SSH public key won't send to server

A malformed authorized_keys file on the destination host is another reason ssh outputs the "we did not send a packet" message and asks for a password instead of using pubkey auth:-

debug1: Next authentication method: publickey
debug1: Offering RSA public key: ~/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method

The problem in this particular case was that the public key data, which had been pasted into .ssh/authorized_keys at the destination host, was missing its first character:-

sh-rsa AAAA...

The solution was simply to add the missing "s".

ssh-rsa AAAA...

And so:-

debug1: Next authentication method: publickey
debug1: Offering RSA public key: ~/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
...
debug1: Authentication succeeded (publickey).

Have a look at your ssh man page:

   -i identity_file
          Selects a file from which the identity (private key) for public
          key authentication is read.  The default is ~/.ssh/identity for
          protocol   version   1,   and  ~/.ssh/id_dsa,  ~/.ssh/id_ecdsa,
          ~/.ssh/id_ed25519 and ~/.ssh/id_rsa  for  protocol  version  2.
          Identity files may also be specified on a per-host basis in the
          configuration file.  It is possible to have multiple -i options
          (and  multiple  identities  specified  in configuration files).

or the ssh_config man page:

   IdentityFile
          Specifies a file from which the user's DSA, ECDSA,  ED25519  or
          RSA   authentication   identity   is   read.   The  default  is
          ~/.ssh/identity for  protocol  version  1,  and  ~/.ssh/id_dsa,
          ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for proto‐
          col version 2.  Additionally, any identities represented by the
          authentication  agent  will  be  used for authentication unless
          IdentitiesOnly is set.

You see, there are a few special file names which are tried if you do not specify a key. Those are also the files you see in your log output.

To use a key in a file with different name you have three options:

• specify the file explicitly using the above -i option.
• configure the file in your client config using the above IdentityFile option.
• add the key to your agent using ssh-add.

For interactive sessions the agent is the most flexible one. For your cron job the -i option is probably the easiest one.

This exact string of error messages in the question can also occur in the case of a miss-matched private/public key pair on the local side. No that doesn't make any sense but I just tore my hair out for a long time trying to figure out what was going on.

• Remote system A has .ssh/mykey.pub copied into .ssh/authorized_keys.
• Local system B has .ssh/mykey that is the correct private key to match system A's public key, but also has a .ssh/mykey.pub file that is a miss-match, possibly the previous version of a replaced key.

SSH from B to A (ssh -i mykey A)will fail with the messages in the question, most notably if you turn on -vv from the ssh client you'll see:

Trying private key: .ssh/mykey
we did not send a packet, disable method

This is a lie because the actual key wasn't tried, it apparently used the local public key file with the matching name to figure out if it was likely to work and then didn't actually do anything when they were a mismatch. No amount of debug information on either side really hints at the problem.