Scaleway DocumentationComputeInstancesTroubleshooting
I can't connect to my Instance via SSH

Jump toUpdate content

I can't connect to my Instance via SSH

Reviewed on 19 October 2021Published on 19 October 2021

Sometimes you may have a problem when connecting to your Instance. If you have followed the instructions in our document How-to connect to your Instance via SSH and are getting one of the following error messages, check out our solutions.

Permission denied (publickey)

You may try to connect to your Instance and see a message like the following:

marie-curie:/# ssh root@51.15.40.150
Permission denied (publickey)

In this case, the Instance rejected your attempt to connect. There is most probably a problem with the SSH key pair - either the public key on the Instance or the private key on your local machine, or both.

Check that the Instance has the correct public key

When you create your Instance, be sure to check at step 6 of the creation wizard that you are uploading a public key to which you have the corresponding private key on your local machine:

  • You can view and manage your public SSH keys from the credentials section of the console.
  • Credentials are specific to each Project of your Organization.
  • If you add a new public key to your project credentials after creating a new Instance, it will not automatically be uploaded to the existing Instance. Scaleway only uploads the public SSH keys specified at the time of the Instance’s creation. To add a new public SSH key after that point, you will need to connect to your Instance and add the additional public key yourself. Public keys are stored by default in ~/.ssh with a filename similar to id_rsa.pub

Check that you have the correct private key on your local machine

To connect to your remote Instance from your local machine, your local machine must have the corresponding private key to the Instance’s public key.

On Linux / Mac

By default, your SSH keys are stored on your local machine in the hidden .ssh folder of the home or root directory.

  1. Navigate to the directory on your local machine as follows:

    cd ~/.ssh
  2. List all the keys in the directory as follows:

    ls

    You should now see a list of all your keys. Public keys should have the .pub suffix, private keys do not have this suffix.

  3. Use cat <filename> to view the contents of a public key file. Alternatively use your favourite text editor, e.g. nano <filename>.

    Check that you have the corresponding private key to the public key you uploaded to your Instance.

On Windows

Check that you uploaded the correct public key to Putty:

  1. Open Putty.

  2. Navigate to Connection>SSH>Auth in the side menu.

  3. Check the file and path for the Private key file for authentication, using Browse to replace it if necessary.

Warning: Remote host identification has changed

You may try to connect to your Instance and see a message like the following:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Please contact your system administrator.
Add correct host key in /home/marie-curie/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/marie-curie/.ssh/known_hosts:24
remove with:
ssh-keygen -f "/home/marie-curie/.ssh/known_hosts" -R "51.15.40.150"
ECDSA host key for 51.15.40.150 has changed and you have requested strict checking.
Host key verification failed.

This may happen if you are connecting to a newly created Instance that has a flexible IP address you previously used to connect to a different Instance.

The warning message itself tells you how to solve this problem, in the following extract:

Add correct host key in /home/marie-curie/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/marie-curie/.ssh/known_hosts:24
remove with:
ssh-keygen -f "/home/marie-curie/.ssh/known_hosts" -R "51.15.40.150"
  1. Execute the following command in the terminal of your local machine, replacing the path and IP address with those shown in your own error message:

    ssh-keygen -f "/home/marie-curie/.ssh/known_hosts" -R "51.15.40.150"

    This deletes the key fingerprint from your known_hosts file. You should see a message similar to:

    # Host 51.15.40.150 found: line 24
    /home/marie-curie/.ssh/known_hosts updated.
    Original contents retained as /home/marie-curie/.ssh/known_hosts.old
  2. Try to connect to your Instance via SSH again. This time, the connection should be successful.