Troubleshooting SSH

A “Permission denied” error means that the server rejected your connection. There could be several reasons why, and the most common ones are explained below.

Check the SSH key in use

You can get more details about which key is being used by adding the “verbose” flag -v to your SSH command:

ssh -v
debug1: identity file /Users/YOUR_NAME/.ssh/id_ed25519 type 3
debug1: identity file /Users/YOUR_NAME/.ssh/id_ed25519-cert type -1
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/YOUR_NAME/.ssh/id_ed25519
Permission denied (publickey).

Check the key attached to your Render account

  1. List any keys you have loaded into the ssh-agent.

    ssh-add -l

    This should should print out a long string of numbers and letters.

  2. Open your settings page in the Dashboard and find the list of SSH public keys.

  3. Compare the list of SSH keys with the output from the ssh-add command.

If you don’t see your public key listed, you can add it to your account.

Avoid RSA keys

If you are using OpenSSH v8.8 or above (for example with macOS Ventura), you will not be able to use RSA keys on Render. This is because the support for RSA signatures using the SHA-1 hash algorithm has proven to be insecure. We recommend using an Ed25519 key instead.

  1. Check your version of OpenSSH to see if it’s version is 8.8 or up.

    ssh -V
    OpenSSH_8.8p1, OpenSSL 1.1.1m  14 Dec 2021
  2. Check if you are using an RSA key.

    ssh-keygen -l -f ${PATH_TO_KEY}
  3. Try to ssh using your key by adding the “verbose” flag -v to your SSH command. If you see a message stating that there is “no mutual signature algorithm” you will not be able to use your RSA key.

    ssh -v
    debug1: Offering public key: YOUR_NAME@YOUR_HOST RSA SHA256:SSH_KEY_FINGERPRINT agent
    debug1: send_pubkey_test: no mutual signature algorithm
  4. Generate an Ed25519 ssh key and add it to your account.