SSH public key authentication errors

In DeployHQ, a number of issues related to authenticating a server using SSH can result in the following message when attempting to add a server to your project :

"We couldn't access this server using the credentials you have provided. Have you uploaded the appropriate public key onto the server?"

If you are seeing this message, there are a number of things to check:

1) You have added the key from the following place within your project:


2) That the key has been added to ~/.ssh/authorized_keys on your server, for your deployment user.

3) Permissions of that directory and keys file are set as follows:

drwx------  8 adamwest  staff  256 21 Sep 14:00 /Users/adamwest/.ssh
-rw-------  1 adamwest  staff  1211 21 Nov 16:29 /Users/adamwest/.ssh/authorized_keys

If the permissions are incorrect, they can be modified using the following commands:

$ chmod 700 ~/.ssh/
$ chmod 600 ~/.ssh/authorized_keys

Please note that if you can connect locally via your own public key pair, it’s possible that your server accepts a different key format than what DeployHQ generates, which is RSA 2048 / 4096 bit. You can generate your own key locally and upload it as a custom key pair and use that to connect instead.

If you do upload a custom private key to your project, it will also need to be uploaded to any servers that you're connecting to in the same way as outlined above, as well as the repository host.

Further information

For additional information about SSH login failures, it's useful to check your authorisation log file, typically located within /var/log/auth.log on most Linux systems. It's recommended to run the following command to monitor this log while you test a connection from DeployHQ:

tail -f /var/log/auth.log

You may need to update your LogLevel to a high enough verbosity as well, to ensure that useful information is provided when testing. This is normally configured within /etc/ssh/sshd_config and the line will look like so:

LogLevel DEBUG

If you make any changes to the configuration, you will likely need to restart the sshd process for it to take effect.

Proudly powered by Katapult. Running on 100% renewable energy.