Doctl asks for root password when SSH-ing into droplet

December 22, 2016 301 views
DigitalOcean CentOS

I'm setting up a droplet using Doctl, like so:

doctl compute droplet create DROPLET_NAME --size 2gb --image centos-7-x64 \
--region tor1 --ssh-keys FINGERPRINT --enable-private-networking

but when I use doctl compute ssh DROPLET_NAME, it asks me for the root password (since it's trying to log in with the root account). Since I've just set up this droplet, I haven't set the root password, so I can't SSH into the droplet. That shouldn't really matter, though, because I want to use the key-based authentication I used to create the droplet.

Why is it asking me for a password I don't have? Is there a default password, or do I need to use the web interface to reset the root password? What's the point of Doctl, if I have to use the web interface anyway?

2 Answers
ryanpq MOD December 22, 2016
Accepted Answer

When specifying an ssh-key, there is no root password set. Having a password prompt indicates one of two things:

1.) The key fingerprint you provided is invalid or corrupted. Try adding your key through the control panel and using the ID instead of the fingerprint to check on this.

2.) The user ssh is running under doesn't have the appropriate private key in ~/.ssh/ If you're running doctl with sudo or as a different user this could be the case.

  • Note that if your SSH key is located somewhere besides the default directory, you can specify its location using the --ssh-key-path flag.

It does work with Doctl. I just verified it and yes, working as indeed, used same command as yours.

What's your version of doctl? Executing doctl version should show you it:

Sample output
doctl version 1.5.0

Version should not be relevant, but could help debugging if you can't solve it.

Make sure you have SSH keys under ~/.ssh/. If not please use --ssh-key-path flag with location to SSH key, e.g.

  • doctl compute ssh DROPLET_NAME --ssh-key-path "/some/path/key_pub"

Also, make sure you have correct SSH key under your DO settings and that you are using right fingerprint.
To list all SSH keys with fingerprint, you can use:

  • doctl compute ssh-key list

If problem persist, you can remove key and add it once again to be sure it's correct.

Have another answer? Share your knowledge.