The "no such identity" error occurs when SSH cannot find the private key file specified in your SSH configuration or command. This typically happens when the key file doesn't exist, has been moved, or the path is incorrect. Resolving this requires verifying the key file exists and fixing its path.
When SSH (or tools using SSH like Git, rsync, or Terraform) attempts to authenticate with a remote server, it tries to load private keys from locations specified in your SSH configuration or command-line arguments. This error appears when SSH looks for a key file at the specified path and finds nothing—either the file was deleted, moved to a different location, the path is incorrect, or you haven't generated SSH keys yet. The error is typically harmless when it appears during connection attempts (SSH tries multiple configured keys), but if it's the only authentication method available, the connection will fail. In verbose SSH output (using -v flag), you'll see this as a "debug3" message for each missing key it tries.
List all files in your .ssh directory to see what keys are available:
ls -la ~/.ssh/You should see files like:
- id_rsa and id_rsa.pub (RSA keys)
- id_ed25519 and id_ed25519.pub (Ed25519 keys - modern, recommended)
- id_ecdsa and id_ecdsa.pub (ECDSA keys)
If you see the key file you need, the issue is a path problem (see next steps). If no keys exist, generate new ones.
If no keys exist, generate a new key pair using ssh-keygen:
# Generate Ed25519 key (modern, recommended)
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N ""
# Or if you need RSA compatibility:
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N ""Explanation:
- -t ed25519 - Key type (Ed25519 is faster, smaller, and more secure than RSA)
- -f ~/.ssh/id_ed25519 - Full path where to save the key
- -N "" - No passphrase (empty string). For security, consider using a passphrase instead
After generation, verify the keys were created:
ls -la ~/.ssh/id_*If your keys exist but SSH can't find them, the path in ~/.ssh/config might be wrong.
Edit your SSH config:
nano ~/.ssh/configLook for IdentityFile entries and ensure they use absolute paths starting with ~/ or full paths:
# WRONG - relative path
Host github.com
IdentityFile id_rsa
# CORRECT - absolute path with ~
Host github.com
IdentityFile ~/.ssh/id_rsa
AddKeysToAgent yes
IdentitiesOnly yesMake sure:
- Use ~/.ssh/keyname not just keyname
- Match the actual filename in your .ssh directory
- Set proper permissions on the config file:
chmod 600 ~/.ssh/config
chmod 700 ~/.sshIf specifying the key with -i flag, ensure the path is correct:
# WRONG - file not found
ssh -i id_rsa [email protected]
ssh -i /home/user/.ssh/id_rsa [email protected] # (if path doesn't match actual location)
# CORRECT
ssh -i ~/.ssh/id_rsa [email protected]
ssh -i /full/path/to/.ssh/id_rsa [email protected]For Git, if cloning with SSH, add your key:
git clone -i ~/.ssh/id_rsa [email protected]:user/repo.gitOr configure Git to use a specific key:
git config --global core.sshCommand "ssh -i ~/.ssh/id_rsa"Using ssh-add makes your key available to all SSH clients without specifying -i each time:
# Add key to agent
ssh-add ~/.ssh/id_rsa
# Or for Ed25519:
ssh-add ~/.ssh/id_ed25519
# List keys currently in agent
ssh-add -l
# Add all keys from ~/.ssh (if they follow standard naming)
ssh-addIf the key is password-protected, ssh-add will prompt you once per session. After adding, SSH and Git will automatically use this key.
On macOS, you can also use the keychain:
ssh-add --apple-use-keychain ~/.ssh/id_rsaSSH is strict about file permissions for security reasons. Incorrect permissions can make SSH ignore key files.
Check permissions:
ls -l ~/.ssh/id_rsaShould show: -rw------- 1 user group (permissions 600)
Fix if needed:
# Fix key file permissions
chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa.pub
# Fix .ssh directory permissions
chmod 700 ~/.ssh
# Verify
ls -la ~/.ssh/If permissions are wrong, SSH silently ignores the key, which manifests as the "no such identity" error in debug output.
If you recently moved or copied SSH keys, check all places they might be referenced:
1. Check SSH config entries:
grep -n "IdentityFile" ~/.ssh/config2. Check Git config (if using Git):
git config --global core.sshCommand3. Check environment variables:
echo $SSH_AUTH_SOCK # SSH agent socket
echo $SSH_PRIVATE_KEY # Sometimes used in CI/CD4. Check CI/CD or deployment configurations if this is in a pipeline context (GitHub Actions, GitLab CI, etc.)
Update all references to point to the new location of your keys.
SSH Agent Forwarding: If connecting through a bastion host or jump server, use SSH Agent forwarding (-A flag or ForwardAgent yes in config). This allows the destination server to use your local keys without copying them.
SELinux/AppArmor Issues: On servers with mandatory access control (CentOS/RHEL with SELinux, or Ubuntu with AppArmor), SSH might not be able to read authorized_keys or other files. Check with sudo dmesg | grep apparmor or sudo audit2why if SSH hangs or fails unexpectedly.
Windows/WSL Considerations: On Windows Subsystem for Linux, SSH keys should be stored in the WSL filesystem (not Windows), and should have 600 permissions. Using Windows-native keys often causes "no such identity" errors.
Ed25519 vs RSA: Modern systems prefer Ed25519 keys (smaller, faster, equally secure). Some older systems only support RSA. If a server rejects your Ed25519 key, try generating an RSA key as fallback.
Debugging with Verbose Output: Use ssh -vvv (triple verbose) to see exactly which identity files SSH tries and which one it finds. This is invaluable for troubleshooting path issues:
ssh -vvv [email protected] 2>&1 | grep -i identityLoad key "/home/user/.ssh/id_rsa": invalid format
How to fix 'Load key invalid format' in SSH
Bad owner or permissions on /home/user/.ssh/config
How to fix "Bad owner or permissions on .ssh/config" in SSH
Error connecting to agent: Connection refused
How to fix "Error connecting to agent: Connection refused" in SSH
Connection closed by UNKNOWN port 65535
How to fix 'Connection closed by UNKNOWN port 65535' in SSH
Offending ECDSA key in /home/user/.ssh/known_hosts:line
How to fix "Offending ECDSA key in known_hosts" in SSH