Question

Can't connect SSH to my droplet

Posted March 5, 2020 633 views
Ubuntu 18.04

I cannot connect to my droplet ssh/ftp. I tried all the tutorials on internet, but still not working. Please, I need help to put my website on this server. I tried with password and with keypair, no success. I only get this message on ssh: “Permission denied, please try again.”
I’m sure my password is correct (but tried others like “a”). I tried to change my authentication method to publickey, but got the same message. I tried also access from another operating system, nothing… I have a Windows machine and a MacOS machine. Both failed. I only get connected when i get in the console, in the Digital Ocean Panel. But I need to connect SSH for the first configuration and FTP to upload my files. PLEASE HELP ME!

SSH debug:OpenSSH7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh
config
debug1: /etc/ssh/sshconfig line 48: Applying options for *
debug1: Connecting to IPaddress [IPaddress] port 22.
debug1: Connection established.
debug1: identity file /Users/rickfontoura/.ssh/id
rsa type 0
debug1: identity file /Users/rickfontoura/.ssh/idrsa-cert type -1
debug1: identity file /Users/rickfontoura/.ssh/id
dsa type -1
debug1: identity file /Users/rickfontoura/.ssh/iddsa-cert type -1
debug1: identity file /Users/rickfontoura/.ssh/id
ecdsa type -1
debug1: identity file /Users/rickfontoura/.ssh/idecdsa-cert type -1
debug1: identity file /Users/rickfontoura/.ssh/id
ed25519 type -1
debug1: identity file /Users/rickfontoura/.ssh/ided25519-cert type -1
debug1: identity file /Users/rickfontoura/.ssh/id
xmss type -1
debug1: identity file /Users/rickfontoura/.ssh/idxmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH
7.9
debug1: Remote protocol version 2.0, remote software version OpenSSH6.6.1
debug1: match: OpenSSH
6.6.1 pat OpenSSH6.6.1* compat 0x04000002
debug1: Authenticating to IPaddress:22 as ‘root’
debug1: SSH2
MSGKEXINIT sent
debug1: SSH2
MSGKEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2
MSGKEXECDHREPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:aCNuggeFGaX8hsiUJqeRp9Ic1pMOv8AE2UuP95R1poA
debug1: Host 'IPaddress’ is known and matches the ECDSA host key.
debug1: Found key in /Users/rickfontoura/.ssh/known
hosts:9
debug1: rekey after 134217728 blocks
debug1: SSH2MSGNEWKEYS sent
debug1: expecting SSH2MSGNEWKEYS
debug1: SSH2MSGNEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /Users/rickfontoura/.ssh/idrsa RSA SHA256:+RxgdXB7wR6RuGyMdGeQHPg8YIFGrj5ZQpbZh73+qW0 agent
debug1: Will attempt key: /Users/rickfontoura/.ssh/id
dsa
debug1: Will attempt key: /Users/rickfontoura/.ssh/idecdsa
debug1: Will attempt key: /Users/rickfontoura/.ssh/id
ed25519
debug1: Will attempt key: /Users/rickfontoura/.ssh/idxmss
debug1: SSH2
MSGSERVICEACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/rickfontoura/.ssh/idrsa RSA SHA256:+RxgdXB7wR6RuGyMdGeQHPg8YIFGrj5ZQpbZh73+qW0 agent
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /Users/rickfontoura/.ssh/id
dsa
debug1: Trying private key: /Users/rickfontoura/.ssh/idecdsa
debug1: Trying private key: /Users/rickfontoura/.ssh/id
ed25519
debug1: Trying private key: /Users/rickfontoura/.ssh/id_xmss
debug1: Next authentication method: password
root@IPaddress’s password:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.

edited by alexdo

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers

Hello, @rickfontoura

What you can do is to copy your id_rsa.pub file to the server’s authorized_keys file

You can do this using the console from the control panel. You can cat the file locally on the MacOS machine using this command:

cat ~/.ssh/id_rsa.pub

the file’s content should be as follows:


ssh-rsa AAAB3NzaC1yc2EAAAABIwAAAQEAmLmwkzQDjEOW1Rj3TP5NldVDqUODVH9xuYrkeaSkxtdP
J8D9Hz+XAWnGAXdaIkCVOw2YEfHKWSo6befgNxiS+AKS+S+wM/bJpc4qOLe5ozFjZPNRHcw5O8WkgP5g
/wg2BOvxBqSKpsSzvi4rYVRLtl7TLVMyajhELiJ9GqT8f25gr3jFmtuQQIkRES1aC4oL2tHsn529POfP
1lPhh5tb2FbqEpm9L3779ljjkSX7mD4zza3zUckkuAIb5R7KSOrvPnJaEU903hrI0tx5omGyDy+h/2D1
h0aqHanPcU9Ml91ZpMKdpa0+FeVgs2M3LHYTNnvZ76ScV2VtUQwm3YEvjw

You can copy the content of the file and then access the droplet using the console from the control panel. Then you need to open the authorized_keys file using any text editor, e.g nano, vi or vim

nano ~/.ssh/authorized_keys

You can then paste the previously copied id_rsa.pub key in the file. After that you can save the file and try to connect again.

