Troubleshooting SSH
A “Permission denied” error means that the server rejected your connection. There could be several reasons why, and the most common ones are explained below.
Check the SSH key in use
You can get more details about which key is being used by adding the “verbose” flag -v
to your SSH command:
ssh -v YOUR_SERVICE@ssh.YOUR_REGION.render.com
[...]
debug1: identity file /Users/YOUR_NAME/.ssh/id_ed25519 type 3
debug1: identity file /Users/YOUR_NAME/.ssh/id_ed25519-cert type -1
[...]
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/YOUR_NAME/.ssh/id_ed25519
[...]
Permission denied (publickey).
Check the key attached to your Render account
-
List any keys you have loaded into the ssh-agent.
ssh-add -l
This should should print out a long string of numbers and letters.
256 SHA256:SSH_KEY_FINGERPRINT YOUR_NAME@YOUR_HOST (ED25519)
-
Open your settings page in the Dashboard and find the list of SSH public keys.
-
Compare the list of SSH keys with the output from the
ssh-add
command.
If you don’t see your public key listed, you can add it to your account.
Avoid RSA keys
If you are using OpenSSH v8.8 or above (for example with macOS Ventura), you will not be able to use RSA keys on Render. This is because the support for RSA signatures using the SHA-1 hash algorithm has proven to be insecure. We recommend using an Ed25519 key instead.
-
Check your version of OpenSSH to see if it’s version is 8.8 or up.
ssh -V OpenSSH_8.8p1, OpenSSL 1.1.1m 14 Dec 2021
-
Check if you are using an RSA key.
ssh-keygen -l -f ${PATH_TO_KEY} 3072 SHA256:SSH_KEY_FINGERPRINT YOUR_NAME@YOUR_HOST (RSA)
-
Try to ssh using your key by adding the “verbose” flag
-v
to your SSH command. If you see a message stating that there is “no mutual signature algorithm” you will not be able to use your RSA key.ssh -v YOUR_SERVICE@ssh.YOUR_REGION.render.com [...] debug1: Offering public key: YOUR_NAME@YOUR_HOST RSA SHA256:SSH_KEY_FINGERPRINT agent debug1: send_pubkey_test: no mutual signature algorithm [...]