Question

SSH key installation on existant droplet: Password still prompting

Posted May 23, 2021 276 views
UbuntuUbuntu 20.04DigitalOcean Droplets

SSH key installation on existant droplet

I’ve installed a SSH key from the account settings > security. The public SSH key I’ve generated from an Ubuntu *terminal on my *Windows *machine was successfully added to in my *DigitalOcean *account. Problem is that the password is still prompting despite having the *SSH key.

What I’ve tried

  • Public SSH key checked and repasted into my account

Questions

  • Should I delete/recreate the droplet to link my public SSH key?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers

Hello @daviddoi

You have to make sure that you have disabled the PasswordAuthentication in the SSH configuration file. Please edit the file “/etc/ssh/sshd_config” and disable it by setting it to “No”.

sudo vim /etc/ssh/sshd_config

Find PasswordAuthentication and set it to no:

PasswordAuthentication no

Best,
Dikshith

  • Hi Dikshith! Thank you for reply.

    I’ve checked it and, apparently, it was by default to “no”.

    Also, I’ve restarted the droplet just to make sure but it’s the same.

Hi @daviddoi,

It’s possible the SSH key has not been deployed to your Droplet if you added it after created the droplet. Not to worry! You should be able to add it manually from your WebConsole OR you can enable password authentication, enter your droplet, paste in your Key and then disable password authentication again.

Either way you need to enter into your Droplet using DigitalOcean’s WebConsole. Once you do, you can add your public SSH key to the following file:

/root/.ssh/authorized_keys

Add it as a new line but don’t forget to use the public key!

Alternatively, you can enable password authentication from your sshd_config which can be found at:

/etc/ssh/sshd_config

and change

PasswordAuthentication no

to

PasswordAuthentication yes

Then restart sshd:

service sshd restart

Then you should be able to enter the droplet using a password. From there you can paste in your Key and remove the password authentication again.

Regards,
KFSys

  • Thank you for your reply!

    Password still prompting despite having tried all the methods transmitted with restarting the sshd.

    What I’ve also tried:

    ssh-copy-id -i your-name.pub your-ip
    

    Or

    ssh-copy-id -i your-name.pub root@your-ip
    

    Successfully added my public SSH *key but still prompting the password even after restarting the *sshd. Console printed:

    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh 'root@your-ip'"
    and check to make sure that only the key(s) you wanted were added.
    
    • Hmm, that is very weird indeed!If you try debugging:

      ssh -vvv root@YourIPAddress
      

      What does it say, do you see your SSH agent trying to initiate/use your public key?

