Question

Can't SSH into my newly created droplet

Posted August 21, 2020 481 views
Ubuntu 18.04

Hello Team,

I have created 3 droplets of Ubuntu 18.04, now when I am trying to ssh into these droplets from my Ubuntu host machine getting below error :

****root@UbuntuServer-VirtualBox:~# ssh root@139.59.7.4
The authenticity of host '139.59.7.4 (139.59.7.4)' can't be established.
ECDSA key fingerprint is SHA256:bHqoYKq4Pr6uY7eIXE4hqvNLVhO9fszXZRVqiBUHgAc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '139.59.7.4' (ECDSA) to the list of known hosts.
root@139.59.7.4: Permission denied (publickey).**
**
-> Also adding the verbose output :

root@UbuntuServer-VirtualBox:~# ssh -v root@139.59.7.4
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 139.59.7.4 [139.59.7.4] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 139.59.7.4:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:bHqoYKq4Pr6uY7eIXE4hqvNLVhO9fszXZRVqiBUHgAc
debug1: Host '139.59.7.4' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: No more authentication methods to try.
root@139.59.7.4: Permission denied (publickey).

Any idea why it is happening although I have already added my HOST public key into the droplets authentication policy as described in the Droplet documentation.

Regards
Chinkleet

edited by bobbyiliev

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hi there @chinkleet,

As far as I can see from the output it looks like that you might not have added the SSH key from your Virtual Box Server to your Droplet.

To check that I would recommend connecting to your Virtual Box Server via SSH, and then running:

  • cat ~/.ssh/id_rsa.pub

After that make sure that the SSH key matches the one that you’ve added to your account.

If this still does not work, I would recommend adding 3 -v for more information:

  • ssh -vvv root@your_ip_address

Let me know how it goes!
Regards,
Bobby

  • Hi @bobbyiliev

    I have checked in both (my Ubuntu host machine and the Droplet) and found the public key is the same.

    Ubuntu host machine :

    chinkleet@UbuntuServer-VirtualBox:~/.ssh$ cat id_rsa.pub
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD6+KhE2gCQzDEZIgdlZODffVRr3DEkXhqPbp26w4TS1M7ATEcH4qObRPuVW6P/KR5Unori5zwk+VdkmI5AkL+WH0JhhlxPc/kJTow5zG6Cju2qrqRNV93Hn7WICjXrzO/MPQtpS1BJl3CTZlU5+Skf/T/ssCyrKOc+sEBTu47j6CPgOUB1mHz96E+Z+FBSjcuK05mPUdh9B+JGdwk576+oIcH7mX5zJ3GU6i5UZfGkhQE5N7VxfymyQDqD1tT8WjonqOIVgIV1ZjyKpj/9J8b9+l1A9AZceM1PZtrbrD9KFWk0OtsGd2+v5WU1n7sZcFKBtYthcOXi7sotHOckQ+/L chinkleet@UbuntuServer-VirtualBox

    Ubuntu Droplet :

    root@node1:~/.ssh# cat authorized_keys

    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD6+KhE2gCQzDEZIgdlZODffVRr3DEkXhqPbp26w4TS1M7ATEcH4qObRPuVW6P/KR5Unori5zwk+VdkmI5AkL+WH0JhhlxPc/kJTow5zG6Cju2qrqRNV93Hn7WICjXrzO/MPQtpS1BJl3CTZlU5+Skf/T/ssCyrKOc+sEBTu47j6CPgOUB1mHz96E+Z+FBSjcuK05mPUdh9B+JGdwk576+oIcH7mX5zJ3GU6i5UZfGkhQE5N7VxfymyQDqD1tT8WjonqOIVgIV1ZjyKpj/9J8b9+l1A9AZceM1PZtrbrD9KFWk0OtsGd2+v5WU1n7sZcFKBtYthcOXi7sotHOckQ+/L chinkleet@UbuntuServer-VirtualBox

    however still when I try to SSH into the Droplet it is giving the same error :

