Hugo Site Deployment Failed due to Host Key Verification

Briefly summarize the issues you have been experiencing.

Hugo deployment issue around theme submodule. Deployment keeps failing due to Host key verification failed.

Please provide a link to your live site hosted on Netlify

Not up yet due to failed deployment.

What have you tried as far as troubleshooting goes? Do you have an idea what is causing the problem?

I have tried making the repo public, doubled checked Netlify github permissions are set appropriately, and repo set up appropriately as well.

Do you have any other information that is relevant, such as links to docs, libraries, or other resources?

As I suggested to a gentleman using Gatsby, I urge you to use GitLab instead Of GitHub. Their integration is right and smooth. I’ve never encountered problems. :+1:t3:

1 Like

What is the content of the .gitmodules file in your projects root directory?

I’m guessing you originally added the submodule for the theme using the ssh/ method, and for some reason, Netlify hasn’t got the right encryption keys to connect to github via ssh. I reckon you should try using https for the submodule (on your local machine) and then see how netlify goes at downloading the theme.


Hi Dan,

This was exactly the issue. I had the .gitmodule pointing to ssh. Once I changed it to https deploys now.

So many thanks on this, was troubleshooting things for hours.

Best Regards,


1 Like

We have also added using the HTTPS format for public submodules to this similar community topic here:

Is there a reason cloning public repos via ssh isn’t possible? I may be naive here, but it seems like the netlify build server should be able to clone a public repo over ssh.

Hi, @AaronNBrock. It could if we still had a valid SSH key to connect to GitHub with. However, after the repo is cloned, our build image immediately forgets the SSH key required for GitHub access. This means that SSH based cloning (even of public repos) will fail. The HTTPS method requires no SSH key and it will still work if the repo is public.

Why do we drop the SSH key after cloning? It is a security measure so that if your site build were somehow to include malicious code, that code wouldn’t be able to steal the SSH key information.

If you do require SSH cloning of private repositories after the initial clone, that can be done. There is documentation about that process here: