Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
GUI for MongoDB needed to mange Meteor app Question Question
Why are snapshots so slow Question Question

Question

SSH key installation on existant droplet: Password still prompting

Posted May 23, 2021 276 views
UbuntuUbuntu 20.04DigitalOcean Droplets

SSH key installation on existant droplet

I’ve installed a SSH key from the account settings > security. The public SSH key I’ve generated from an Ubuntu *terminal on my *Windows *machine was successfully added to in my *DigitalOcean *account. Problem is that the password is still prompting despite having the *SSH key.

What I’ve tried

  • Public SSH key checked and repasted into my account

Questions

  • Should I delete/recreate the droplet to link my public SSH key?
Add a comment
daviddoi
By:
daviddoi

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
GUI for MongoDB needed to mange Meteor app Question Question
Why are snapshots so slow Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
dikshith May 23, 2021

Hello @daviddoi

You have to make sure that you have disabled the PasswordAuthentication in the SSH configuration file. Please edit the file “/etc/ssh/sshd_config” and disable it by setting it to “No”.

sudo vim /etc/ssh/sshd_config

Find PasswordAuthentication and set it to no:

PasswordAuthentication no

Best,
Dikshith

Reply Report
  • daviddoi May 23, 2021

    Hi Dikshith! Thank you for reply.

    I’ve checked it and, apparently, it was by default to “no”.

    Also, I’ve restarted the droplet just to make sure but it’s the same.

    Reply Report
KFSys May 23, 2021

Hi @daviddoi,

It’s possible the SSH key has not been deployed to your Droplet if you added it after created the droplet. Not to worry! You should be able to add it manually from your WebConsole OR you can enable password authentication, enter your droplet, paste in your Key and then disable password authentication again.

Either way you need to enter into your Droplet using DigitalOcean’s WebConsole. Once you do, you can add your public SSH key to the following file:

/root/.ssh/authorized_keys

Add it as a new line but don’t forget to use the public key!

Alternatively, you can enable password authentication from your sshd_config which can be found at:

/etc/ssh/sshd_config

and change

PasswordAuthentication no

to 

PasswordAuthentication yes

Then restart sshd:

service sshd restart

Then you should be able to enter the droplet using a password. From there you can paste in your Key and remove the password authentication again.

Regards,
KFSys

Reply Report
  • daviddoi May 24, 2021

    Thank you for your reply!

    Password still prompting despite having tried all the methods transmitted with restarting the sshd.

    What I’ve also tried:

    ssh-copy-id -i your-name.pub your-ip

    Or

    ssh-copy-id -i your-name.pub root@your-ip

    Successfully added my public SSH *key but still prompting the password even after restarting the *sshd. Console printed:

    Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@your-ip'"
and check to make sure that only the key(s) you wanted were added.
    Reply Report
    • KFSys May 24, 2021

      Hmm, that is very weird indeed!If you try debugging:

      ssh -vvv root@YourIPAddress

      What does it say, do you see your SSH agent trying to initiate/use your public key?

