I have been using a mac to access my droplet via ssh and it went well. Now I have switched to windows and it’s not allowing me to connect to any of my accounts there, including root.

This means I’m completely blocked from reaching my server since I had not enabled the new console which came out recently(which needs to be enabled by ssh'ing it)

Here is my latest attempt.

 ssh -i C:\Users\pcmor\.ssh\id_rsa.pub root@134.209.82.229 -vv -o StrictHostKeyChecking=no
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug2: resolve_canonicalize: hostname 134.209.82.229 is address
debug2: ssh_connect_direct
debug1: Connecting to 134.209.82.229 [134.209.82.229] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\pcmor\\.ssh\\id_rsa.pub type 0
debug1: identity file C:\\Users\\pcmor\\.ssh\\id_rsa.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 134.209.82.229:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:CAbmrTjvKewmjeCWeSlS2QiDNAkF3g7nt+yykhKcHgE
debug1: Host '134.209.82.229' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\pcmor/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\pcmor\\.ssh\\id_rsa.pub RSA SHA256:jlItu+r1MO9Om2kCV9DildIfaTo5ElH7jzqYY36bEAU explicit
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\pcmor\\.ssh\\id_rsa.pub RSA SHA256:jlItu+r1MO9Om2kCV9DildIfaTo5ElH7jzqYY36bEAU explicit
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such file or directory

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers

Hi @pcmoreno,

You can use the recovery console. You can read more about it here

https://docs.digitalocean.com/products/droplets/resources/recovery-console/

Basically, what you need to do is, reset your root password(if you don’t know it) and then connect using the recovery console. From there you can enable password authentication in your sshd config. THe sshd config can be found in /etc/ssh/sshd_config.

Connect from your new machine, add your SSH key and disable password authentication.

You can read the docs I’ve posted for more detailed information.

Hope this helps!

Regards,
KFSys

Hello, @pcmoreno

You can temporary enable the PasswordAuthentication from no to yes in order to access your droplet using a password and then once you’ve entered your key to disable the PasswordAuthentication again.

  1. Log in to the console on the DigitalOcean website.
  2. Type sudo nano /etc/ssh/sshd_config
  3. Change PasswordAuthentication from “no” to “yes” and save the file
  4. Open a terminal on your computer and type ssh username@[hostname or IP address] or if on a Windows box use PuTTY for password login making sure authentication parameters aren’t pointing to a private key
  5. Login with a password
  6. Type sudo nano ~/.ssh/authorized_keys
  7. Paste public key text here and save the file
  8. Type sudo nano /etc/ssh/sshd_config
  9. Change PasswordAuthentication from “yes” to “no” and save the file
  10. Log out and attempt to log back in (if using PuTTY make sure you set up auth parameters to point to your private key)

Hope that this helps!
Regards,
Alex

  • Hi alex,

    using the recovery console, I logged in with my root user.

    I checked both sshdconfig and sshconfig and almost all the settings had a # before it, which I assume it means are not active. I looked for the passwordAuthentication and set them on both files to yes

    then sudo service ssh restart

    and then attepmt to login via powershell. The results were the same.

    I also checked the ~/.ssh/authorized_keys and it was empty. I added the key I generated on my system. Same results as before.

    I don’t recall having to touch any of this when I set this up the first time and was managing to connect through my mac via iTerm. Unfortunatelly I don’t have that mac anymore(wiped and given back to my employer)

    btw, when ssh'ing from my previous machine, I was always being prompted for a password. which I assume it means passwordAuthentication was already active to begin with. I just find this very confusing. And I admit I never ssh'ed before from a windows machine.

    • Hi @pcmoreno,

      You’ve done everything correct, the one thing you need to do is restart sshd rather than ssh:

      service sshd restart
      
      • unfortunately that did not make any difference. I have the feeling I’m looking in the wrong place. Could there be a config somewhere I’m missing?

        and when I do systemctl status sshd.service I can see my login attempt there being refused.

    • Hello, @pcmoreno

      Would you mind sharing the output of the ssh command again, as in your original question?

