This error occurs when Git tries to sign a commit using an SSH key that doesn't exist at the configured path. The fix involves verifying the key file path in your Git configuration and ensuring the SSH signing key actually exists.
This error indicates that Git is configured to sign commits or tags using an SSH key, but the key file specified in your `user.signingkey` configuration cannot be found at the expected location. When you enable SSH commit signing in Git (by setting `gpg.format = ssh`), Git uses ssh-keygen to sign commits instead of GPG. The `user.signingkey` setting should point to your SSH key file. If this file doesn't exist, has been moved, deleted, or if the path is misconfigured, ssh-keygen will fail with this "Load key... No such file or directory" error. This is different from SSH authentication errors (used for pushing/pulling). SSH signing keys are specifically used to cryptographically sign commits to prove authorship, which platforms like GitHub and GitLab can verify.
First, see what Git has configured for signing:
# Check signing-related configuration
git config --global --get gpg.format
git config --global --get user.signingkey
# Or see all signing config
git config --global --list | grep -E "(gpg|signing)"Expected output for SSH signing:
gpg.format=ssh
user.signingkey=/home/user/.ssh/id_ed25519.pubNote the path shown in user.signingkey - this is where Git expects to find your signing key.
Check if the key file actually exists at the configured location:
# Replace with your actual configured path
ls -la ~/.ssh/id_ed25519.pub
# Or check the exact path from config
KEY_PATH=$(git config --global --get user.signingkey)
ls -la "$KEY_PATH"If the file doesn't exist, you either need to:
1. Generate a new SSH key (Step 3)
2. Update the config to point to an existing key (Step 4)
If using tilde (~) in the path, verify it expands correctly:
# This should show your home directory
echo ~
# Test if the path resolves
ls -la $(git config --get user.signingkey)If you don't have an SSH key for signing, create one:
# Generate a new Ed25519 key (recommended)
ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/signing_key
# Or use an existing key by noting its path
ls ~/.ssh/*.pubYou can use the same key for both authentication and signing, or create a dedicated signing key.
Note: For SSH signing, you can point to either the public key (.pub) or the private key. When using ssh-agent, the public key is used to identify which private key to use for signing.
Set the correct path to your SSH signing key:
# Point to your public key file (recommended when using ssh-agent)
git config --global user.signingkey ~/.ssh/id_ed25519.pub
# Or use absolute path if tilde expansion is problematic
git config --global user.signingkey /home/username/.ssh/id_ed25519.pub
# Verify the change
git config --global --get user.signingkeyImportant: Make sure gpg.format is set to ssh:
git config --global gpg.format sshAlternative: Use ssh-agent default key:
# Use whatever key is loaded in ssh-agent
git config --global gpg.ssh.defaultKeyCommand "ssh-add -L"The ssh-agent must be running and have your signing key loaded:
# Start ssh-agent if not running
eval "$(ssh-agent -s)"
# Add your signing key to the agent
ssh-add ~/.ssh/id_ed25519
# Verify the key is loaded
ssh-add -lFor persistent agent on login (add to ~/.bashrc or ~/.zshrc):
# Start ssh-agent if not already running
if [ -z "$SSH_AUTH_SOCK" ]; then
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
fiOn macOS, use Keychain:
ssh-add --apple-use-keychain ~/.ssh/id_ed25519Verify that signing now works:
# Create a test commit with explicit signing
git commit --allow-empty -S -m "Test signed commit"
# If auto-signing is enabled, a regular commit should work
git commit --allow-empty -m "Test auto-signed commit"To verify the signature:
# Show signature on last commit
git log --show-signature -1
# Or use git verify-commit
git verify-commit HEADFor signature verification to work, you need an allowed_signers file:
# Create allowed_signers file
echo "$(git config --get user.email) $(cat ~/.ssh/id_ed25519.pub)" >> ~/.ssh/allowed_signers