      Reply Report
      • daviddoi May 26, 2021 
        david@desktop:~$ ssh -vvv root@your-ip
    OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
    debug1: /etc/ssh/ssh_config line 21: Applying options for *
    debug2: resolve_canonicalize: hostname your-ip is address
    debug2: ssh_connect_direct
    debug1: Connecting to your-ip [your-ip] port 22.
    debug1: Connection established.
    debug1: identity file /home/david/.ssh/id_rsa type -1
    debug1: identity file /home/david/.ssh/id_rsa-cert type -1
    debug1: identity file /home/david/.ssh/id_dsa type -1
    debug1: identity file /home/david/.ssh/id_dsa-cert type -1
    debug1: identity file /home/david/.ssh/id_ecdsa type -1
    debug1: identity file /home/david/.ssh/id_ecdsa-cert type -1
    debug1: identity file /home/david/.ssh/id_ecdsa_sk type -1
    debug1: identity file /home/david/.ssh/id_ecdsa_sk-cert type -1
    debug1: identity file /home/david/.ssh/id_ed25519 type -1
    debug1: identity file /home/david/.ssh/id_ed25519-cert type -1
    debug1: identity file /home/david/.ssh/id_ed25519_sk type -1
    debug1: identity file /home/david/.ssh/id_ed25519_sk-cert type -1
    debug1: identity file /home/david/.ssh/id_xmss type -1
    debug1: identity file /home/david/.ssh/id_xmss-cert type -1
    debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
    debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 pat OpenSSH* compat 0x04000000
    debug2: fd 3 setting O_NONBLOCK
    debug1: Authenticating to your-ip:22 as 'root'
    debug3: hostkeys_foreach: reading file "/home/david/.ssh/known_hosts"
    debug3: record_hostkey: found key type ECDSA in file /home/david/.ssh/known_hosts:1
    debug3: load_hostkeys: loaded 1 keys from your-ip
    debug3: order_hostkeyalgs: prefer hostkeyalgs: your-public-key
    debug3: send packet: type 20
    debug1: SSH2_MSG_KEXINIT sent
    debug3: receive packet: type 20
    debug1: SSH2_MSG_KEXINIT received
    debug2: local client KEXINIT proposal
    debug2: KEX algorithms: your-kex,ext-info-c
    debug2: host key algorithms: your-host-key
    debug2: ciphers ctos: your-ciphers-stoc
    debug2: ciphers stoc: your-ciphers-stoc
    debug2: MACs ctos: your-macs-ctos
    debug2: MACs stoc: your-macs-ctos
    debug2: compression ctos: none,zlib@openssh.com,zlib
    debug2: compression stoc: none,zlib@openssh.com,zlib
    debug2: languages ctos:
    debug2: languages stoc:
    debug2: first_kex_follows 0
    debug2: reserved 0
    debug2: peer server KEXINIT proposal
    debug2: KEX algorithms: your-kex
    debug2: host key algorithms: your-host-key
    debug2: ciphers ctos: your-ciphers-stoc
    debug2: ciphers stoc: your-ciphers-stoc
    debug2: MACs ctos: your-macs-ctos
    debug2: MACs stoc: your-macs-ctos
    debug2: compression ctos: none,zlib@openssh.com
    debug2: compression stoc: none,zlib@openssh.com
    debug2: languages ctos:
    debug2: languages stoc:
    debug2: first_kex_follows 0
    debug2: reserved 0
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: ecdsa-sha2-nistp256
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug3: send packet: type 30
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug3: receive packet: type 31
    debug1: Server host key: you-host-key
    debug3: hostkeys_foreach: reading file "/home/david/.ssh/known_hosts"
    debug3: record_hostkey: found key type ECDSA in file /home/david/.ssh/known_hosts:1
    debug3: load_hostkeys: loaded 1 keys from your-ip
    debug1: Host 'your-ip' is known and matches the ECDSA host key.
    debug1: Found key in /home/david/.ssh/known_hosts:1
    debug3: send packet: type 21
    debug2: set_newkeys: mode 1
    debug1: rekey out after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug3: receive packet: type 21
    debug1: SSH2_MSG_NEWKEYS received
    debug2: set_newkeys: mode 0
    debug1: rekey in after 134217728 blocks
    debug1: Will attempt key: /home/david/.ssh/id_rsa
    debug1: Will attempt key: /home/david/.ssh/id_dsa
    debug1: Will attempt key: /home/david/.ssh/id_ecdsa
    debug1: Will attempt key: /home/david/.ssh/id_ecdsa_sk
    debug1: Will attempt key: /home/david/.ssh/id_ed25519
    debug1: Will attempt key: /home/david/.ssh/id_ed25519_sk
    debug1: Will attempt key: /home/david/.ssh/id_xmss
    debug2: pubkey_prepare: done
    debug3: send packet: type 5
    debug3: receive packet: type 7
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: you-input-text-info
    debug3: receive packet: type 6
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug3: send packet: type 50
    debug3: receive packet: type 51
    debug1: Authentications that can continue: publickey,password
    debug3: start over, passed a different list publickey,password
    debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/david/.ssh/id_rsa
    debug3: no such identity: /home/david/.ssh/id_rsa: No such file or directory
    debug1: Trying private key: /home/david/.ssh/id_dsa
    debug3: no such identity: /home/david/.ssh/id_dsa: No such file or directory
    debug1: Trying private key: /home/david/.ssh/id_ecdsa
    debug3: no such identity: /home/david/.ssh/id_ecdsa: No such file or directory
    debug1: Trying private key: /home/david/.ssh/id_ecdsa_sk
    debug3: no such identity: /home/david/.ssh/id_ecdsa_sk: No such file or directory
    debug1: Trying private key: /home/david/.ssh/id_ed25519
    debug3: no such identity: /home/david/.ssh/id_ed25519: No such file or directory
    debug1: Trying private key: /home/david/.ssh/id_ed25519_sk
    debug3: no such identity: /home/david/.ssh/id_ed25519_sk: No such file or directory
    debug1: Trying private key: /home/david/.ssh/id_xmss
    debug3: no such identity: /home/david/.ssh/id_xmss: No such file or directory
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred: ,password
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password
root@your-ip's password:
        Reply Report
        • KFSys May 27, 2021

          Hi @daviddoi,

          Thank you for posting this.

          So looking at the Debug log, I can see your SSH client is infact trying to use an SSH key:

              debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/david/.ssh/id_rsa
    debug3: no such identity: /home/david/.ssh/id_rsa: No such file or directory
    debug1: Trying private key: /home/david/.ssh/id_dsa
    debug3: no such identity: /home/david/.ssh/id_dsa: No such file or directory
    debug1: Trying private key: /home/david/.ssh/id_ecdsa
    debug3: no such identity: /home/david/.ssh/id_ecdsa: No such file or directory
    debug1: Trying private key: /home/david/.ssh/id_ecdsa_sk
    debug3: no such identity: /home/david/.ssh/id_ecdsa_sk: No such file or directory
    debug1: Trying private key: /home/david/.ssh/id_ed25519
    debug3: no such identity: /home/david/.ssh/id_ed25519: No such file or directory
    debug1: Trying private key: /home/david/.ssh/id_ed25519_sk
    debug3: no such identity: /home/david/.ssh/id_ed25519_sk: No such file or directory
    debug1: Trying private key: /home/david/.ssh/id_xmss
    debug3: no such identity: /home/david/.ssh/id_xmss: No such file or directory

          However it can’t find any key to use. Are you sure you have an SSH key in your /home/david/.ssh/ folder or is it somewhere else?

          Reply Report

Related

Looking for something else?

Ask a new question Search for more help