Question

Can't login into new instance Permission Denied (publickey)

Rebuilt an image and now I can’t login into my instance!

my /etc/hosts file has my ip address under howlit

Here is my output from: ssh -vv root@howlit

debug1: Host 'howlit' is known and matches the ECDSA host key.
debug1: Found key in /Users/kyle.calica-steinhil/.ssh/known_hosts:40
Warning: Permanently added the ECDSA host key for IP address 'XXX.XX.XX.XXX' to the list of known hosts.
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/kyle.calica-steinhil/.ssh/id_rsa (0x7fe5a8500950),
debug2: key: /Users/kyle.calica-steinhil/.ssh/id_dsa (0x0),
debug2: key: /Users/kyle.calica-steinhil/.ssh/id_ecdsa (0x0),
debug2: key: /Users/kyle.calica-steinhil/.ssh/id_ed25519 (0x0),
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/kyle.calica-steinhil/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/kyle.calica-steinhil/.ssh/id_dsa
debug1: Trying private key: /Users/kyle.calica-steinhil/.ssh/id_ecdsa
debug1: Trying private key: /Users/kyle.calica-steinhil/.ssh/id_ed25519
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).

Changed anything with my IP address to ‘XXX.XX.XX.XXX


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Make sure you didn’t changed private key any time after creating Droplet. If you used one key on Droplet creation, and changed it (even in Control Panel), the original one key will be used.

/* Comment
I guess this is a OK behavior. If you go to Settings -> Security, change existing SSH key it'll generate new key fingerprint. Droplets identify SSH keys by fingerprint, not by name so I guess it's correct.
I will verify this behavior with DigitalOcean and maybe I update this */

To debug this, you can use DigitalOcean Web Console. Login to Control Panel, select your Droplet and click Console on right side. If you have non-root user, use it in combination with password and you will be able to login. If you have root user only and don’t have password, you can use Reset Root Password from ‘Access’ option of Droplet details. It’ll be mailed to your password and you can login with it via Console. Probably you will have to change it on first login, you will be first asked for current password then 2 times for new one.

You can take look at SSH keys tutorial for steps. You will need to copy it manually as ssh-copy-id is not available via Console. You can temporary enable password authentication. Open SSH config:

  1. sudo nano /etc/ssh/sshd_config

Find out PasswordAuthentication to yes:

PasswordAuthentication yes

Save file and exit editor. It requires you to restart SSH service:

  1. sudo systemctl restart sshd

After this you can use SSH with password to debug. Once public key starts to work, make sure PasswordAuthentication is set to no and restart service to disable password logins.

In my case there was a problem with directory permissions. Check this out

/home

drwxr-xr-x.   9 root root   113 Jun 28 22:57 home

and then your home directory:

drwxr-----   5  user group   124 May 18 17:00 user
drwx------  2  user group   29 May 18 12:05 .ssh
-rw-------  1 user group 2235 Jun 28 23:09 authorized_keys

Troubleshooting

  • start sshd in debug mode
service sshd stop

run sshd debug mode:

/usr/sbin/sshd -ddd

my error messages

...
          debug1: trying public key file /home/USER/.ssh/authorized_keys
          debug1: Could not open authorized keys '/home/USER/.ssh/authorized_keys': Permission denied
...

<^>You can take look at SSH keys tutorial for steps. You will need to copy it manually as ssh-copy-id is not available via Console. You can temporary enable password authentication. Open SSH config:

sudo nano /etc/ssh/sshd_config

Find out PasswordAuthentication to yes:

PasswordAuthentication yes

Save file and exit editor. It requires you to restart SSH service:

sudo systemctl restart sshd

<^> This works! Thanks