diff --git a/src/scmrepo/exceptions.py b/src/scmrepo/exceptions.py
index d597fdb9..1bae5fed 100644
--- a/src/scmrepo/exceptions.py
+++ b/src/scmrepo/exceptions.py
@@ -27,7 +27,7 @@ def __init__(self, url: str) -> None:
 class AuthError(SCMError):
     def __init__(self, url: str) -> None:
         self.url = url
-        super().__init__(f"HTTP Git authentication is not supported: '{url}'")
+        super().__init__(f"Authentication failed for: '{url}'")
 
 
 class CloneError(SCMError):
diff --git a/src/scmrepo/git/backend/dulwich/__init__.py b/src/scmrepo/git/backend/dulwich/__init__.py
index a054a36a..5868de50 100644
--- a/src/scmrepo/git/backend/dulwich/__init__.py
+++ b/src/scmrepo/git/backend/dulwich/__init__.py
@@ -531,8 +531,8 @@ def iter_remote_refs(self, url: str, base: Optional[str] = None, **kwargs):
                 yield from (os.fsdecode(ref) for ref in client.get_refs(path))
         except NotGitRepository as exc:
             raise InvalidRemote(url) from exc
-        except HTTPUnauthorized:
-            raise AuthError(url)
+        except HTTPUnauthorized as exc:
+            raise AuthError(url) from exc
 
     def get_refs_containing(self, rev: str, pattern: Optional[str] = None):
         raise NotImplementedError
@@ -616,8 +616,8 @@ def update_refs(refs):
         except (NotGitRepository, SendPackError) as exc:
             src = [lh for (lh, _, _) in selected_refs]
             raise SCMError(f"Git failed to push '{src}' to '{url}'") from exc
-        except HTTPUnauthorized:
-            raise AuthError(url)
+        except HTTPUnauthorized as exc:
+            raise AuthError(url) from exc
         return change_result
 
     def fetch_refspecs(
diff --git a/src/scmrepo/git/backend/dulwich/asyncssh_vendor.py b/src/scmrepo/git/backend/dulwich/asyncssh_vendor.py
index b986b3dd..05f50576 100644
--- a/src/scmrepo/git/backend/dulwich/asyncssh_vendor.py
+++ b/src/scmrepo/git/backend/dulwich/asyncssh_vendor.py
@@ -5,6 +5,7 @@
 from dulwich.client import SSHVendor
 
 from scmrepo.asyn import BaseAsyncObject, sync_wrapper
+from scmrepo.exceptions import AuthError
 
 if TYPE_CHECKING:
     from asyncssh.connection import SSHClientConnection
@@ -160,17 +161,20 @@ async def _run_command(
             MSG_USERAUTH_PK_OK
         ] = _process_public_key_ok_gh
 
-        conn = await asyncssh.connect(
-            host,
-            port=port if port is not None else (),
-            username=username if username is not None else (),
-            password=password if password is not None else (),
-            client_keys=[key_filename] if key_filename else (),
-            ignore_encrypted=not key_filename,
-            known_hosts=None,
-            encoding=None,
-        )
-        proc = await conn.create_process(command, encoding=None)
+        try:
+            conn = await asyncssh.connect(
+                host,
+                port=port if port is not None else (),
+                username=username if username is not None else (),
+                password=password if password is not None else (),
+                client_keys=[key_filename] if key_filename else (),
+                ignore_encrypted=not key_filename,
+                known_hosts=None,
+                encoding=None,
+            )
+            proc = await conn.create_process(command, encoding=None)
+        except asyncssh.misc.PermissionDenied as exc:
+            raise AuthError(f"{username}@{host}:{port or 22}") from exc
         return AsyncSSHWrapper(conn, proc)
 
     run_command = sync_wrapper(_run_command)