Question

Additional SSH Key not working

Posted March 24, 2020 126 views
DigitalOcean Accounts

I created my private key and added it to the account using the Add SSH Key feature on https://cloud.digitalocean.com/account/security page. That works perfect - I can log in w/out any issues.

The problem is when I tried to do the exact same thing with another key (for a co-worker) and followed the same steps, but it doesn’t work.

login as: root

I get the following error: No supported authentication methods available (server sent:publickey.gssapi-keyex.gssapi-with-mic).

I’ve tried all the articles about the SSH keys with ditigalocean, added the key manually to the ~/.ssh/authorized_keys file, nothing works :(

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hi @srenert,

It’s possible the key provided is not actually correct. This will be my first guess. Please make sure the key provided is actually the .pub one and it does is correct.

Now that we’ve passed the standard stuff, let’s get going on the more interesting stuff.

Try to run the following command on the droplet and then connect from the computer/environment using the said key

/usr/sbin/sshd -d -p 2222

You should be able to connect and receive something like the following on your Droplet :

Authentication allowed

In this case, what you can do is temporarily stop the SSH daemon and replace it with one in debug mode. Don’t worry, stopping the SSH daemon won’t kill any existing connections. This means it’s possible to run this without being connected to the droplet’s Console but it’s somewhat risky. If the connection does get broken for any kind of reason, you’ll need to connect using your droplet’s console. Anyway, you can run the following

service ssh stop
/usr/sbin/sshd -d
#...debug output...
service ssh start

If it again runs with the debug mode being on, then for sure it’s the SELinux causing the issues, it’s most probably set to Enforcing. The .ssh dir will probably be mislabeled. Look at /var/log/audit/audit.log. Check with ls -laZ and then Run restorecon -r -v /path/to/users/.ssh.

Regards,
KDSys

  • Why would my 1st key work fine though? Only the subsequent later keys (which are generated the same way) don’t....

    • Yes, in that case I would assume it’s the keys that are wrong.

      Additionally, you’ve mentioned it but can you confirm you are adding the keys to the file used by root

      /root/.ssh/authorized_keys
      

      Regards,
      KDSys

Here are some steps you can take to troubleshoot this issue: Make sure the authorized_keys file and the private key itself have the correct permissions and ownership. Check that key-based authentication is allowed by the server. … If you’re using an OpenSSH client, be sure your private SSH key has the proper permissions.

Submit an Answer