SSH key authentication failure

What this failure means

An SSH operation (git clone, deploy, rsync) failed because the SSH key was not found, not loaded into the agent, or the remote host does not accept it.

Symptoms

Faultline looks for one or more of these log fragments:

Host key verification failed
no such identity
Authentication failed
ssh: handshake failed
ssh: connect to host
Warning: Permanently added
Pseudo-terminal will not be allocated

Diagnosis

An SSH operation (git clone, deploy, rsync) failed because the SSH key was not found, not loaded into the agent, or the remote host does not accept it.

Fix steps

1. Add the private key to CI secrets and load it: ssh-add <(echo "$SSH_PRIVATE_KEY").
2. Fix key permissions: chmod 600 ~/.ssh/id_rsa.
3. Add the host to known hosts: ssh-keyscan github.com >> ~/.ssh/known_hosts.
4. Verify the corresponding public key is added as a deploy key on the repository.
5. Use ssh -vT git@github.com to debug the handshake.

Validation

• Re-run the local reproduction command after the fix.
• ssh -vT git@github.com

Why it matters

CI jobs that need SSH access must either load the private key into ssh-agent or write it to ~/.ssh/id_rsa with correct permissions (chmod 600). A missing known-hosts entry also causes Host key verification failed even when the key is correct.

Prevention

• Use a dedicated deploy key per repository with read-only access where possible.
• Rotate deploy keys on a schedule and update CI secrets immediately.
• Use HTTPS with tokens instead of SSH where the provider supports it.

Try it locally

ssh -vT git@github.com

How Faultline detects it

Use faultline explain ssh-key-auth to see the full playbook.

faultline analyze build.log
faultline explain ssh-key-auth

Generated from playbooks/bundled/log/auth/ssh-key-auth.yaml. Do not edit directly.