Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Can't acces my CentOS/oracle 11g database Question Question
Multiple domains Question Question

Question

Cannot root login via SSH to Centos 7 on Digitalocean anymore

Posted August 21, 2019 7.2k views
CentOSDevelopment

Hi I had set up SSH login to my Centos droplet and disabled login via a password. It has been working fine for a year. I haven’t ssh'ed into the droplet for a few months and now when I try to I get an error - “Permission Denied”. The machine I connect from hasn’t changed. The keys from the Windows 10 machine I connect from were previously installed on the droplet and worked fine for a year.
I guess I’m locked out of the droplet now. But my main question is: why did this happen and how do I make sure it does not happen in the future?

Add a comment
hellodigitalworld
By:
hellodigitalworld

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Can't acces my CentOS/oracle 11g database Question Question
Multiple domains Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
4 answers
bobbyiliev August 22, 2019

Hello,

Here’s a step by step guide on how to get access back to your droplet:

https://www.digitalocean.com/docs/droplets/resources/lost-ssh-key/

Regarding, preventing this from happening. Can you share some more information here regarding the following:

  • What software are you using to connect?

  • What is the full error that you are getting?

Usually if get Permission denied (publickey), this could be due to one of the following:

  • You don’t have the matching key on your local machine
  • If you are using Putty, then maybe the location of your Public key changed and it is no longer loaded by Putty

Hope that this helps!
Regards,
Bobby

Reply Report
hellodigitalworld August 23, 2019

Thank you for your response. I’m using Windows 10 ubuntu bash.
I still cannot gain access to the droplet.
I have also verified that public key in /home/alex/.ssh/id_rsa.pub is registered on digitialocean SSH Keys. Again, it was working a few months ago and I haven’t made any changes.

Here is what I get when trying to ssh

OpenSSH7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/sshconfig
debug1: /etc/ssh/sshconfig line 19: Applying options for *
debug1: Connecting to 204.48.25.76 [204.48.25.76] port 22.
debug1: Connection established.
debug1: identity file /home/alex/.ssh/idrsa type 1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/alex/.ssh/idrsa-cert type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/alex/.ssh/iddsa type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/alex/.ssh/iddsa-cert type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/alex/.ssh/idecdsa type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/alex/.ssh/idecdsa-cert type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/alex/.ssh/ided25519 type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/alex/.ssh/ided25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH7.4
debug1: match: OpenSSH7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 204.48.25.76:22 as ‘root’
debug1: SSH2MSGKEXINIT sent
debug1: SSH2MSGKEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2MSGKEXECDHREPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:SR/xqDyLwnjPxx3/zW2PZ6dgjLP+Jqcou/kcHRCn66o
debug1: Host '204.48.25.76’ is known and matches the ECDSA host key.
debug1: Found key in /home/alex/.ssh/knownhosts:6
debug1: rekey after 134217728 blocks
debug1: SSH2MSGNEWKEYS sent
debug1: expecting SSH2MSGNEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2MSGNEWKEYS received
debug1: SSH2MSGEXTINFO received
debug1: kexinputextinfo: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2MSGSERVICEACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure. Minor code may provide more information

debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug2: we did not send a packet, disable method
debug3: authmethodlookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethodisenabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/alex/.ssh/idrsa
debug3: sendpubkeytest
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: inputuserauthpkok: fp SHA256:KJrwF9jZnErKFdVEq4OUbaaZqNUTgzwhC+wZow3Mx7U
debug3: signandsendpubkey: RSA SHA256:KJrwF9jZnErKFdVEq4OUbaaZqNUTgzwhC+wZow3Mx7U
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /home/alex/.ssh/iddsa
debug3: no such identity: /home/alex/.ssh/iddsa: No such file or directory
debug1: Trying private key: /home/alex/.ssh/idecdsa
debug3: no such identity: /home/alex/.ssh/idecdsa: No such file or directory
debug1: Trying private key: /home/alex/.ssh/ided25519
debug3: no such identity: /home/alex/.ssh/ided25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

Reply Report
mattieluckie December 28, 2019

I have this EXACT same issue w/ CentOS7!
I will have to change my droplet to Ubuntu or Fedora.

THIS IS NOT ACCEPTABLE!

SSH works ONLY in the recovery environment - the SSHD process isn’t even running when powered up (tested via nmap)

Reply Report
mattieluckie December 28, 2019

The problem is this!

/var/log/messages:Dec 28 05:42:37 tor1 sshd: /etc/ssh/sshd_config: Permission denied

Reply Report

Related

Looking for something else?

Ask a new question Search for more help