Troubleshoot SSH
Back to home
On this page
While trying to use SSH, you may get a response indicating permission is denied. Or if you get an error with a code of 255, it means there’s a problem with your SSH connection.
The command failed with the exit code: 255
There are several places to check to try to solve such issues.
Check your environment
If your environment is inactive or the deployment has failed,
you can’t log in to it.
To make sure the environment is active and the deployment has succeeded,
check it using upsun environment:list
or in the Console .
Redeploy your environment
If you have just added your SSH key or made changes to access rules, you need to redeploy your environment before you can access it using SSH keys. You can do this in the Console, by running upsun redeploy
, or by pushing an empty git commit:
git commit --allow-empty -m 'chore: force redeploy'
git push origin main
Check your public key
Make sure your public key has been uploaded to your user account. Check it in the Upsun Console.
SSH key can not be duplicated
A given SSH key pair can only be linked to a single user account.
If you add an already used SSH key to another account, you see the error: SSH key can not be duplicated
.
Generate a new pair of SSH keys for the second user account you want to add.
Check your SSH agent
Check that your key is properly added to your SSH agent. This is an authentication agent that manages your private key.
-
Run
ssh-add -l
in your terminal:ssh-add -l
You get output similar to the following:
2048 12:b0:13:83:7f:56:18:9b:78:ca:54:90:a7:ff:12:69 /Users/your_username/.ssh/id_rsa (RSA)
-
Check that the file exists and that the file name or comment matches your private key file.
-
If you don’t see your private key file, add your private key:
ssh-add path-to-your-key
Specify your identity file
If your identity (SSH key) associated with Upsun isn’t in a default file name (as may be explained in your SSH software manual, for example), you may have to append a specification like the one below so that the SSH software finds the correct key.
Host platform.sh
IdentityFile ~/.ssh/id_upsun
Be aware that, above, upsun
stands for a hostname.
Each different hostname you connect to Upsun at may have to be specified in the host line, separated by spaces.
Check your Git integrations
If your project is integrated with another Git provider (such as GitHub), that provider controls Git operations. Make sure you have added your public SSH key to your provider and that your user there has access.
Generate SSH debug information
If your private key and public key both look OK but you don’t have any luck logging in, print debugging information. These lines often give clues about what’s going wrong.
Run the SSH command with the -v
option, like so:
ssh -v [SSH-URL]
You get output similar to the following:
OpenSSH_6.7.8, OpenSSL 1.2.3 1 Sep 2014
debug1: Connecting to ssh.eu.upsun.com [54.32.10.98] port 22.
debug1: Connection established.
debug1: identity file /Users/your_username/.ssh/id_rsa type 1
...(many more lines of this light reading)...
debug1: Offering RSA public key: /Users/your_username/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Alternatively, you can run the following command:
GIT_SSH_COMMAND="ssh -v" git clone REPO_URL
You can use this information to make one last check of the private key file.
MFA-related error message
If you haven’t enabled MFA on your user account and try to SSH into an environment that is protected by MFA, you get the following error message:
Error: Access denied
Service: abcdefg123456-main-bvxea6i--app
User: USER NAME (USER ID)
Parameters: {"amr":["mfa"]}
Detail: Additional authentication is required:
- Multi-factor authentication (MFA)
To solve this, enable MFA on your user account.
Alternatively, open the Console and select the desired organization. Follow the instructions so you can effectively access its contents.
Similarly for bot users and CLI tokens, you may see the message:
[RequestException]
Multi-factor authentication (MFA) is required.
The API token may need to be re-created after enabling MFA.
In this case, as described, it will be necessary to:
- Enable MFA on the (bot) user account associated with the token.
- Generate a new access token, and then replace its value in your workflow that requires the token (such as updating a GitHub workflow secret variable).
Something still wrong?
For more general information, see how to troubleshoot development.
If you’re still stuck, open a support ticket and provide the full SSH debug information.