      Regards,
      Alex

      •  C:\Users\pcmor> ssh -v root@134.209.82.229
        OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
        debug1: Connecting to 134.209.82.229 [134.209.82.229] port 22.
        debug1: Connection established.
        debug1: identity file C:\\Users\\pcmor/.ssh/id_rsa type 0
        debug1: identity file C:\\Users\\pcmor/.ssh/id_rsa-cert type -1
        debug1: identity file C:\\Users\\pcmor/.ssh/id_dsa type -1
        debug1: identity file C:\\Users\\pcmor/.ssh/id_dsa-cert type -1
        debug1: identity file C:\\Users\\pcmor/.ssh/id_ecdsa type -1
        debug1: identity file C:\\Users\\pcmor/.ssh/id_ecdsa-cert type -1
        debug1: identity file C:\\Users\\pcmor/.ssh/id_ed25519 type -1
        debug1: identity file C:\\Users\\pcmor/.ssh/id_ed25519-cert type -1
        debug1: identity file C:\\Users\\pcmor/.ssh/id_xmss type -1
        debug1: identity file C:\\Users\\pcmor/.ssh/id_xmss-cert type -1
        debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
        debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
        debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 pat OpenSSH* compat 0x04000000
        debug1: Authenticating to 134.209.82.229:22 as 'root'
        debug1: SSH2_MSG_KEXINIT sent
        debug1: SSH2_MSG_KEXINIT received
        debug1: kex: algorithm: curve25519-sha256
        debug1: kex: host key algorithm: ecdsa-sha2-nistp256
        debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
        debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
        debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
        debug1: Server host key: ecdsa-sha2-nistp256 SHA256:CAbmrTjvKewmjeCWeSlS2QiDNAkF3g7nt+yykhKcHgE
        debug1: Host '134.209.82.229' is known and matches the ECDSA host key.
        debug1: Found key in C:\\Users\\pcmor/.ssh/known_hosts:2
        debug1: rekey out after 134217728 blocks
        debug1: SSH2_MSG_NEWKEYS sent
        debug1: expecting SSH2_MSG_NEWKEYS
        debug1: SSH2_MSG_NEWKEYS received
        debug1: rekey in after 134217728 blocks
        debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
        debug1: Will attempt key: C:\\Users\\pcmor/.ssh/id_rsa RSA SHA256:jlItu+r1MO9Om2kCV9DildIfaTo5ElH7jzqYY36bEAU
        debug1: Will attempt key: C:\\Users\\pcmor/.ssh/id_dsa
        debug1: Will attempt key: C:\\Users\\pcmor/.ssh/id_ecdsa
        debug1: Will attempt key: C:\\Users\\pcmor/.ssh/id_ed25519
        debug1: Will attempt key: C:\\Users\\pcmor/.ssh/id_xmss
        debug1: SSH2_MSG_EXT_INFO received
        debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
        debug1: SSH2_MSG_SERVICE_ACCEPT received
        debug1: Authentications that can continue: publickey,password
        debug1: Next authentication method: publickey
        debug1: Offering public key: C:\\Users\\pcmor/.ssh/id_rsa RSA SHA256:jlItu+r1MO9Om2kCV9DildIfaTo5ElH7jzqYY36bEAU
        debug1: Authentications that can continue: publickey,password
        debug1: Trying private key: C:\\Users\\pcmor/.ssh/id_dsa
        debug1: Trying private key: C:\\Users\\pcmor/.ssh/id_ecdsa
        debug1: Trying private key: C:\\Users\\pcmor/.ssh/id_ed25519
        debug1: Trying private key: C:\\Users\\pcmor/.ssh/id_xmss
        debug1: Next authentication method: password
        debug1: read_passphrase: can't open /dev/tty: No such file or directory
        root@134.209.82.229's password:
        debug1: Authentications that can continue: publickey,password
        Permission denied, please try again.
        debug1: read_passphrase: can't open /dev/tty: No such file or directory
        root@134.209.82.229's password: