can't ssh to my droplet with error Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

Question

one day, I can’t ssh to my droplet with error Permission denied (publickey,gssapi-keyex,gssapi-with-mic) , i have tried to re-add ssh key but the issue is not fixed. I need your helps!!!

KFSys · Accepted Answer

Hi tungnguyenmr,

You would need to enter with your VPS with the password first though. Then edit the /etc/ssh/sshd_config with

PasswordAuthentication yes
```

Save the file and reload the configuration

```
service sshd restart
```

A more in depth answer can be seen here - [SSH Key Permission deny](https://www.digitalocean.com/community/questions/error-permission-denied-publickey-when-i-try-to-ssh?answer=44730)


If the issue is still experienced, can you please try to ssh with the verbose command in order to see where the connection fails. 

```
ssh -v  root@xx.xx.xx.xxx
```

Kind Regards,
Kalin D.

alexdo · Answer

Hello there,

You can check our article on How to Upload an SSH Public Key to an Existing Droplet

https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/to-existing-droplet/

You can access the droplet from the DigitalOcean console and then temporary enable the PasswordAuthentication on your droplet and access the droplet with a password to upload the ssh-key.

If you haven’t created new pair of keys you’ll need to do that first.

You can enable PasswordAuthentication for your Droplet by modifying your /etc/ssh/sshd_config file. Once set to Yes restart the SSH service and connect via an SSH client for a more stable connection. You can then modify your ~/.ssh/authorized_keys file to add the appropriate public key.

This change can be made from the DigitalOcean’s console. If you’re having issues accessing the console you can then reach to our amazing support team that can help you further with this.

To enable the PasswordAuthentication follow these steps:

Login to the console on the DigitalOcean website.
Type sudo nano /etc/ssh/sshd_config
Change PasswordAuthentication from “no” to “yes” and save the file
Open a terminal on your computer and type ssh username@[hostname or IP address] or if on a Windows box use PuTTY for password login making sure authentication parameters aren’t pointing to a private key
Login with a password
Type sudo nano ~/.ssh/authorized_keys
Paste public key text here and save the file
Type sudo nano /etc/ssh/sshd_config
Change PasswordAuthentication from “yes” to “no” and save the file
Log out and attempt to log back in (if using PuTTY make sure you set up auth parameters to point to your private key)

You can then upload the key using this command:

ssh-copy-id -i ~/.ssh/mykey user@droplet

Hope that this helps! Regards, Alex

oprisk1 · Answer

I found similar problem where the ‘Add SSH Keys’ dialog does not update the ‘.ssh/authorizedkeys’ file for root. This must be done manually. However a separate issue is that the DO Console opens a terminal browser window that has a short copy/past buffer (~128bytes). From the terminal window run nano ‘.ssh/authorized_keys’ for root, and update the rsa key by repeating copy/paste multiple times until the entire rsa key value is copied

Related

Question

can't ssh to my droplet with error Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

Related