Related

Server setup for multiple wordpress installs thats secure Question Question
Does Digital Ocean provide NTP service to customer VMs? Question Question

Question

Cannot login to droplet using ssh

Posted January 20, 2020 1.7k views
Initial Server Setup

I am having an issue connecting to my droplet over ssh.

Whenever I try to loging in using ssh. I get and error:

root@xxx.xxx.xxx.30: Permission denied (publickey).
I copied my public key to the digital ocean server and then tried to login.

Still I get the same thing.

I tried “ssh —v root@xxx.xxx.xxx.30” and get tons outoutput that I don’t understand.

The only thing I see in the logs that looks suspicious is this:

debug1: Authentications that can continue: publickey
debug1: Trying private key: /root/.ssh/iddsa
debug3: no such identity: /root/.ssh/iddsa: No such file or directory
debug1: Trying private key: /root/.ssh/idecdsa
debug3: no such identity: /root/.ssh/idecdsa: No such file or directory
debug1: Trying private key: /root/.ssh/ided25519
debug3: no such identity: /root/.ssh/ided25519: No such file or directory
debug1: Trying private key: /root/.ssh/idxmss
debug3: no such identity: /root/.ssh/idxmss: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.

I don’t have the files “/root/.ssh/iddsa” , but I do have “/root/.ssh/idrsa”

It seems to me that digital ocean is expecting a dsa style key and I only have a rsa style key???

Add a comment
mattreister
By:
mattreister

Related

Server setup for multiple wordpress installs thats secure Question Question
Does Digital Ocean provide NTP service to customer VMs? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
4 answers
KFSys January 20, 2020

Hi @mattreister,

It’s trying out different SSH keys until it actually find the one it can use.

You’ll need to add your id_rsa.pub key usually located in 

~/.ssh/id_rsa.pub

To the file on your droplet :

~/.ssh/authorized_keys

As soon as you do, you should be able to SSH without a problem to your droplet.

If you are unsure how to actually perform the above tasks, DigitalOcean have a very good tutorial which you can check here - DigitalOcean Tutorial SSH Keys

Regards,
KDSys

Reply Report
alexdo January 20, 2020

Hello, @mattreister

Could you please make sure that you’ve copied the key stored in ~/.ssh/id_rsa.pub from your local machine to the authorized file in ~/.ssh/authorized_keys on your droplet?

Keep in mind that you can still access the droplet via the console in the control panel.

The server is trying different authentications methods and eventually gives a error: No more authentication methods to try.

Once you’ve copied your key:

ssh-rsa EXAMPLEzaC1yc2EAAAADAQABAAACAQCqql6MzstZYh1TmWWv11q5O3pISj2ZFl9HgH1JLknLLx44+tXfJ7mIrKNxOOwxIxvcBF8PXSYvobFYEZjGIVCEAjrUzLiIxbyCoxVyle7Q+bqgZ8SeeM8wzytsY+dVGcBxF6N4JS+zVk5eMcV385gG3Y6ON3EG112n6d+SMXY0OEBIcO6x+PnUSGHrSgpBgX7Ks1r7xqFa7heJLLt2wWwkARptX7udSq05paBhcpB0pHtA1Rfz3K2B+ZVIpSDfki9UVKzT8JUmwW6NNzSgxUfQHGwnW7kj4jp4AT0VZk3ADw497M2G/12N0PPB5CnhHf7ovgy6nL1ikrygTKRFmNZISvAcywB9GVqNAVE+ZHDSCuURNsAInVzgYo9xgJDW8wUw2o8U77+xiFxgI5QSZX3Iq7YLMgeksaO4rBJEa54k8m5wEiEE1nUhLuJ0X/vh2xPff6SQ1BL/zkOhvJCACK6Vb15mDOeCSq54Cr7kvS46itMosi/uS66+PujOO+xt/2FWYepz6ZlN70bRly57Q06J+ZJoc9FfBCbCyYH7U/ASsmY095ywPsBo1XQ9PqhnN1/YOorJ068foQDNVpm146mUpILVxmq41Cj55YKHEazXGsdBIbXWhcrRf4G2fJLRcGUr9q8/lERo9oxRm5JFX6TCmj6kmiFqv+Ow9gI0x8GvaQ== username@203.0.113.0

Open the ~/.ssh/authorized_keys file for editing using a terminal-based text editor, like nano.

nano ~/.ssh/authorized_keys

Paste the contents of your SSH key into the file by right-clicking in your terminal and choosing Paste or by using a keyboard shortcut like CTRL+SHIFT+V. Then, save and close the file. In nano, save by pressing CTRL+O and then ENTER, and exit by pressing CTRL+X.

You can check this tutorial as well:

https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/to-existing-droplet/#manually - refer to Manually from the Droplet without Password-Based Access

Let me know how it goes.

Regards,
Alex

Reply Report
  • mattreister January 21, 2020

    Hi Alex,

    I initially adding my key through the web in Account->sectury->ssh-keys..
    I want back and check that my key was still there and it was…

    Now i want and looked at the ~/.ssh/authorized_keys on my droplet terminal and i noticed a few things. First, is that my new ssh key wasn’t in there, but there was an older one i used years ago.

    I deleted the old key and attempted to paste in my new key…but no matter what i did the paste function would not correctly copy my key into the terminal… i would stop the copy half way through and ever make error during the copy.... (I don’t know how this is possible it sounds like BS, but its really happening..)

    So at this point it looks like the key i entered under my account is not working and i cannot manual copy the key to the droplet.. because the web console is not copying the key correctly.....

    Question: Is the key i copy to my account settings suppose to be automatically assign to my droplet or do i have to take some other action to get it be used on my droplet?

    Reply Report
    • alexdo January 22, 2020

      Hello, @mattreister

      The ssh keys you add under your Digital Ocean account can be used/assigned when you create a new droplet. For security reasons, you can’t add or modify the SSH keys on your Droplet using the control panel after you create it.

      If you’re receiving errors during the copy/paste process of the key you can temporary enable the PasswordAuthentication in order to ssh using your password and then copy/paste the key via ssh.

      To enable SSH password authentication, you must SSH in as root to edit this file:

      /etc/ssh/sshd_config

      Then, change the line

      PasswordAuthentication no

      to

      PasswordAuthentication yes

      After making that change, restart the SSH service by running the following command as root:

      sudo service ssh restart

      Once this is done you should be able to access your droplet via ssh from your computer. If you have your key file saved on your machine you can use the following command do directly copy the key on your droplet via ssh:

      cat ~/.ssh/id_rsa.pub | ssh demo@198.51.100.0 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >>  ~/.ssh/authorized_keys"

      Your other option will be to copy the content of the id_rsa.pub to the ~/.ssh/authorized_keys file on your droplet.

      Once the key is copied and you’re able to connect without using your password, you can disable the PasswordAuthentication again by setting it to no and then restarting the ssh service.

      Let me know how it goes.

      Regards,
      Alex

      Reply Report
mattreister January 22, 2020

Hi Alex,

Thank you for the reply and thanks for letting me know i cannot add or modify keys on my control panel after my droplet has been created.

I think that is a good idea allowing password authentication.. however you mentioned i needed to ssh into my droplet to do this....

But the whole point in my asking this questions is that i cannot ssh into my droplet.. if i could ssh into my droplet my problem would already be solved.

I solved my problem by deleting my droplet then creating a new one with my new ssh key in there.

Thanks!

Reply Report
alexdo January 27, 2020

Hello, @mattreister

Thanks for updating us on what happened.

Regards,
Alex

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help