Hope this helps! Let me know how it goes.

Regards,
Alex

@alexdo thanks. I tried this before, no success (sorry for my poor english).
I did this again, but got this error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

Here the debug result;:

Ricks-iMac:~ rickfontoura$ ssh -v root@167.172.30.201
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 167.172.30.201 [167.172.30.201] port 22.
debug1: Connection established.
debug1: identity file /Users/rickfontoura/.ssh/id_rsa type 0
debug1: identity file /Users/rickfontoura/.ssh/id_rsa-cert type -1
debug1: identity file /Users/rickfontoura/.ssh/id_dsa type -1
debug1: identity file /Users/rickfontoura/.ssh/id_dsa-cert type -1
debug1: identity file /Users/rickfontoura/.ssh/id_ecdsa type -1
debug1: identity file /Users/rickfontoura/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/rickfontoura/.ssh/id_ed25519 type -1
debug1: identity file /Users/rickfontoura/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/rickfontoura/.ssh/id_xmss type -1
debug1: identity file /Users/rickfontoura/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000002
debug1: Authenticating to 167.172.30.201:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:aCNuggeFGaX8hsiUJqeRp9Ic1pMOv8AE2UuP95R1poA
debug1: Host '167.172.30.201' is known and matches the ECDSA host key.
debug1: Found key in /Users/rickfontoura/.ssh/known_hosts:9
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /Users/rickfontoura/.ssh/id_rsa RSA SHA256:+RxgdXB7wR6RuGyMdGeQHPg8YIFGrj5ZQpbZh73+qW0 agent
debug1: Will attempt key: /Users/rickfontoura/.ssh/id_dsa 
debug1: Will attempt key: /Users/rickfontoura/.ssh/id_ecdsa 
debug1: Will attempt key: /Users/rickfontoura/.ssh/id_ed25519 
debug1: Will attempt key: /Users/rickfontoura/.ssh/id_xmss 
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/rickfontoura/.ssh/id_rsa RSA SHA256:+RxgdXB7wR6RuGyMdGeQHPg8YIFGrj5ZQpbZh73+qW0 agent
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /Users/rickfontoura/.ssh/id_dsa
debug1: Trying private key: /Users/rickfontoura/.ssh/id_ecdsa
debug1: Trying private key: /Users/rickfontoura/.ssh/id_ed25519
debug1: Trying private key: /Users/rickfontoura/.ssh/id_xmss
debug1: Next authentication method: password
root@167.172.30.201's password: 
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
root@167.172.30.201's password: 
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
root@167.172.30.201's password: 
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: No more authentication methods to try.
root@167.172.30.201: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

I’m getting crazy!

edited by MattIPv4
  • Hello, @rickfontoura

    I will recommend you to follow this tutorial and setup new pair of ssh keys and then upload them to your droplet:

    https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys–2

    The first step is to create the key pair on the client machine (there is a good chance that this will just be your computer):

    ssh-keygen -t rsa
    

    If you have password authentication enabled on your droplet you can upload the id_rsa.pub key file directly to your droplet using the follow command:

    cat ~/.ssh/id_rsa.pub | ssh root@IPaddress "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >>  ~/.ssh/authorized_keys"
    
    • change the IPaddress with the IP address of the droplet.

    Hope this helps!

    Let me know how it goes.

    Regards,
    Alex

    by Etel Sverdlov
    SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, use, and upload an SSH Key Pair.

@alexdo no success. I got this error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

  • Hello, @rickfontoura

    Could you please provide us with the content of the /etc/ssh/sshd_config file so we can check this for you? If you have the Password Authentication enabled you can use the command I’ve mentioned in order to copy the key directly on your droplet:

    cat ~/.ssh/id_rsa.pub | ssh root@IPaddress "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >>  ~/.ssh/authorized_keys"
    

    Regards,
    Alex

Submit an Answer