# Tell Git about it
git config --global gpg.ssh.allowedSignersFile ~/.ssh/allowed_signersIf you previously used GPG signing, there may be conflicting settings:
# Check if gpg.format is correctly set to ssh
git config --global --get gpg.format
# If it shows nothing or 'openpgp', set it to ssh
git config --global gpg.format ssh
# Check for local repository overrides
git config --local --list | grep -E "(gpg|signing)"To remove conflicting local settings:
# Unset local signing config to use global
git config --local --unset user.signingkey
git config --local --unset gpg.formatCommon issue: If user.signingkey contains a GPG key ID (like ABC123DEF456) instead of a file path, Git will look for a file with that name:
# Wrong (GPG key ID, not a path)
user.signingkey = ABC123DEF456
# Correct (file path for SSH signing)
user.signingkey = ~/.ssh/id_ed25519.pubFor platforms to verify your signed commits, register your public key:
# Copy your public key
cat ~/.ssh/id_ed25519.pubFor GitHub:
1. Go to Settings > SSH and GPG keys
2. Click "New SSH key"
3. Select "Signing Key" as the key type
4. Paste your public key
5. Click "Add SSH key"
Note: You can use the same SSH key for both authentication and signing, but you must add it twice - once as an "Authentication Key" and once as a "Signing Key".
For GitLab:
1. Go to Preferences > SSH Keys
2. Paste your public key
3. Select "Signing" under Usage type
4. Click "Add key"
After registering, your signed commits will show as "Verified" on the platform.
### SSH Signing vs GPG Signing
SSH signing (available since Git 2.34) is simpler than GPG signing:
- Uses your existing SSH keys
- No separate GPG keyring to manage
- Easier to set up in CI/CD environments
However, GPG signing offers:
- Key revocation capabilities
- Web of trust
- Key expiration dates
- Better integration with email signing
### Using key:: Prefix for Inline Keys
Instead of a file path, you can embed the public key directly:
git config --global user.signingkey "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... [email protected]"This avoids file path issues but makes the key less portable across machines.
### Debugging SSH Signing
Enable Git tracing to see what's happening:
GIT_TRACE=1 git commit -S -m "debug commit"Look for lines showing:
- Which signing program is being used
- What key path is being loaded
- The actual ssh-keygen command being executed
### Version Requirements
SSH commit signing requires:
- Git 2.34.0 or later
- OpenSSH 8.1 or later (avoid 8.7 which has a signing bug)
Check your versions:
git --version
ssh -V### Different Keys for Different Repositories
Use conditional includes in ~/.gitconfig:
[includeIf "gitdir:~/work/"]
path = ~/.gitconfig-work
[includeIf "gitdir:~/personal/"]
path = ~/.gitconfig-personalThen in ~/.gitconfig-work:
[user]
signingkey = ~/.ssh/work_key.pub### CI/CD Considerations
For signing commits in CI/CD:
1. Store the private key as a secret
2. Create the key file at runtime:
echo "$SSH_SIGNING_KEY" > ~/.ssh/signing_key
chmod 600 ~/.ssh/signing_key3. Configure Git:
git config user.signingkey ~/.ssh/signing_key
git config gpg.format ssh### Windows Path Considerations
On Windows, use forward slashes or escape backslashes:
# Forward slashes (recommended)
git config --global user.signingkey C:/Users/username/.ssh/id_ed25519.pub
# Or escaped backslashes
git config --global user.signingkey "C:\\Users\\username\\.ssh\\id_ed25519.pub"kex_exchange_identification: Connection closed by remote host
Connection closed by remote host when connecting to Git server
fatal: unable to access: Proxy auto-configuration failed
How to fix 'Proxy auto-configuration failed' in Git
fatal: unable to access: Authentication failed (proxy requires basic auth)
How to fix 'Authentication failed (proxy requires basic auth)' in Git
fatal: unable to access: no_proxy configuration not working
How to fix 'no_proxy configuration not working' in Git
fatal: unable to read tree object in treeless clone
How to fix 'unable to read tree object in treeless clone' in Git