Troubleshooting SSH

How to check that a key is being used

You can get more details about which key is being used by adding the “verbose” flag -v to your SSH command:

ssh -v YOUR_SERVICE@ssh.YOUR_REGION.render.com
[...]
debug1: identity file /Users/YOUR_NAME/.ssh/id_ed25519 type 3
debug1: identity file /Users/YOUR_NAME/.ssh/id_ed25519-cert type -1
[...]
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/YOUR_NAME/.ssh/id_ed25519
[...]
Permission denied (publickey).

Checking that a key is attached to your Render account

  1. List any keys you have loaded into the ssh-agent.

    ssh-add -l

    This should should print out a long string of numbers and letters.

    256 SHA256:SSH_KEY_FINGERPRINT YOUR_NAME@YOUR_HOST (ED25519)
  2. Open your settings page in the Dashboard and find the list of SSH public keys.

  3. Compare the list of SSH keys with the output from the ssh-add command.

If you don’t see your public key listed, you can add it to your account.

RSA key not connecting

Currently, if you are using OpenSSH 8.8 and up you will not be able to use RSA keys on Render. In this case, we recommend that you use an Ed25519 key instead.

  1. Check your version of OpenSSH to see if it’s version is 8.8 or up.

    ssh -V
    OpenSSH_8.8p1, OpenSSL 1.1.1m  14 Dec 2021
  2. Check if you are using an RSA key.

    ssh-keygen -l -f ${PATH_TO_KEY}
    3072 SHA256:SSH_KEY_FINGERPRINT YOUR_NAME@YOUR_HOST (RSA)
  3. Try to ssh using your key by adding the “verbose” flag -v to your SSH command. If you see a message stating that there is “no mutual signature algorithm” you will not be able to use your RSA key.

    ssh -v YOUR_SERVICE@ssh.YOUR_REGION.render.com
    [...]
    debug1: Offering public key: YOUR_NAME@YOUR_HOST RSA SHA256:SSH_KEY_FINGERPRINT agent
    debug1: send_pubkey_test: no mutual signature algorithm
    [...]
  4. Generate an Ed25519 ssh key and add it to your account.