Related

View website without changing the DNS Question Question
How to add a second SSH key so another user connects to SFTP? Question Question

Question

I'm trying to install droplet but am stuck at SSH password

Posted March 10, 2015 4.1k views
Getting StartedDigitalOcean

First droplet was 32-bit but install failed because there is no 32-bit Docker. Destroyed droplet and rebuilt as 64-bit. As expected, I needed to run ssh-keygen -R IP because the SSH key changed but IP didn’t.

No luck, it still demands a password! I’ve tried removing keys, regenerating keys and am stuck by my own security system. I’m not much of a hacker I guess!

Add a comment
mshamblott
By:
mshamblott

Related

View website without changing the DNS Question Question
How to add a second SSH key so another user connects to SFTP? Question Question
Add a comment
2 comments
  • mshamblott March 10, 2015
    Reply Report

    Here is my verbose ssh XXed out IP and host key

    OpenSSH6.2p2, OSSLShim 0.9.8r 8 Dec 2011
    debug1: Reading configuration data /etc/ssh    config
    debug1: /etc/sshconfig line 20: Applying options for *
    debug1: /etc/ssh    config line 53: Applying options for *
    debug1: Connecting to IPX>XXX>XX [IP>XXX>XX>X] port 22.
    debug1: Connection established.
    debug1: identity file /Users/Halcyon/.ssh/idrsa type 1
    debug1: identity file /Users/Halcyon/.ssh/id    rsa-cert type -1
    debug1: identity file /Users/Halcyon/.ssh/iddsa type -1
    debug1: identity file /Users/Halcyon/.ssh/id    dsa-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH6.2
    debug1: Remote protocol version 2.0, remote software version OpenSSH    6.6.1p1 Ubuntu-2ubuntu2
    debug1: match: OpenSSH6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
    debug1: SSH2    MSGKEXINIT sent
    debug1: SSH2    MSGKEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
    debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
    debug1: SSH2    MSGKEXDHGEXREQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Server host key: RSA XXXXXXXXXX
    debug1: Host ‘PX>XXX>XX’ is known and matches the RSA host key.
    debug1: Found key in /Users/Halcyon/.ssh/knownhosts:1
    debug1: ssh    rsaverify: signature correct
    debug1: SSH2    MSGNEWKEYS sent
    debug1: expecting SSH2    MSGNEWKEYS
    debug1: SSH2    MSGNEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2    MSGSERVICEREQUEST sent
    debug1: SSH2MSGSERVICEACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /Users/Halcyon/.ssh/id    rsa
    debug1: Authentications that can continue: publickey,password
    debug1: Trying private key: /Users/Halcyon/.ssh/id_dsa
    debug1: Next authentication method: password

  • gparent March 15, 2015
    Reply Report

    It looks like it’s offering your key but the server is not accepting it, or the key contained in /Users/Halcyon/.ssh/id_rsa is not the correct one.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
5 answers
gparent March 10, 2015

If you selected a key when creating the droplet and you’re still being asked for a password when logging into it, that means your SSH client is not providing the key (or not providing the correct key) when you connect. You can diagnose this by increasing the verbosity of your SSH client by adding the ’-v’ argument (and you can it more than once to get more output)

Reply Report
Aprexer March 10, 2015

Use the console to run this.

Reply Report
mshamblott March 10, 2015
[deleted]
Reply Report
sierracircle March 11, 2015

A couple of things to try:

first, remove servers from known_hosts do this:

ssh-keyscan yourdomainn.or.ip.address

secondly, make sure permissions on your .ssh folders and home folder are good:


chmod go-wrx ~
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Reply Report
  • JonsJava March 25, 2015

    As a follow-up to that awesome answer, don’t forget:

    ### Easier to find out who you are rather than guessing ###
iam=$(whoami)
### Let's change the ownership to ensure you own the files ###
chown ${iam}:${iam} ~/.ssh -R
    Reply Report
sierracircle March 25, 2015

or, even just:

chown -R $USER:$USER ~/.ssh
Reply Report

Related

Looking for something else?

Ask a new question Search for more help