This error could indicate that the config did not complete successfully.
To troubleshoot this issue you can run step ssh check-host <hostname>. This will return true or false to verify you have access to the host.
By default, step expects to find the .step/config path in your home directory. If the step config lives somewhere else, SSH will not apply the configuration correctly.
You can also run ssh <hostname> -vvv to get the verbose SSH output. This will usually provide visibility into the underlying issue. You can send log output to us with a support ticket.
Windows users. ssh-agent is enabled by default. You may see the following error in the verbose logs: debug3: w32_getpeername ERROR: not sock :2
This could mean that don't have the ssh-agent running, you can check if its running ssh-add -l or step ssh list . If everything goes well and you have already authenticated you should see a line like:256 SHA256:xxx... sean@smallstep (ECDSA-CERT)
The instructions to install/enable ssh in windows are in https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement If you cannot get ssh-agent to work you can also login pointing to the key:
# Create a new certificate, this will create mykey, mykey-cert.pub, and mykey.pub step ssh certificate sean@smallstep mykey # Connect ssh using mykey and mykey-cert.pub ssh -i mykey myhost.foo