ssh -v: Debug SSH Connection Failures in CI
ssh -v prints each step of the connection and authentication, turning a vague SSH failure into a precise line that names the cause.
SSH failures in CI (publickey rejected, host key mismatch, connection refused) all look the same from the outside. ssh -v shows the negotiation step by step so you can see which key was offered, which was accepted, and where it broke.
What it does
ssh -v enables verbose debug output to stderr, logging the host key exchange, which identity files are tried, the authentication methods offered by the server, and the result of each. Adding more v flags (-vv, -vvv) increases the detail.
Common usage
ssh -v -i deploy_key user@host.example.com
# even more detail for auth problems
ssh -vvv -i deploy_key user@host.example.com
# combine with a forced command to test non-interactively
ssh -v -o BatchMode=yes user@host.example.com trueReading the output
| Log line | What it tells you |
|---|---|
| Offering public key: <file> | ssh is trying that identity |
| Authentications that can continue: publickey | Server accepts only key auth |
| Server accepts key | The offered key was accepted |
| No more authentication methods to try | Every method failed: wrong key or user |
In CI
Add -o BatchMode=yes so ssh never falls back to a password prompt that would hang a non-interactive job; it fails cleanly instead. The -v log shows whether your key was even offered: if it is not in the "Offering public key" lines, the wrong path or a permissions issue on the key file is the cause.
Common errors in CI
"Permission denied (publickey)" with -v shows whether the key was offered and rejected (wrong key or not authorized) or never offered (wrong path). "Load key ... bad permissions" or "UNPROTECTED PRIVATE KEY FILE" means the key file is group/world readable; chmod 600 it. "Host key verification failed" means an unknown or changed host key. "Connection refused" means sshd is not listening on that port.