CoreOS / Docker “$ fleetctl satus my.service” - ssh: handshake failed

  • Posted January 5, 2015

Digging in to CoreOS clusters with Docker and have come upon a SSH issue while trying to learn how to work with fleet. Deploying, running services etc goes well. SSH auth problem occure when executing status on fleetctl.

$ fleetctl status hello.service
The authenticity of host 'x.x.x.x.200' can't be established.
RSA key fingerprint is xx:xx:xx:0d:b3:6b:d6:74:a5:59:03:4f:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'x.x.x.200' (RSA) to the list of known hosts.
Error running remote command: ssh: handshake failed: ssh: unable to authenticate, 
attempted methods [publickey none], no supported methods remain

Understand that this is not a specific problem for fleet, but that am missing a correct ssh key change for my cluster.

Is there any smooth way to set this up or any article that describes the process to get ssh key change to work within my server cluster?

Did look for information but nothing felt really solid and i guess this is something that i want to get 100% correct in my CoreOS cluster setup.


Finally solved this with the correct cloud-config ssh_authorized_keys settings and login with the correct authentication forwarding.

1: in cloud-config placed my public key (~/.ssh/ :

hostname: blablabla
    - "ssh-rsa AAAAB3NzaC1yc2E... aldwinin@myos"
  - name: "core"
    passwd: "$1$Q3...4w/"
      - "sudo"
      - "docker"
      - "ssh-rsa AAAAB3NzaC1yc2E... aldwinin@myos"

2: add sshkey

$ ssh-add ~/.ssh/id_rsa
$ ssh-add -l     # check if key is available now
$ ssh -A  core@   #coreos ip

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

For me this solution worked:

That usually means that you didn’t correctly forward your user agent info when connecting to your CoreOS host.

On your home computer, start your agent by typing:

eval $(ssh-agent)

Then, add your private key to the agent by typing:


When you connect to your CoreOS host, pass the -A flag to forward your user agent info so that you can connect to the other cluster members from the one you are logged into:

ssh -A core@host

The commands should function correctly afterwards.