    adding the -vvv output :

    chinkleet@UbuntuServer-VirtualBox:~$ ssh -vvv root@139.59.7.4
    OpenSSH7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
    debug1: Reading configuration data /etc/ssh/ssh
    config
    debug1: /etc/ssh/sshconfig line 19: Applying options for *
    debug2: resolving “139.59.7.4” port 22
    debug2: ssh
    connectdirect: needpriv 0
    debug1: Connecting to 139.59.7.4 [139.59.7.4] port 22.
    debug1: Connection established.
    debug1: identity file /home/chinkleet/.ssh/id
    rsa type 0
    debug1: keyloadpublic: No such file or directory
    debug1: identity file /home/chinkleet/.ssh/idrsa-cert type -1
    debug1: key
    loadpublic: No such file or directory
    debug1: identity file /home/chinkleet/.ssh/id
    dsa type -1
    debug1: keyloadpublic: No such file or directory
    debug1: identity file /home/chinkleet/.ssh/iddsa-cert type -1
    debug1: key
    loadpublic: No such file or directory
    debug1: identity file /home/chinkleet/.ssh/id
    ecdsa type -1
    debug1: keyloadpublic: No such file or directory
    debug1: identity file /home/chinkleet/.ssh/idecdsa-cert type -1
    debug1: key
    loadpublic: No such file or directory
    debug1: identity file /home/chinkleet/.ssh/id
    ed25519 type -1
    debug1: keyloadpublic: No such file or directory
    debug1: identity file /home/chinkleet/.ssh/ided25519-cert type -1
    debug1: Local version string SSH-2.0-OpenSSH
    7.6p1 Ubuntu-4ubuntu0.3
    debug1: Remote protocol version 2.0, remote software version OpenSSH7.6p1 Ubuntu-4ubuntu0.3
    debug1: match: OpenSSH
    7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
    debug2: fd 3 setting ONONBLOCK
    debug1: Authenticating to 139.59.7.4:22 as ‘root’
    debug3: hostkeys
    foreach: reading file “/home/chinkleet/.ssh/knownhosts”
    debug3: record
    hostkey: found key type ECDSA in file /home/chinkleet/.ssh/knownhosts:1
    debug3: load
    hostkeys: loaded 1 keys from 139.59.7.4
    debug3: orderhostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
    debug3: send packet: type 20
    debug1: SSH2
    MSGKEXINIT sent
    debug3: receive packet: type 20
    debug1: SSH2
    MSGKEXINIT received
    debug2: local client KEXINIT proposal
    debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
    debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
    debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: compression ctos: none,zlib@openssh.com,zlib
    debug2: compression stoc: none,zlib@openssh.com,zlib
    debug2: languages ctos:
    debug2: languages stoc:
    debug2: first
    kexfollows 0
    debug2: reserved 0
    debug2: peer server KEXINIT proposal
    debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
    debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
    debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: compression ctos: none,zlib@openssh.com
    debug2: compression stoc: none,zlib@openssh.com
    debug2: languages ctos:
    debug2: languages stoc:
    debug2: first
    kexfollows 0
    debug2: reserved 0
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: ecdsa-sha2-nistp256
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug3: send packet: type 30
    debug1: expecting SSH2
    MSGKEXECDHREPLY
    debug3: receive packet: type 31
    debug1: Server host key: ecdsa-sha2-nistp256 SHA256:bHqoYKq4Pr6uY7eIXE4hqvNLVhO9fszXZRVqiBUHgAc
    debug3: hostkeys
    foreach: reading file “/home/chinkleet/.ssh/knownhosts”
    debug3: record
    hostkey: found key type ECDSA in file /home/chinkleet/.ssh/knownhosts:1
    debug3: load
    hostkeys: loaded 1 keys from 139.59.7.4
    debug1: Host '139.59.7.4’ is known and matches the ECDSA host key.
    debug1: Found key in /home/chinkleet/.ssh/knownhosts:1
    debug3: send packet: type 21
    debug2: set
    newkeys: mode 1
    debug1: rekey after 134217728 blocks
    debug1: SSH2MSGNEWKEYS sent
    debug1: expecting SSH2MSGNEWKEYS
    debug3: receive packet: type 21
    debug1: SSH2MSGNEWKEYS received
    debug2: setnewkeys: mode 0
    debug1: rekey after 134217728 blocks
    debug2: key: /home/chinkleet/.ssh/id
    rsa (0x557d43a9fa00)
    debug2: key: /home/chinkleet/.ssh/iddsa ((nil))
    debug2: key: /home/chinkleet/.ssh/id
    ecdsa ((nil))
    debug2: key: /home/chinkleet/.ssh/ided25519 ((nil))
    debug3: send packet: type 5
    debug3: receive packet: type 7
    debug1: SSH2
    MSGEXTINFO received
    debug1: kexinputextinfo: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
    debug3: receive packet: type 6
    debug2: service
    accept: ssh-userauth
    debug1: SSH2MSGSERVICEACCEPT received
    debug3: send packet: type 50
    debug3: receive packet: type 51
    debug1: Authentications that can continue: publickey
    debug3: start over, passed a different list publickey
    debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod
    lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethodisenabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering public key: RSA SHA256:aPhpkTE6BmMUCuktxDf/TA5+uaTfMxda/+W25ULFGkg /home/chinkleet/.ssh/idrsa
    debug3: send
    pubkeytest
    debug3: send packet: type 50
    debug2: we sent a publickey packet, wait for reply
    debug3: receive packet: type 51
    debug1: Authentications that can continue: publickey
    debug1: Trying private key: /home/chinkleet/.ssh/id
    dsa
    debug3: no such identity: /home/chinkleet/.ssh/iddsa: No such file or directory
    debug1: Trying private key: /home/chinkleet/.ssh/id
    ecdsa
    debug3: no such identity: /home/chinkleet/.ssh/idecdsa: No such file or directory
    debug1: Trying private key: /home/chinkleet/.ssh/id
    ed25519
    debug3: no such identity: /home/chinkleet/.ssh/id_ed25519: No such file or directory
    debug2: we did not send a packet, disable method
    debug1: No more authentication methods to try.
    root@139.59.7.4: Permission denied (publickey).

