Question

SSH from to a droplet from a new client machine

Posted October 24, 2020 140 views
DigitalOcean

There are lots of questions almost like this one, but not quite the same (or not that I’ve found). I am trying to ssh into my droplet. Ages ago I set up my droplet with the right keys so I did not need a password. That works just fine, even now I can ssh into the droplet just fine.
So what’s the problem? Well, I’m setting up a new machine and copying everything from my old machine over. The new machine doesn’t let me log in. I’ve checked the permissions of the various files in my ~/.ssh directory and they look fine.
Next I ran ssh -v and recorded the output on both the old machine (which works) and the new machine (which doesn’t). It is quite long but I looked through to find the differences. Down near the end the old (working) machine looks like this:

debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:<long string> /home/roger/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering public key: RSA SHA256:<long string> /home/roger/.ssh/id_rsa_docean
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentication succeeded (publickey).

Whereas the new machine looks like this:

debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/roger/.ssh/id_rsa RSA SHA256:<long string> agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: roger@benedict RSA SHA256:<long string> agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: roger.parkinson35@gmail.com RSA SHA256:<long string> agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: roger@benedict RSA SHA256:<long string> agent
debug1: Server accepts key: roger@benedict RSA SHA256:<long string> agent
sign_and_send_pubkey: signing failed for RSA "roger@benedict" from agent: agent refused operation

The important difference, I think, is that the old machine does an 'offering public key ... .ssh/id_rsa_docean' and the new one does not. I do recall putting key information into that file when I set this up ages ago. The file is present on the new machine gut it isn’t using it. Instead it tries several other things and eventually fails.

The new machine is using a different version of ssh, so maybe my old files aren’t compatible with the new version. I feel if I could just tell it about the key file it would probably work. But I haven’t found how to do that.

Thanks for any help.

edited by bobbyiliev

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi there @rogerparkinson,

There are a couple of things that you could do:

  • Option 1: When running the ssh command specify your SSH key with the -i flag:
  • ssh -i ~/.ssh/id_rsa_docean your_user@your_server
  • Option 2: Add the following information to your ~/.ssh/config:
Host your_server_ip
    IdentityFile ~/.ssh/id_rsa_docean
    User your_user
    IdentitiesOnly yes
  • Option 3: If you do not have any other SSH keys on your machine, rename the ~/.ssh/id_rsa_docean file to ~/.ssh/id_rsa so that it is the default key used when you try to SSH

Hope that this helps!
Regards,
Bobby

Submit an Answer