Can Ssh from droplet but not locally

What I’ve done:

  1. I rebuilt my droplet using the same key.
  2. Setup my server following this

What I’m trying to do: I’m trying to log in locally using ssh

The problem: i get this error

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

just for the sake of trying i used sudo and got this error

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /var/root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /var/root/.ssh/known_hosts:1
ECDSA host key for has changed and you have requested strict checking.
Host key verification failed.

Ive tried:

My console sshd_config file has

PermitRootLogin yes

PasswordAuthentication yes -just noticed theres two in the file both uncommented

#PubkeyAuthentication yes

Locally its the same as above but just one PasswordAuthentication yes

my authorized keys has the key listed i can’t run ssh-copy-id so i did it manually this is the error i get when i do so

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: " ~/.ssh/"
The authenticity of host ' ' can't be established.
Are you sure you want to continue connecting (yes/no)? no
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
The authenticity of host ' ' can't be established.
ECDSA key fingerprint is 
Are you sure you want to continue connecting (yes/no)? no
/usr/bin/ssh-copy-id: ERROR: Host key verification failed.
ssh-keygen -R

doesn’t work either, this is ther error i get

Host not found in ~/.ssh/known_hosts

if anyone can help it would appreciate it very much as this is frustrating

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

When you login to a server for the first time with ssh-keys it will ask you if you want to fingerprint that server and if you say yes, which you normally do without blinking, it will add that server to your known_hosts file.

This fingerprinting is to ensure that the server you “think” you are logging into is the actual server you logged into.

When you rebuilt the server it now has a new “fingerprint” but the one for your old server is still stored. So when you try to login, those two items don’t match and as a security measure it alerts you and immediately logs you out.

The line to pay attention to is:

Add correct host key in /var/root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /var/root/.ssh/known_hosts:1

All you have to do is edit your /var/root/.ssh/known_hosts file and remove the first line in that file. Then attempt to login in again, answer yes at the prompt, a new fingerprint will be created and you will be able to login to the server.