This error could indicate that the config did not complete successfully. 

To troubleshoot this issue you can run step ssh check-host <hostname>. This will return true or false to verify you have access to the host.

By default, step expects to find the .step/config path in your home directory. If the step config lives somewhere else, SSH will not apply the configuration correctly.

You can also run ssh <hostname> -vvv to get the verbose SSH output. This will usually provide visibility into the underlying issue. You can send log output to us with a support ticket. 

Windows users.  ssh-agent is enabled  by default.  You may see the following error in the verbose logs:  debug3: w32_getpeername ERROR: not sock :2

This could mean that don't have the ssh-agent running, you can check if its running ssh-add -l or step ssh list . If everything goes well and you have already authenticated you should see a line like:256 SHA256:xxx... sean@smallstep (ECDSA-CERT)

The instructions to install/enable ssh in windows are in If you cannot get ssh-agent to work you can also login pointing to the key:

# Create a new certificate, this will create mykey,, and mykey.pubstep
ssh certificate sean@smallstep mykey

# Connect ssh using mykey and 
ssh -i mykey