Question

Additional SSH Key not working

I created my private key and added it to the account using the Add SSH Key feature on https://cloud.digitalocean.com/account/security page. That works perfect - I can log in w/out any issues.

The problem is when I tried to do the exact same thing with another key (for a co-worker) and followed the same steps, but it doesn’t work.

login as: root

I get the following error: No supported authentication methods available (server sent:publickey.gssapi-keyex.gssapi-with-mic).

I’ve tried all the articles about the SSH keys with ditigalocean, added the key manually to the ~/.ssh/authorized_keys file, nothing works :(

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

stephaniesmi606March 25, 2020

Here are some steps you can take to troubleshoot this issue: Make sure the authorized_keys file and the private key itself have the correct permissions and ownership. Check that key-based authentication is allowed by the server. … If you’re using an OpenSSH client, be sure your private SSH key has the proper permissions.

KFSysMarch 25, 2020

Hi @srenert,

It’s possible the key provided is not actually correct. This will be my first guess. Please make sure the key provided is actually the .pub one and it does is correct.

Now that we’ve passed the standard stuff, let’s get going on the more interesting stuff.

Try to run the following command on the droplet and then connect from the computer/environment using the said key

/usr/sbin/sshd -d -p 2222

You should be able to connect and receive something like the following on your Droplet :

Authentication allowed

In this case, what you can do is temporarily stop the SSH daemon and replace it with one in debug mode. Don’t worry, stopping the SSH daemon won’t kill any existing connections. This means it’s possible to run this without being connected to the droplet’s Console but it’s somewhat risky. If the connection does get broken for any kind of reason, you’ll need to connect using your droplet’s console. Anyway, you can run the following

service ssh stop
/usr/sbin/sshd -d
#...debug output...
service ssh start

If it again runs with the debug mode being on, then for sure it’s the SELinux causing the issues, it’s most probably set to Enforcing. The .ssh dir will probably be mislabeled. Look at /var/log/audit/audit.log. Check with ls -laZ and then Run restorecon -r -v /path/to/users/.ssh.

Regards, KDSys