I'm trying to install droplet but am stuck at SSH password

March 10, 2015 1.5k views
DigitalOcean Getting Started

First droplet was 32-bit but install failed because there is no 32-bit Docker. Destroyed droplet and rebuilt as 64-bit. As expected, I needed to run ssh-keygen -R IP because the SSH key changed but IP didn't.

No luck, it still demands a password! I've tried removing keys, regenerating keys and am stuck by my own security system. I'm not much of a hacker I guess!

  • Here is my verbose ssh XXed out IP and host key

    OpenSSH6.2p2, OSSLShim 0.9.8r 8 Dec 2011
    debug1: Reading configuration data /etc/ssh
    debug1: /etc/sshconfig line 20: Applying options for *
    debug1: /etc/ssh
    config line 53: Applying options for *
    debug1: Connecting to IPX>XXX>XX [IP>XXX>XX>X] port 22.
    debug1: Connection established.
    debug1: identity file /Users/Halcyon/.ssh/idrsa type 1
    debug1: identity file /Users/Halcyon/.ssh/id
    rsa-cert type -1
    debug1: identity file /Users/Halcyon/.ssh/iddsa type -1
    debug1: identity file /Users/Halcyon/.ssh/id
    dsa-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH6.2
    debug1: Remote protocol version 2.0, remote software version OpenSSH
    6.6.1p1 Ubuntu-2ubuntu2
    debug1: match: OpenSSH6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
    debug1: SSH2
    debug1: SSH2
    MSGKEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
    debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
    debug1: SSH2
    MSGKEXDHGEXREQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Server host key: RSA XXXXXXXXXX
    debug1: Host 'PX>XXX>XX' is known and matches the RSA host key.
    debug1: Found key in /Users/Halcyon/.ssh/knownhosts:1
    debug1: ssh
    rsaverify: signature correct
    debug1: SSH2
    debug1: expecting SSH2
    debug1: SSH2
    MSGNEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2
    debug1: SSH2MSGSERVICEACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /Users/Halcyon/.ssh/id
    debug1: Authentications that can continue: publickey,password
    debug1: Trying private key: /Users/Halcyon/.ssh/id_dsa
    debug1: Next authentication method: password

  • It looks like it's offering your key but the server is not accepting it, or the key contained in /Users/Halcyon/.ssh/id_rsa is not the correct one.

5 Answers

If you selected a key when creating the droplet and you're still being asked for a password when logging into it, that means your SSH client is not providing the key (or not providing the correct key) when you connect. You can diagnose this by increasing the verbosity of your SSH client by adding the '-v' argument (and you can it more than once to get more output)

Use the console to run this.

A couple of things to try:

first, remove servers from known_hosts do this:

ssh-keyscan yourdomainn.or.ip.address 

secondly, make sure permissions on your .ssh folders and home folder are good:

chmod go-wrx ~
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
  • As a follow-up to that awesome answer, don't forget:

    ### Easier to find out who you are rather than guessing ###
    ### Let's change the ownership to ensure you own the files ###
    chown ${iam}:${iam} ~/.ssh -R

or, even just:

chown -R $USER:$USER ~/.ssh
Have another answer? Share your knowledge.