Locked out of Droplet SSH

October 23, 2016 4.5k views
DigitalOcean Ubuntu
reala
By:
reala

I'm locked out of my VPS droplet. How can I create a new identity, so I'm able to log in? I don't recall ever creating a root password

OS: El Capitan 10.11.6
Distribution: Ubuntu 14.04

I used to ssh into my VPS. I have an id_rsa and a id_rsa.pub . I'm trying to access it now using:

root@104.236.87.210

Result > "Permission denied, please try again" (3 incorrect entries and then....)
> "Permission denied, (publickey,password)

I don't remember using a password in the past, thats why I configured ssh. Even if I did, what action can I take to "reset" my login password? I've tried generating new ssh keys, added them to my known_hosts with ssh-add. I've added the new ssh key to my VPS through the web interface.

Can anyone walk me through the proper process of resetting my login?

1 comment
Log In to Comment
2 Answers
xMudrii October 23, 2016
Accepted Answer

Hello,

Sorry to hear you had bunch of problems. Anyways I will write few sentences for you (if you didn't already destroyed Droplet) and for future readers.

First of all, you can try using ssh-copy-id from your local machine instead of ssh-add.
Step Four of Initial Server Setup Tutorial have it explained great.

Make sure that you have id_rsa and id_rsa.pub in your /home/sammy/.ssh on local machine.

Before using SSH as root make sure you didn't set PermitRootLogin to no.
Open /etc/ssh/sshd_config with any text editor from DigitalOcean Web Console if you can't access SSH:

  • sudo nano /etc/ssh/sshd_config

Find line PermitRootLogin. Make sure it's set to yes and there is no any # (comment) before line.
If you want to use password for login, make sure PasswordAuthentication is set to yes and there is also no # (comment).

Save file, exit editor and restart SSH:

  • sudo systemctl restart sshd

You can also for debugging create new user, add it to sudo group and use it for SSH instead of DigitalOcean Web Console.
Initial Sever Setup has it covered in Step One in Step Two.
In case you want to use that user with password instead of SSH key, make sure you have enabled PasswordAuthentication under your sshd_config (I wrote in previous step how to check it`.

Initial Server Setup with Ubuntu 16.04
by Mitchell Anicas
When you start a new server, there are a few steps that you should take every time to add some basic security and give you a solid foundation. In this guide, we'll walk you through the basic steps necessary to hit the ground running with Ubuntu 16.04.
Reply
  • reala October 23, 2016

    I believe your line about restarting ssh did the trick! I'm not sure what systemct1 is (seems specific to Fedora maybe). From the web console logged in as root, I restarted ssh with:

    $ service ssh restart

    sshd was an unrecognized service. Also, I followed your advice to set PermitRootLogin to yes (I previously had it set to without-password), maybe it was a combination of this and the service restart?

    I have not yet installed ssh-copy-id (not out the box with OSX) but I'll go ahead and install it now, since I see most tutorials using it. In either event, thanks for your help I really appreciate you taking the time to help me resolve this!

    • xMudrii October 23, 2016

      Glad to see you got it working! :)

      About systemctl, this is specific to systemd, a init system and system manager. Ubuntu prior to 15.04 used Upstart instead of systemd which had following syntax for managing services:

      • service name action(start/stop/restart...)

      As of 15.04 it uses systemctl, which uses systemctl instead of service to manage system service and units. Syntax is now:

      • systemctl action(start/stop/restart...) name

      Both, service and systemctl should be working on Ubuntu, but it's recommended now to use systemctl.

      If you want to learn more about it, there is DigitalOcean tutorial on it.

      How To Use Systemctl to Manage Systemd Services and Units
      by Justin Ellingwood
      Systemd is an init system and system manager that is widely becoming the new standard for Linux machines. While there is considerable controversy as to whether systemd is an improvement over the init systems it is replacing, the majority of distributions are either...
reala October 23, 2016

I was able to log in using the digitalocean web console. I logged in as root, but I still cannot ssh into my server from my OS (terminal).

Steps I took to reset root password:

  • Get to your droplet page on the website, click Access
  • Select Reset Root Password, then wait for the email
  • Get back to your droplet page, and click the Console or Launch Console button
  • Once the console is open, hit return or enter on your keyboard
  • In the next step, its important to note your username is probably different than the user you're trying to log in as. For example, my username is reala but my login was root
  • You should get a prompt with your username, asking you to login like below:
  • [username] login: _ (Here I entered root as my login)
  • Then you'll get a password prompt like below:
  • password: _ (I entered the password emailed to me, I typed it out didn't try pasting)
  • Once I logged in, I was successfully able to change my password. I can log in and out of the web console using that password as many times as I like
  • Hopefully your luck is better than mine and those username / pass credentials work the first time, mine took a bunch of tries

So I'm able to access my server using that process - but doesn't entirely solve my problem. I'm still being asked for a password when I try to ssh in from my OS terminal. And my new password ONLY works in the web console, it does not work when I'm asked for a password from my OS. I'm not sure whats going on, I'm almost tempted to destroy my droplet, lose all my work and start fresh. Already lost an entire day over this. Hopefully the above atleast gets someone else access to their VPS.

Reply
Have another answer? Share your knowledge.

Related Questions