    • Hi there @chinkleet,

      To me it looks like that you do not have your private SSH key present on your Virtual Box machine:

      debug1: identity file /home/chinkleet/.ssh/id_rsa type 0
      debug1: keyloadpublic: No such file or directory
      

      You can check that with the following command on your Virtual Box VM:

      • cat .ssh/id_rsa

      If this is the case you would need to make sure that you add your private key there and set it with 600 permissions.

      Another thing that I could suggest is updating your permissions to be more strict:

      • On your Virtual Box VM:
      • chmod 700 ~/.ssh
      • chmod 600 ~/.ssh/id_rsa
      • On your DigitalOcean Droplet:
      • chmod 700 ~/.ssh
      • chmod 600 ~/.ssh/authorized_keys

      Let me know how it goes.
      Regards,
      Bobby

      • Hi @bobbyiliev

        Finally, it worked, and below are the steps I have performed:

        • deleted my droplets and build new ones from the beginning.
        • again made authentication key pair and this time I didn’t provide any specific name to them at the time of the creation and leave it as default.
        • when performing ssh to the droplet provided the full path of the private key instead of (ssh root@droplet’s IP).

        Thank you for your assistance.

        Regards,
        Chinkleet

It looks like ssh client cannot match private key with the public key presented by droplet’s ssh server. Did you name your key pair during creating it (e.g. ssh-keygen -f specific_key_name) ? Check your /root/.ssh/ directory. If yes, you should provide full path to the private key, e.g.

ssh -i /root/.ssh/specific_key_name root@139.59.7.4
Submit an Answer