SSH connection issue(s)

March 14, 2014 6.8k views
Hi, I am having some real problems connecting to my VPS via SSH. I am very much a newcomer to this world but I have followed the Digital Ocean tutorial as well as taken advice from friends (and Google) but unfortunately I am not getting anywhere. I am using Secure Shell, an official Google extension for Chrome OS. The problem is that: I cannot connect via SSH at all. Here are the steps I am taking... a) Login via VNC from Digital Ocean control panel as user 'adt' with password b) Type command 'ssh-keygen -t rsa' and follow instructions to create two keys called id_rsa and c) Use command 'ssh-copy-id adt@***.***.***.***' (my IP address for VPS) d) Follow instructions and check that correct public key has been added to authorized_keys file e) Attempt SSH login using Secure Shell (Chrome OS extension mentioned above). I import both public and private key into the client. f) I am just asked, as normal, for my user password, not passphrase. Occasionally I have been asked to enter passphrase for id_rsa files and when doing this it seems to fail, no acknowledgement of password being entered correctly or even incorrectly. Basically, I am not seeing any of my SSH sessions as being encrypted with SSH keys. I have had this working before but that was when I created a Droplet with an existing SSH key I uploaded to the Digital Ocean control panel. I am pretty certain I'm doing something wrong as I have tried on numerous Droplets but cannot get anywhere using the method above. It has been advised that I generate keys using a machine that is not the VPS but this is not easy using Chrome OS and I would have thought that as long as the keys are generated, it should not matter where they come from. If it does matter, then why are you able to generate a key on the VPS? I have seen some information on the web pointing out that OpenSSH does not generate in the proper RSA format (this seems a bit counter-productive if true!) I'm really just looking for some guidance, if possible! Thanks in advance.
7 Answers
What is the permission of ~/.ssh/authorized_keys?
That file should not be global writable, otherwise it will fail.
You may try to run:
sudo chmod 0600 ~/.ssh/authorized_keys

You can also make the following changes to /etc/ssh/sshd_config to force public key authentication.

PasswordAuthentication no
RSAAuthentication yes
PubkeyAuthentication yes
Hi Tony, thanks for your response.

The file permissions are fine but I did run that command anyway. The permissions didn't change once I did it so I presume they were set correctly in the first place.

I have also altered those settings you mentioned in the sshd_config file previously after looking around on Google but I did try them again but to no avail.

This leaves me here:

I am connecting via Secure Shell client to my VPS with user 'adt'. I am then met with this:
Enter passphrase for key '/.ssh/id_rsa':
I can put in the passphrase and it lets me in as expected (but no confirmation of the connecting being secured with SSH key) or, worryingly, if I get the password wrong, I am prompted to enter it a further two times. When I have got it wrong for the third time I am then prompted for the user 'adt' password, completely negating the point of the key in the first place.

Can you assist any further, please?


I have just run the 'reload ssh' command and now I am locked out because of disabling passwords through sshd_config, obviously this is expected.

So I am met with the same message about asking for the passphrase except this time, entering the correct passphrase won't work and after the third attempt I am met with this message:
Permission denied (publickey).
NaCl plugin exited with status code 255.
I've tried Secure Shell on chrome browser with the same result as you said.
That only happen with passphrase protected key.

You can remove the passphrase, or just create a new one without passphrase, then import the new key to secure shell.
openssl rsa -in [key_with_passphrase] -out [new_key_without_passphrase]

Good luck.

No clue of what happened.
OK, that's helped tremendously, thank you!

I have managed to use another SSH client called 'FireSSH' and that works just fine (so far!)

I generated a new key pair without passphrase and followed the usual steps. That worked just fine and has authorised the publickey when I logged in.

Passphrase doesn't work on either client for some reason. I would prefer a passphrase as I'm on a portable device (Chromebook) for obvious reasons but at least I know I can access via SSH for now and carry on with some more interesting stuff!

Any ideas as to why passphrase wouldn't work with a SSH client?

Thanks again!
Found something interesting, chrome shell, but I don't have a chromebook to test.
Have another answer? Share your knowledge.