Cannot root login via SSH to Centos 7 on Digitalocean anymore

August 21, 2019 273 views
Development CentOS

Hi I had set up SSH login to my Centos droplet and disabled login via a password. It has been working fine for a year. I haven’t ssh'ed into the droplet for a few months and now when I try to I get an error - “Permission Denied”. The machine I connect from hasn’t changed. The keys from the Windows 10 machine I connect from were previously installed on the droplet and worked fine for a year.
I guess I’m locked out of the droplet now. But my main question is: why did this happen and how do I make sure it does not happen in the future?

2 Answers

Hello,

Here’s a step by step guide on how to get access back to your droplet:

https://www.digitalocean.com/docs/droplets/resources/lost-ssh-key/

Regarding, preventing this from happening. Can you share some more information here regarding the following:

  • What software are you using to connect?

  • What is the full error that you are getting?

Usually if get Permission denied (publickey), this could be due to one of the following:

  • You don’t have the matching key on your local machine
  • If you are using Putty, then maybe the location of your Public key changed and it is no longer loaded by Putty

Hope that this helps!
Regards,
Bobby

Thank you for your response. I’m using Windows 10 ubuntu bash.
I still cannot gain access to the droplet.
I have also verified that public key in /home/alex/.ssh/id_rsa.pub is registered on digitialocean SSH Keys. Again, it was working a few months ago and I haven’t made any changes.

Here is what I get when trying to ssh

OpenSSH7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh
config
debug1: /etc/ssh/sshconfig line 19: Applying options for *
debug1: Connecting to 204.48.25.76 [204.48.25.76] port 22.
debug1: Connection established.
debug1: identity file /home/alex/.ssh/id
rsa type 1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/alex/.ssh/idrsa-cert type -1
debug1: key
loadpublic: No such file or directory
debug1: identity file /home/alex/.ssh/id
dsa type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/alex/.ssh/iddsa-cert type -1
debug1: key
loadpublic: No such file or directory
debug1: identity file /home/alex/.ssh/id
ecdsa type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/alex/.ssh/idecdsa-cert type -1
debug1: key
loadpublic: No such file or directory
debug1: identity file /home/alex/.ssh/id
ed25519 type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/alex/.ssh/ided25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH
7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH7.4
debug1: match: OpenSSH
7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 204.48.25.76:22 as ‘root’
debug1: SSH2MSGKEXINIT sent
debug1: SSH2MSGKEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2MSGKEXECDHREPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:SR/xqDyLwnjPxx3/zW2PZ6dgjLP+Jqcou/kcHRCn66o
debug1: Host '204.48.25.76’ is known and matches the ECDSA host key.
debug1: Found key in /home/alex/.ssh/knownhosts:6
debug1: rekey after 134217728 blocks
debug1: SSH2
MSGNEWKEYS sent
debug1: expecting SSH2
MSGNEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2
MSGNEWKEYS received
debug1: SSH2
MSGEXTINFO received
debug1: kexinputextinfo: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2
MSGSERVICEACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure. Minor code may provide more information

debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug2: we did not send a packet, disable method
debug3: authmethodlookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod
isenabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/alex/.ssh/id
rsa
debug3: sendpubkeytest
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: inputuserauthpkok: fp SHA256:KJrwF9jZnErKFdVEq4OUbaaZqNUTgzwhC+wZow3Mx7U
debug3: sign
andsendpubkey: RSA SHA256:KJrwF9jZnErKFdVEq4OUbaaZqNUTgzwhC+wZow3Mx7U
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /home/alex/.ssh/iddsa
debug3: no such identity: /home/alex/.ssh/id
dsa: No such file or directory
debug1: Trying private key: /home/alex/.ssh/idecdsa
debug3: no such identity: /home/alex/.ssh/id
ecdsa: No such file or directory
debug1: Trying private key: /home/alex/.ssh/ided25519
debug3: no such identity: /home/alex/.ssh/id
ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

Have another answer? Share your knowledge.