This error could indicate that the config did not complete successfully. 


To troubleshoot this issue you can run step ssh check-host <hostname>. This will return true or false to verify you have access to the host.


By default, step expects to find the .step/config path in your home directory. If the step config lives somewhere else, SSH will not apply the configuration correctly.


You can also run ssh <hostname> -vvv to get the verbose SSH output. This will usually provide visibility into the underlying issue. You can send log output to us with a support ticket. 


Windows users.  ssh-agent is enabled  by default.  You may see the following error in the verbose logs:  debug3: w32_getpeername ERROR: not sock :2


This could mean that don't have the ssh-agent running, you can check if its running ssh-add -l or step ssh list . If everything goes well and you have already authenticated you should see a line like:256 SHA256:xxx... sean@smallstep (ECDSA-CERT)


The instructions to install/enable ssh in windows are in https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement If you cannot get ssh-agent to work you can also login pointing to the key:


# Create a new certificate, this will create mykey, mykey-cert.pub, and mykey.pubstep
ssh certificate sean@smallstep mykey

# Connect ssh using mykey and mykey-cert.pub 
ssh -i mykey myhost.foo