Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
PuTTY connection refused on Windows 8.1 Question Question
When do y'all plan on having Ubuntu 15.04? Question Question

Question

Locked out of Droplet SSH

Posted October 23, 2016 8.3k views
UbuntuDigitalOcean

I’m locked out of my VPS droplet. How can I create a new identity, so I’m able to log in? I don’t recall ever creating a root password

OS: El Capitan 10.11.6
Distribution: Ubuntu 14.04

I used to ssh into my VPS. I have an id_rsa and a id_rsa.pub . I’m trying to access it now using:

root@104.236.87.210

Result > “Permission denied, please try again” (3 incorrect entries and then....)
> “Permission denied, (publickey,password)

I don’t remember using a password in the past, thats why I configured ssh. Even if I did, what action can I take to "reset” my login password? I’ve tried generating new ssh keys, added them to my known_hosts with ssh-add. I’ve added the new ssh key to my VPS through the web interface.

Can anyone walk me through the proper process of resetting my login?

Add a comment
reala
By:
reala

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
PuTTY connection refused on Windows 8.1 Question Question
When do y'all plan on having Ubuntu 15.04? Question Question
Add a comment
1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
xMudrii October 23, 2016

Hello,

Sorry to hear you had bunch of problems. Anyways I will write few sentences for you (if you didn’t already destroyed Droplet) and for future readers.

First of all, you can try using ssh-copy-id from your local machine instead of ssh-add.
Step Four of Initial Server Setup Tutorial have it explained great.

Make sure that you have id_rsa and id_rsa.pub in your /home/sammy/.ssh on local machine.

Before using SSH as root make sure you didn’t set PermitRootLogin to no.
Open /etc/ssh/sshd_config with any text editor from DigitalOcean Web Console if you can’t access SSH:

  • sudo nano /etc/ssh/sshd_config

Find line PermitRootLogin. Make sure it’s set to yes and there is no any # (comment) before line.
If you want to use password for login, make sure PasswordAuthentication is set to yes and there is also no # (comment).

Save file, exit editor and restart SSH:

  • sudo systemctl restart sshd

You can also for debugging create new user, add it to sudo group and use it for SSH instead of DigitalOcean Web Console.
Initial Sever Setup has it covered in Step One in Step Two.
In case you want to use that user with password instead of SSH key, make sure you have enabled PasswordAuthentication under your sshd_config (I wrote in previous step how to check it`.

Initial Server Setup with Ubuntu 16.04
by Mitchell Anicas
When you start a new server, there are a few steps that you should take every time to add some basic security and give you a solid foundation. In this guide, we'll walk you through the basic steps necessary to hit the ground running with Ubuntu 16.04.
Reply Report
  • reala October 23, 2016

    I believe your line about restarting ssh did the trick! I’m not sure what systemct1 is (seems specific to Fedora maybe). From the web console logged in as root, I restarted ssh with:

    $ service ssh restart

    sshd was an unrecognized service. Also, I followed your advice to set PermitRootLogin to yes (I previously had it set to without-password), maybe it was a combination of this and the service restart?

    I have not yet installed ssh-copy-id (not out the box with OSX) but I’ll go ahead and install it now, since I see most tutorials using it. In either event, thanks for your help I really appreciate you taking the time to help me resolve this!

    Reply Report
    • xMudrii October 23, 2016

      Glad to see you got it working! :)

      About systemctl, this is specific to systemd, a init system and system manager. Ubuntu prior to 15.04 used Upstart instead of systemd which had following syntax for managing services:

      • service name action(start/stop/restart...)

      As of 15.04 it uses systemctl, which uses systemctl instead of service to manage system service and units. Syntax is now:

      • systemctl action(start/stop/restart...) name

      Both, service and systemctl should be working on Ubuntu, but it’s recommended now to use systemctl.

      If you want to learn more about it, there is DigitalOcean tutorial on it.

      How To Use Systemctl to Manage Systemd Services and Units
      by Justin Ellingwood
      Systemd is an init system and system manager that has become the new standard for Linux distributions. In this guide, we will be discussing the systemctl command, which is the central management tool for controlling the init system. We will cover how to manage services, check statuses, change system states, and work with the configuration files.
      Reply Report
reala October 23, 2016

I was able to log in using the digitalocean web console. I logged in as root, but I still cannot ssh into my server from my OS (terminal).

