Question

permission denied after creating droplet using ssh keys

I created a new droplet using “Ruby on Rails on 14.04” and added SSH keys in stead of using root password. When I tried connecting through ssh I got these results :(

$ ssh xxx.xxx.xx.xxx
pc@xxx.xxx.xx.xxx's password: *************
Permission denied, please try again.
pc@xxx.xxx.xx.xxx's password: 

Then I tried:

$ ssh root@xxx.xxx.xx.xxx
root@xxx.xxx.xx.xxx's password: 
Permission denied, please try again.
root@xxx.xxx.xx.xxx's password: 

Then I tried:

$ ssh -i /path/to/.ssh/id_rsa_private_key root@xxx.xxx.xx.xxx
root@xxx.xxx.xx.xxx's password: 
Permission denied, please try again.
root@xxx.xxx.xx.xxx's password: 

I’m not sure what to do at this point … can you help me?

Subscribe
Share

This was driving me nuts! NUTS! But this should help you…

BEFORE you try to SSH into server type:

  1. ```eval `ssh-agent -s````
  2. ssh-add ~/.ssh/id_rsa where id_rsa is the file with your ssh key (this is the default version so chances are yours is the same. If not, change it.
  3. ssh root@xxx.xxx.xxx and hopefully no password required Needed them to log on. (From Tutorial https://www.digitalocean.com/community/tutorials/how-to-connect-to-your-droplet-with-ssh)

Hi, again…

Just started all over with a new droplet and new ssh key making sure I had the permissions correct like stated in http://www.howtogeek.com/168119/fixing-warning-unprotected-private-key-file-on-linux/

I still have the same problem; what user should I be connecting as when doing ssh? should I be doing

$ ssh root@xxx.xxx.xx.xxx

or just

$ ssh xxx.xxx.xx.xxx

And since I have password protected my private key I guess that is the password being asked for, right? In my public key file id_rsa.pub I have my public key and all the way in the end there is a, mmmmm user?, something like mypc@mypc … what role does that play in all of this?

thank you for all the help.

Thank you @clivestrydom Worked like a charm.

thank you clivestrydom

I tried all of what was written in here to connect to my server through SSH keys. And nothing worked. Found this tutorial and it worked great which essentially boils down to:

Note: Not sure if this matters, but I generated a id_ecdsa key, mostly cause when I trouble shooted the SSH it was trying to hit that unsuccessfully. You may be fine with just using rd_rsa or id_dsa.

  1. Reset your root password in your Digital Ocean control panel - go to your droplet
  2. Go to your Web Console and log in with your root and new_password_emailed_to_you.
  3. Change your temporary reset password that was emailed to you.
  4. Turn on password required - actually changing a couple of values as outlined in the tutorial below.
  5. Restart SSH (the tutorial command did not work for me, use sudo service ssh restart)
  6. Make sure that Digital Ocean is removed from your .ssh/known_hosts file. You will see it at the bottom.
  7. Try accessing through SSH again, and this time it will ask for your root password when adding as a known host

And then you should be in like Flynn.

Steps on how to configure your SSH to accept password. http://webdesignforidiots.net/2016/02/digital-ocean-public-key-access-denied-on-existing-droplet/

thank you clive :)

Thank you @clivestrydom - This did the trick for me.

I am having a similar problem I tried following the instructions above with no luck. I killed the first droplet and started everything from scratch, followed all the instructions in the Tutorial and still no luck. ssh is just not working. Any suggestions?

Hmm, I feel like this happened to me a while back too. If your client machine is running Linux you may want to double check the permission settings for the key. You may want to check out this tutorial if you are having key permission problems, but it doesn’t look like you are having those issues. http://www.howtogeek.com/168119/fixing-warning-unprotected-private-key-file-on-linux/

I made the silly mistake once of not using the right key, and that obviously didn’t work. You may want to double check it. Finally, as a worst case scenario I believe that you can go to the Digital Ocean Control Panel for your Droplet and under “Access” I believe that you can click reset root password and it should restore it.

Hope This Helps! Have a Great Day!


