Nava2
By:
Nava2

SSH Keys denied(publickey denied)

November 12, 2017 125 views
Security DigitalOcean Ubuntu

Droplet OS: Ubuntu 17.04
Host: Windows 10 + git bash

I generated keys for the droplet:

ssh-keygen -t rsa

Copied the public key into the droplet configuration at launch:

cat ~/.ssh/droplet_id_rsa.pub

Let the droplet start, tried using ssh via:

ssh root@IP_ADDRESS -i ~/.ssh/droplet_id_rsa.pub
ssh root@IP_ADDRESS -i ~/.ssh/droplet_id_rsa

Neither works, any help is appreciated. From other experiences, this should have "just worked" as is.

Output of the ssh commands:

$ ssh root@XXX.XXX.XXX.XXX -i ~/.ssh/droplet_id_rsa -v
OpenSSH_7.3p1, OpenSSL 1.0.2k  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to XXX.XXX.XXX.XXX [XXX.XXX.XXX.XXX] port 22.
debug1: Connection established.
debug1: identity file /c/Users/kevin/.ssh/droplet_id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/kevin/.ssh/droplet_id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10
debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x04000000
debug1: Authenticating to XXX.XXX.XXX.XXX:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:KEY_STUFF
debug1: Host 'XXX.XXX.XXX.XXX' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/kevin/.ssh/known_hosts:9
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/kevin/.ssh/droplet_id_rsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
$ ssh root@XXX.XXX.XXX.XXX -i ~/.ssh/droplet_id_rsa.pub -v
OpenSSH_7.3p1, OpenSSL 1.0.2k  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to XXX.XXX.XXX.XXX [XXX.XXX.XXX.XXX] port 22.
debug1: Connection established.
debug1: identity file /c/Users/kevin/.ssh/droplet_id_rsa.pub type 1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/kevin/.ssh/droplet_id_rsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10
debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x04000000
debug1: Authenticating to XXX.XXX.XXX.XXX:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:KEY_STUFF
debug1: Host 'XXX.XXX.XXX.XXX' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/kevin/.ssh/known_hosts:9
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/kevin/.ssh/droplet_id_rsa.pub
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
1 Answer

It looks like ssh is sending your SSH key to the server but it is not accepting it:

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/kevin/.ssh/droplet_id_rsa
debug1: Authentications that can continue: publickey

How did you add the key to the Droplet? Did you select it while creating it or did you add it afterwards? Are you sure you copied the contents of droplet_id_rsa.pub properly? I don't use Windows myself, but some terminal emulators tend to cut off overflowing text when the lines are too long.

For the record, this is the right command:

ssh root@IP_ADDRESS -i ~/.ssh/droplet_id_rsa
  • I agree with everything you said here. I copied the output from my terminal, but I think I'll try opening the file in an editor and doing it that way. Perhaps some strange wrapping happened.

    I tried to copy the key from an editor and the key adding interface said the key already exists on the account (which is not surprising).

    The ssh command still fails, too.

    • Has SSH key been authorized?
      Go to .ssh directory of user and copy idrsa.pub contents into authorizedkeys file.

      And try to relogin.

Have another answer? Share your knowledge.