Can't connect via SFTP / SSH

March 20, 2018 162 views
DigitalOcean Ubuntu 16.04

Hi there,

I have a droplet configured with Ubuntu. It contains a Wordpress Installation (mysql, phpmyadmin).

I was able to connect via SSH / SFTP. Suddenly one day I was going to update some files in production and I was unable to connect via SFTP and SSH. It just closes my connection, even via Access Console from Digital Ocean Panel.
I didn't change configs or updated any root system file. I've tried with support but can't get a decent question on how get this to work.

I've made a reset of the root password but as soon as I set my new password but as soon as I set my password.. it happens again and i get instantly "kicked" out of the server.

I've tried to check if it was a network problem but it happens in different networks.

Any suggestions on how to get this to work again?

SFTP Error: Error: Received unexpected end-of-file from SFTP server
SSH: Connection to ********** closed.

Thanks

2 Answers

Something to try when logging in via ssh since you mention you login using a password is to disable your ssh-agent - killall ssh-agent

Once this is complete try logging in again. If you are successful, then what is happening is your shell's key agent has to many keys loaded. When you try and log into your server the agent tries those keys first which cause the login to fail.

If this does not turn out and the droplet is indeed compromised, you can use recovery mode to attempt to restore it or at the very least attempt to grab data from the droplet.

https://www.digitalocean.com/community/tutorials/recovering-files-from-a-compromised-droplet-using-the-recovery-iso

This tutorial explains how to recover files from your Droplet after an attack. Let's say that someone has gained access to your Droplet and launched an attack. Nobody wants to be in this situation. But, by using the recovery environment, you can quickly transfer your...

The fact that the resetting the password from Access Console is giving you the same result leads me to believe that your droplet may be compromised. Possibly due to the Wordpress, mysql, phpmyadmin, if they weren't secured.

I would suggest spinning up a new droplet and see if the problem remains. If not, you know its an issue with the droplet in question.

Hopefully you don't have any data that isn't backed up on the droplet that you can't access.

Have another answer? Share your knowledge.