务器，并预料到这个错误，所以我检查了相关的错误信息，最后我发现我需要复制与私钥配对的公钥才能authorized_keys打开授权。

@easingthemes @chungyeong @tecnologiaflashcardsconcursos