Question

Another Permission Denied (Public Key) error

Posted May 9, 2021 98 views
UbuntuDokku

I am on the process of cloning the ghost open blog cms, theres an option to run a vps through digital ocean. Choosing this method the droplet is created. Next step is to login as root@XXXXX

While doing so I got the dreaded Permission denied (public key). I re-created the ssh keys and updated in digital ocean but that didn’t solve the issue.

While running ssh -v root@xxxx command the output was as follows:

OpenSSH8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh
config
debug1: /etc/ssh/sshconfig line 47: Applying options for *
debug1: Connecting to xxx [xxx] port 22.
debug1: Connection established.
debug1: identity file /Users/dad/.ssh/id
rsa type 0
debug1: identity file /Users/dad/.ssh/idrsa-cert type -1
debug1: identity file /Users/dad/.ssh/id
dsa type -1
debug1: identity file /Users/dad/.ssh/iddsa-cert type -1
debug1: identity file /Users/dad/.ssh/id
ecdsa type -1
debug1: identity file /Users/dad/.ssh/idecdsa-cert type -1
debug1: identity file /Users/dad/.ssh/id
ed25519 type -1
debug1: identity file /Users/dad/.ssh/ided25519-cert type -1
debug1: identity file /Users/dad/.ssh/id
xmss type -1
debug1: identity file /Users/dad/.ssh/idxmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH
8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH8.2p1 Ubuntu-4ubuntu0.2
debug1: match: OpenSSH
8.2p1 Ubuntu-4ubuntu0.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to xxx as ‘root’
debug1: SSH2MSGKEXINIT sent
debug1: SSH2MSGKEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2MSGKEXECDHREPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ecNEC3rocsntZyTMyGGH7MHfMoMufrPOmG8hPRgkwzs
debug1: Host 'xxx’ is known and matches the ECDSA host key.
debug1: Found key in /Users/dad/.ssh/knownhosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2
MSGNEWKEYS sent
debug1: expecting SSH2
MSGNEWKEYS
debug1: SSH2
MSGNEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/dad/.ssh/id
rsa RSA SHA256:/2EjDyRz3HYYyLqEegdjzEy2PfgIGnMNXvwbPzMgRqg
debug1: Will attempt key: /Users/dad/.ssh/iddsa
debug1: Will attempt key: /Users/dad/.ssh/id
ecdsa
debug1: Will attempt key: /Users/dad/.ssh/ided25519
debug1: Will attempt key: /Users/dad/.ssh/id
xmss
debug1: SSH2MSGEXTINFO received
debug1: kex
inputextinfo: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2MSGSERVICEACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/dad/.ssh/id
rsa RSA SHA256:/2EjDyRz3HYYyLqEegdjzEy2PfgIGnMNXvwbPzMgRqg
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/dad/.ssh/iddsa
debug1: Trying private key: /Users/dad/.ssh/id
ecdsa
debug1: Trying private key: /Users/dad/.ssh/ided25519
debug1: Trying private key: /Users/dad/.ssh/id
xmss
debug1: No more authentication methods to try.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi there,

Once you update your SSH key and add it to your DigitalOcean account, for all of your old Droplets you would need to also add the key to the ~/.ssh/authrozied_keys file in order to be able to use it.

You can follow the steps on how to do that here:

https://docs.digitalocean.com/products/droplets/resources/lost-ssh-key

Let me know how it goes!
Regards,
Bobby

  • Hi, thanks for your response.

    I am following the instructions in the link you provided. I’m able to reset the password and a new password is emailed to me.

    I enter the information on the console, prompted to create a new password, which I do. Then I get redirected back to re-enter the login and password.

    I use root as login and enter the password I just created, however, I receive a login incorrect. It seems I cannot get access to the droplet at all nor the ssh config file…

    • Hi there,

      Do you get any errors when you try to set the new password? If so could you possibly share the error here?

      Regards,
      Bobby

      • Hi,

        I have been able to solve this and will explain what I did in order to solve this.

        My issue was my password was not being accepted even after resetting the password in the droplet.

        “Password not accepted in the console” info can be found here https://docs.digitalocean.com/products/droplets/resources/troubleshooting-ssh/authentication/

        I followed the Boot into the Recovery process linked here: https://docs.digitalocean.com/products/droplets/resources/recovery-iso/#boot-into-the-recovery-iso

        • Power down or stop droplet
        • Select boot from recovery ISO
        • Turned on the droplet again
        • clicked the console

        At this stage I was present with a list of options.

        1. Mount your Disk Image [Not Mounted]
        2. Check Filesystem
        3. Reset Droplet Root Password
        4. Configure Keyboard
        5. Attempt to ‘chroot’ into installed system
        6. Interactive Shell [/bin/bash] Choose (1-6) and press Enter to continue.
        • I selected option 1, then 3, followed by 6.
        • After this I powered off the droplet and selected boot from hard drive.

        • Accessing the console I was able to login and enter the password which was accepted and the ghost install began and completed successfully.

        I hope this helps anyone who is experiencing the same issue.

        • Hi there,

          Thank you for sharing the solution here with the community! And happy to hear that you’ve got it all working.

          Regards,
          Bobby