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Nothing at all on the internet could help me solve this. In the end what worked was to take these steps:

1 - Resetting the root password from the Digital Ocean website

2 - logging-in using the console in the Digital Ocean website (it will prompt you to choose a different pass)

3 - edit /etc/ssh/sshd_config and changing the line PasswordAuthentication no to PasswordAuthentication yes

4 - service ssh reload

5 - Then I could login from my terminal using ssh root@ipaddress and inserting the password

This was driving me nuts! NUTS! But this should help you…

BEFORE you try to SSH into server type into Command Line:

eval ssh-agent -s ssh-add ~/.ssh/id_rsa where id_rsa is the file with your ssh key (this is the default version so chances are yours is the same. If not, change it. ssh root@xxx.xxx.xxx and hopefully no password required Needed them to log on. (From Tutorial https://www.digitalocean.com/community/tutorials/how-to-connect-to-your-droplet-with-ssh)

I faced the same problem when I used only ssh root@server_ip

then I solved the problem by the using in the following format:

ssh -o “IdentitiesOnly yes” -i ~/.ssh/yourprivate_id root@server-ip

I have had this problem with OSX, this is how I fix it.

prerequisite: you have created a rsa file and added it to the droplet.

Tip: Using finder you can hold shift command . to see hidden files. Your .ssh folder will be located at HD>Users>username>~/.ssh

  1. Check that you have the key there or in a subfolder

  2. Check that you have a config file - if not - create one - from terminal nano ~/.ssh/config or open from Finder with TextEdit, sublime, etc…

  3. Edit your ~/.ssh/config file as follows:

Host some_droplet 
 HostName 8.8.8.8
 IdentityFile ~/.ssh/id_rsa_file
 User root
 AddKeysToAgent yes
 UseKeychain yes

Notes: “Host” can be any name you want for when you login from terminal. “HostName” should be your droplets IP address. “IdentityFile” should be the file location of your Key. “User” should be root for the first time.

Tip: you can repeat the above block of code for every droplet you have, where each block needs a separate “Host” name. They can all share the same “IdentityFile” (easy way) or you can generate new keys each time.

  1. Extra step: After you login create a new user - replace newuser below with the user name you choose.
ssh some_droplet
adduser newuser #Create privileged user
usermod -aG sudo newuser #Add User to Admin group
rsync --archive --chown=newuser:newuser ~/.ssh /home/newuser #Copy /.ssh directory to new user for RSA keys
exit

nano ~/.ssh/config #local machine
#change User from root to newuser

ssh some_droplet #login as newuser
chmod 600 ~/.ssh/authorized_keys #change file permissions

Disable ssh root login and go about your business.

@clivestrydom You are a f*cking life saver! I’ve always had this stupid problem with new Droplets and Preconfigured SSH always given me “Permission denied”. I can’t believe why DO doesn’t mention this configuration for specific named keys.

This worked for me:

chmod go-w ~/ chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys

https://www.howtogeek.com/168156/fixing-authentication-refused-bad-ownership-or-modes-for-directory/

An easy way to ensure you can connect with public/private ssh keys when first deploying a droplet is by using an ssh config file. If you’re on a Mac, create your config file inside your ~/.ssh directory, then fill in the blanks (CAPS), below:

Host A_CONNECTION_NAME_OF_YOUR_CHOICE Hostname YOUR.SERVER.IP.ADDRESS Port 22 user root IdentityFile ~/.ssh/PRIVATEKEY

Then in your CLI simply type in:

ssh A_CONNECTION_NAME_OF_YOUR_CHOICE

and you should connect. Obviously if your private key has a password on it, you’ll need to enter that password when prompted.

Hope this helps someone out there!

I had trouble with this for almost 2 hours. And the I stumbled across this: http://webdesignforidiots.net/2016/02/digital-ocean-public-key-access-denied-on-existing-droplet/

Worked like a charm.

DSA keys are not accepted by default anymore on newest Ubuntus. This might be your case. If you have id_dsa keys, you need to replace them by RSA keys. Ubuntu 16.04 uses OpenSSH 7.x, which does not allow these DSA keys due to their security issues. This issue almost drove me crazy, because I had not experienced any issues before when connecting to my droplets with ssh.

See:

I’ve found that using the web console and pressing # on my keyboard actually inputs a 3!

This caused me all sorts of headaches as my password contained a # and I couldn’t do much out of the web console because it threw login errors.

PuTTY works a treat if you need hashtags!

Wordpress on 14.04