SFTP Authentication Error

July 15, 2019 209 views
Apache WordPress Ubuntu 18.04

I can't seem to SFTP into my droplet. I have no issues getting in via the console (user and password, not ssh)

I've tried:

Server: I've tried it using both the raw IP address and the domain name with A record pointing to the IP. Neither works.

username: root

Password: I've created 2 new passwords in the console. All work (with username root) via the console. Neither worked in SFTP.

Port: Using port 22. Port 22 is allowed, when I look at ufw in the console.

Firewall: I've also tried completely disabling the firewall. That failed. When I tried enabling the firewall again, with tcp/22 There was no change.

I've tried powering down and the restarting the whole droplet. Also, droplet is original, not from a backup or snapshot.

Using Cyberduck for SFTP.

The error message I get is:
"Login failed. Exhausted available authentication methods. Please contact your web hosting service provider for assistance. Please contact your web hosting service provider for assistance."

4 Answers

Hello,

I think that SSH password authentication is disabled in your sshd config.

You could do one of those two things here:

  • Try adding your private SSH key to your Cyber Duck. You can do that by following these steps here:

1 Launch Cyberduck.
2 Click "+" button in the lower left to set up a connection.
3 Input the following information, and check the box "Use Public Key Authentication".
4 Select the saved private key.
5 Enter the private key passphrase, and then click login.

NOTE: in order to do that you should upload your public key to your ~/.ssh/authorized_keys first.

  • This is less secure I would say, but you could enable password authentication in your sshd config file:

To enable SSH password authentication, you must SSH in as root to edit this file:

/etc/ssh/sshd_config

Then, change the line

PasswordAuthentication no

to

PasswordAuthentication yes

After making that change, restart the SSH service by running the following command as root:

sudo systemctl restart ssh

Hope that this helps!
Bobby

  • Hi Bobby,

    You told me that in order to enable SSH password authentication, I had to SSH in as root. I can't SSH. That's the whole point here.

    So I went in via the console. I opened the /etc/ssh/sshd_config with nano. There wasn't a line in the file which said PasswordAuthentication no.
    So I just added a line at the bottom which said Password Authentication yes and then ran the sudo command sudo systemctl restart ssh

    In the end, it didn't help. I'm still getting the same error. Any other ideas?

    • Yes, doing this through the console was exactly what I meant.

      In your last comment you've mention that you added Password Authentication with a space in between, note that PasswordAuthentication should be all one word otherwise this would not work.

      Regards,
      Bobby

My mistake. I did it correctly in the file. I mistakenly added it here. It still isn't working properly.

  • Hi,

    Thanks for confirming! Can you try accessing the server via SSH using a terminal to see if that works?

    Also after some googling I've noticed that quite a few people are reporting the same problem with cyberduck. You could maybe try looking into this article here on the cyberduck official forum:

    https://trac.cyberduck.io/ticket/8486

    Let me know how it goes!
    Bobby

Hi Bobby,
Yeah, I changed to Filezilla. I think I've isolated the issue, I just don't know how to fix it.

My keys are publicly accessible and so if I try to SSH into my droplet, I get an error message saying that my keys will be ignored because other people have access to them (even though I'm the only user).

I'm not sure where my keys are in the droplet (since I don't have access to SFTP, it's hard to find it) and even if I did, I don't know how to move the keys to a private .ssh folder that no one else has access to.

Any ideas?

  • Hi Devin,

    Are you using a Windows PC or a Mac? I can then send you some instructions on how to setup your SSH keys correctly.

    Regards,
    Bobby

Have another answer? Share your knowledge.