When I click console, I am prompted for a login. I use "root" and then enter my password. That works fine.
I use putty to SSH in, I am prompted for a login. I use "root" and then enter my password (as prompted), but it doesn't accept the login credentials.
Have you modified security settings for SSH or root at some point?
Login on console, then run tail -f /var/log/auth.log. Now login over SSH and have it fail. What do you see in the console?
Also have a look with tail -50 /var/log/syslog
You can take screenshots of the console and upload to imgur.com and post link here.
Truthfully, I think this answer queued my brain back into the right mode. I have subdomains pointing to separate servers. I was going to the wrong server.
If you're able to log in to console, but not via SSH, ufw is probably active and you've been blocked.
If you log in to console, run ufw status and see if ufw is running. If it is, you can disable using:
ufw disable
Once disabled, try to login via SSH. If you're able to login once again, I'd simply reset ufw and add your policies back.
ufw reset
ufw default deny incoming
ufw default allow outgoing
Allow SSH:
ufw allow 22/tcp
If you need HTTP/HTTPS (Ports 80 and 443):
ufw allow 80/tcp
ufw allow 443/tcp
Once you've setup your firewall rules as above, re-enable ufw:
ufw enable
@jtittle If the login prompt is being shown via SSH, then it cannot be the firewall. I would probably guess root is not allowed to login directly via SSH.
Ah, I overlooked that.
If root is indeed locked, with PasswordAuthentication on, that's a bit strange (if this is a new Droplet). If it's an existing Droplet and you're just now beginning to have an issue logging in, it's definitely a good idea to check the logs and see if there's something going on.
Lot of helpful information and thoughts here. Thank you. Turned out it was foible on my part. Subdomain pointed to a different server and I was connecting by host instead of IP. So I was trying to login into the wrong server.