Steps I took to reset root password:

  • Get to your droplet page on the website, click Access
  • Select Reset Root Password, then wait for the email
  • Get back to your droplet page, and click the Console or Launch Console button
  • Once the console is open, hit return or enter on your keyboard
  • In the next step, its important to note your username is probably different than the user you’re trying to log in as. For example, my username is reala but my login was root
  • You should get a prompt with your username, asking you to login like below:
  • [username] login: _ (Here I entered root as my login)
  • Then you’ll get a password prompt like below:
  • password: _ (I entered the password emailed to me, I typed it out didn’t try pasting)
  • Once I logged in, I was successfully able to change my password. I can log in and out of the web console using that password as many times as I like
  • Hopefully your luck is better than mine and those username / pass credentials work the first time, mine took a bunch of tries

So I’m able to access my server using that process - but doesn’t entirely solve my problem. I’m still being asked for a password when I try to ssh in from my OS terminal. And my new password ONLY works in the web console, it does not work when I’m asked for a password from my OS. I’m not sure whats going on, I’m almost tempted to destroy my droplet, lose all my work and start fresh. Already lost an entire day over this. Hopefully the above atleast gets someone else access to their VPS.

Reply Report
  • codecowboy August 18, 2018

    Did you resolve this? Having the same problem

    Reply Report
  • P34NUT February 4, 2021

    Looks like we are having the same problem my pal.

    I have setup two users with sudo via the website console, and then used console via the following:

    sudo nano /etc/ssh/sshd_config

    Then changed the values of:

    PermitRootLogin Yes
    to
    PermitRootLogin no

    Then use the following command to restart ssh

    sudo systemctl restart ssh

    ** Note at this point I have still left Password Enabled for the two users I setup **

    I then switch to desktop (Ubuntu latest LTS version) and open terminal with ctrl+alt+T
    then use the following to ssh into the droplet

    ssh-copy-id name@ipaddress

    I do this for both users and respond with yes at the prompt. Once I have logged both users out, I then use the root user which is still logged in at the website terminal to edit the
    /etc/ssh/sshd_config
    and change the
    PasswordAuthentication Yes
    to
    PasswordAuthentication no

    Before I closed the file, I scoot up the page and between

    ListenAddress ::

    and

    HostKey /etc/ssh/sshhostrsa_key

    I enter a new line

    ListenAddress ::

    AllowUsers username1 username2

    HostKey /etc/ssh/sshhostrsa_key

    I then ctrl+x out and hit Y and enter to save the changes then

    sudo systemctl restart ssh

    Now when I switch to desktop and try to connect via desktop terminal I am shut out.

    Same error messages as yourself, sometimes it also times out.

    When I go to the Authorized_Keys file, which I access via the root user which is still logged in

    *** Just want to note if I log this user out now I lock myself out completely **

    When I goto the authorized_keys file its empty, and any attempt to copy and past the key from desktop to server results in wrong text.

    I also tried the following:

    cd /etc/ssh/

    sudo nano sshhostrsa_key.pub

    *del s and retype s

    [ctrl+x] then [Y] then rename to authorized_keys

    then typed the following

    sudo mv authorized_keys ~/.ssh/

    sudo systemctl restart ssh

    The file is replaced with the newly created one with a key, but still nothing

    I also re-open the file with nano and use ctrl+K and then ctrl+U x 3 and edit the end of the keys to represent the usernames and logins
    example:

    xxxx= username@server
    xxxx= username2@server
    xxxx= username3@server

    and still nothing

    although at this point I am getting more timeouts.

    SOOOO

    At this point I finally found a solution.

    On my ubuntu Desktop I clicked open the file icon and navigated to the key files

    highlighted both files

    left clicked properties

    left clicked permissions

    changed the values to the following

    Owner: me
    Access: Read and Write

    Group: username
    Access: none

    Others:
    Access: None

    Execute: Do Not Be Stupid

    then closed using the x in the top right

    Then I popped open the console with ctrl+alt+t and typed the following:

    ssh-add username@serveripaddress

    and viola the server accepted me as one of it own 0.0

    Hope this works for you :) and good luck + have fun <3

    Also dont forget to do the following:

    sudo nano /etc/ssh/sshd_config

    change the following:

    PasswordAuthentication yes
    to
    PasswordAuthentication no

    Reply Report

Related

Looking for something else?

Ask a new question Search for more help