cannot access through ssh neither droplet console

May 29, 2017 397 views
DigitalOcean Ubuntu

I've gone through all of this article: https://www.digitalocean.com/community/tutorials/how-to-troubleshoot-ssh-authentication-issues-on-your-droplet
And i still have the same issues, also now i can't even paste the ssh-key into the popup window since it returns an invalid key-type error.
Support ticket hasn't been answered.
I've done this process with other hosting providers without a problem, this is a simple operation and it's not working here.
I use putty key generator.

3 Answers

@guillegallo88

When you used PuTTyGen to generate an SSH key, did you copy the key from the area labeled:

Public key for pasting into OPenSSH authorized_keys file:

... and paste it in to ~/.ssh/authorized_keys? Or did you paste in the PuTTy formatted public key?

The OpenSSH Public SSH Key should start with:

ssh-rsa

If you pasted the public key that PuTTy allows you to save when using "Save public key", that won't work as OpenSSH / SSH can't read PuTTy formatted keys. PuTTy does the conversion in-app when you're connecting, but you won't be able to use the PuTTy formatted keys on the server. You'll have to use the OpenSSH formatted key, otherwise it'll fail.

So if, in ./ssh/authorized_keys, you pasted something that starts with:

---- BEGIN SSH2 PUBLIC KEY ----

You will end up locking yourself out if password authentication was disabled.

If you can still login using a password, check what was pasted in to authorized_keys and make sure it's in valid OpenSSH format.

@guillegallo88

If you add an SSH Key to the DigitalOcean Dashboard after deploying a Droplet, it won't be on the Droplet and you'd need to add it manually.

The only time SSH Keys are copied over is during initial deployment. If you want to add SSH Keys to the server after a Droplet is deployed, you have to do this manually by adding the key to:

~/.ssh/authorized_keys

... on the Droplet.

...

If you did add an SSH Key to the DigitalOcean Dashboard and deployed a Droplet afterwards, and it isn't working, then I would make sure the key is indeed valid and you pasted in the correct key.

When it comes to SSH Keys, when deployed with the Droplet, that's the only way to login. An invalid key means you're locked out from the start.

The only types of keys that you should be pasting in via the Dashboard are keys that start with either:

ssh-rsa ....

or

ssh-ed25519 ....

Those are RSA and ED25519 keys (i.e. don't use DSA keys).

Any other format won't work, such as the original PuTTy formats.

  • I see, so i'll go ahead and destroy the droplet to create a new one so i can add the key in the process.
    I don't understand why i can't even access to the droplet's console, i could add the key to the authorized_keys file if i can access but nope.

    Thanks very much for your help @jtittle

    • So i destroyed the droplet and created a new one including the key in the process. I have the same result. I can't add the key manually because i can't access through the droplet console neither.
      The support service isn't responding at all, what else i can try?

      • @guillegallo88

        1). They SSH Key you pasted in through the DigitalOcean Dashboard is either not of the right format (OpenSSH Public Key format), or it's not valid by some other means, or;

        2). You've not set the key under Connection => SSH => Auth => Private key file for authentication in PuTTy.

        ...

        If you use PuTTyGen to create an SSH Key and copy the entire string from:

        Public key for pasting into OPenSSH authorized_keys file:
        

        ... and paste it to the SSH Key box, then deploy with that, it should work as long as you've saved the private key from PuTTyGen using "Save private key" and provided PuTTy with the location of that key so it knows which one to use.

        ...

        In regards to support, keep in mind, DigitalOcean is un-managed, meaning that while support is indeed available to help where and when possible, the overall configuration and setup of your Droplet (VPS/server) is left to you and is your responsibility.

        Unlike shared hosting or a managed provider, the support team can make suggestions, but that's pretty much the extent of un-managed support.

        That's why the community is here to help where possible :-).

        • 1) The ssh-key is in the right format because it could be saved correctly when i deploy the droplet.
          2) I've done that

          I've created the sshkey and save it correctly in the putty configurations too. So i don't understand what's the problem.

          I'm using windows 10 and latest putty and puttygen versions.

          • @guillegallo88

            I setup a Droplet to test things on my end and I'm not able to reproduce any sort of issue connecting unfortunately.

            I moved over to my Windows 10 machine and made sure PuTTy was indeed up to date as well.

            After generating a key using PuTTyGen, pasting the OpenSSH Public Key to DigitalOcean, deploying with that key, and waiting for the Droplet to become available, I was able to login immediately using PuTTy.

            I tested this using an RSA key with 4096 bits as well as an ED25519 key.

            ...

            The alternative would be to deploy without an SSH Key, wait for the root password to be e-mailed to you, and then login with a password. You'll then be prompted to enter the current password and change it to a new one.

            From there, you can copy your SSH Key to:

            ~/.ssh/authorized_keys
            

            ...which is the same as:

            /root/.ssh/authorized_keys
            

            And test logging in with the key using PuTTy, that way if the key doesn't work, you don't lock yourself out and will still be able to login with root and the new root password you set.

            If it does work, then you can:

            nano /etc/ssh/sshd_config
            

            and change PasswordAuthentication to no, and then restart SSH. You won't be able to login with a password after that, though if the SSH key is working, then you won't need to.

    • @guillegallo88

      Console will only work with a username and password. If you didn't deploy with SSH Keys, that'd be root and the password that was e-mailed to you, or the password you changed it to after the first login.

      If you deploy with SSH Keys, password authentication is disabled and only that SSH Key is able to be used to authenticate, so you'd then need to use PuTTy to login to SSH as you'll no longer be able to use the web based console.

      SSH Keys are definitely more secure than using passwords, so that's what I'd recommend, but you need to be careful not to lock yourself out as the only way around not having the console is to use a recovery image (which can be a bit of a pain if you've never used it before).

      If you ever delete your private key on accident, that too will lock you out as you can't create a private key from the public key, or recover it. I've worked with a number of clients that have done this and attempting recovery via a recovery image is about the only way to try and get back in.

At this point I'm undecided about Puddy, but this is the most relevant post I've found. I'm undecided about Puddy, but I simply want to login using the console on my Droplet, but cannot. Before seeing question this I had deleted my Droplet, and created a new one but the problem persists. I'm guessing the problem is a communication problem between the keyboard in the console and my physical keyboard. I say this because I've managed to get to the "password reset" prompt, but it acts like it times out or prematurely returns (enter), so it won't allow me to rest the password. I've also tried "ssh root@myipaddress" without success.

Any suggestions are greatly appreciated...

P.S. I have tried pressing the control and shift keys multiple times to clear up "keyboard issues".... It has accepted my manually entered password, but the reset password function does not work.

  • Hi @Edub Can you create a new question, since it seems like you're not using SSH keys, but passwords. It's also difficult for us (other users) to see sub-questions.

Have another answer? Share your knowledge.