      • david@desktop:~$ ssh -vvv root@your-ip
            OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
            debug1: Reading configuration data /etc/ssh/ssh_config
            debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
            debug1: /etc/ssh/ssh_config line 21: Applying options for *
            debug2: resolve_canonicalize: hostname your-ip is address
            debug2: ssh_connect_direct
            debug1: Connecting to your-ip [your-ip] port 22.
            debug1: Connection established.
            debug1: identity file /home/david/.ssh/id_rsa type -1
            debug1: identity file /home/david/.ssh/id_rsa-cert type -1
            debug1: identity file /home/david/.ssh/id_dsa type -1
            debug1: identity file /home/david/.ssh/id_dsa-cert type -1
            debug1: identity file /home/david/.ssh/id_ecdsa type -1
            debug1: identity file /home/david/.ssh/id_ecdsa-cert type -1
            debug1: identity file /home/david/.ssh/id_ecdsa_sk type -1
            debug1: identity file /home/david/.ssh/id_ecdsa_sk-cert type -1
            debug1: identity file /home/david/.ssh/id_ed25519 type -1
            debug1: identity file /home/david/.ssh/id_ed25519-cert type -1
            debug1: identity file /home/david/.ssh/id_ed25519_sk type -1
            debug1: identity file /home/david/.ssh/id_ed25519_sk-cert type -1
            debug1: identity file /home/david/.ssh/id_xmss type -1
            debug1: identity file /home/david/.ssh/id_xmss-cert type -1
            debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
            debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
            debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 pat OpenSSH* compat 0x04000000
            debug2: fd 3 setting O_NONBLOCK
            debug1: Authenticating to your-ip:22 as 'root'
            debug3: hostkeys_foreach: reading file "/home/david/.ssh/known_hosts"
            debug3: record_hostkey: found key type ECDSA in file /home/david/.ssh/known_hosts:1
            debug3: load_hostkeys: loaded 1 keys from your-ip
            debug3: order_hostkeyalgs: prefer hostkeyalgs: your-public-key
            debug3: send packet: type 20
            debug1: SSH2_MSG_KEXINIT sent
            debug3: receive packet: type 20
            debug1: SSH2_MSG_KEXINIT received
            debug2: local client KEXINIT proposal
            debug2: KEX algorithms: your-kex,ext-info-c
            debug2: host key algorithms: your-host-key
            debug2: ciphers ctos: your-ciphers-stoc
            debug2: ciphers stoc: your-ciphers-stoc
            debug2: MACs ctos: your-macs-ctos
            debug2: MACs stoc: your-macs-ctos
            debug2: compression ctos: none,zlib@openssh.com,zlib
            debug2: compression stoc: none,zlib@openssh.com,zlib
            debug2: languages ctos:
            debug2: languages stoc:
            debug2: first_kex_follows 0
            debug2: reserved 0
            debug2: peer server KEXINIT proposal
            debug2: KEX algorithms: your-kex
            debug2: host key algorithms: your-host-key
            debug2: ciphers ctos: your-ciphers-stoc
            debug2: ciphers stoc: your-ciphers-stoc
            debug2: MACs ctos: your-macs-ctos
            debug2: MACs stoc: your-macs-ctos
            debug2: compression ctos: none,zlib@openssh.com
            debug2: compression stoc: none,zlib@openssh.com
            debug2: languages ctos:
            debug2: languages stoc:
            debug2: first_kex_follows 0
            debug2: reserved 0
            debug1: kex: algorithm: curve25519-sha256
            debug1: kex: host key algorithm: ecdsa-sha2-nistp256
            debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
            debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
            debug3: send packet: type 30
            debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
            debug3: receive packet: type 31
            debug1: Server host key: you-host-key
            debug3: hostkeys_foreach: reading file "/home/david/.ssh/known_hosts"
            debug3: record_hostkey: found key type ECDSA in file /home/david/.ssh/known_hosts:1
            debug3: load_hostkeys: loaded 1 keys from your-ip
            debug1: Host 'your-ip' is known and matches the ECDSA host key.
            debug1: Found key in /home/david/.ssh/known_hosts:1
            debug3: send packet: type 21
            debug2: set_newkeys: mode 1
            debug1: rekey out after 134217728 blocks
            debug1: SSH2_MSG_NEWKEYS sent
            debug1: expecting SSH2_MSG_NEWKEYS
            debug3: receive packet: type 21
            debug1: SSH2_MSG_NEWKEYS received
            debug2: set_newkeys: mode 0
            debug1: rekey in after 134217728 blocks
            debug1: Will attempt key: /home/david/.ssh/id_rsa
            debug1: Will attempt key: /home/david/.ssh/id_dsa
            debug1: Will attempt key: /home/david/.ssh/id_ecdsa
            debug1: Will attempt key: /home/david/.ssh/id_ecdsa_sk
            debug1: Will attempt key: /home/david/.ssh/id_ed25519
            debug1: Will attempt key: /home/david/.ssh/id_ed25519_sk
            debug1: Will attempt key: /home/david/.ssh/id_xmss
            debug2: pubkey_prepare: done
            debug3: send packet: type 5
            debug3: receive packet: type 7
            debug1: SSH2_MSG_EXT_INFO received
            debug1: kex_input_ext_info: you-input-text-info
            debug3: receive packet: type 6
            debug2: service_accept: ssh-userauth
            debug1: SSH2_MSG_SERVICE_ACCEPT received
            debug3: send packet: type 50
            debug3: receive packet: type 51
            debug1: Authentications that can continue: publickey,password
            debug3: start over, passed a different list publickey,password
            debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
            debug3: authmethod_lookup publickey
            debug3: remaining preferred: keyboard-interactive,password
            debug3: authmethod_is_enabled publickey
            debug1: Next authentication method: publickey
            debug1: Trying private key: /home/david/.ssh/id_rsa
            debug3: no such identity: /home/david/.ssh/id_rsa: No such file or directory
            debug1: Trying private key: /home/david/.ssh/id_dsa
            debug3: no such identity: /home/david/.ssh/id_dsa: No such file or directory
            debug1: Trying private key: /home/david/.ssh/id_ecdsa
            debug3: no such identity: /home/david/.ssh/id_ecdsa: No such file or directory
            debug1: Trying private key: /home/david/.ssh/id_ecdsa_sk
            debug3: no such identity: /home/david/.ssh/id_ecdsa_sk: No such file or directory
            debug1: Trying private key: /home/david/.ssh/id_ed25519
            debug3: no such identity: /home/david/.ssh/id_ed25519: No such file or directory
            debug1: Trying private key: /home/david/.ssh/id_ed25519_sk
            debug3: no such identity: /home/david/.ssh/id_ed25519_sk: No such file or directory
            debug1: Trying private key: /home/david/.ssh/id_xmss
            debug3: no such identity: /home/david/.ssh/id_xmss: No such file or directory
            debug2: we did not send a packet, disable method
            debug3: authmethod_lookup password
            debug3: remaining preferred: ,password
            debug3: authmethod_is_enabled password
            debug1: Next authentication method: password
        root@your-ip's password:
        
        
        • Hi @daviddoi,

          Thank you for posting this.

          So looking at the Debug log, I can see your SSH client is infact trying to use an SSH key:

              debug3: authmethod_is_enabled publickey
              debug1: Next authentication method: publickey
              debug1: Trying private key: /home/david/.ssh/id_rsa
              debug3: no such identity: /home/david/.ssh/id_rsa: No such file or directory
              debug1: Trying private key: /home/david/.ssh/id_dsa
              debug3: no such identity: /home/david/.ssh/id_dsa: No such file or directory
              debug1: Trying private key: /home/david/.ssh/id_ecdsa
              debug3: no such identity: /home/david/.ssh/id_ecdsa: No such file or directory
              debug1: Trying private key: /home/david/.ssh/id_ecdsa_sk
              debug3: no such identity: /home/david/.ssh/id_ecdsa_sk: No such file or directory
              debug1: Trying private key: /home/david/.ssh/id_ed25519
              debug3: no such identity: /home/david/.ssh/id_ed25519: No such file or directory
              debug1: Trying private key: /home/david/.ssh/id_ed25519_sk
              debug3: no such identity: /home/david/.ssh/id_ed25519_sk: No such file or directory
              debug1: Trying private key: /home/david/.ssh/id_xmss
              debug3: no such identity: /home/david/.ssh/id_xmss: No such file or directory
          

          However it can’t find any key to use. Are you sure you have an SSH key in your /home/david/.ssh/ folder or is it somewhere else?