Out of the blue I can no longer SSH into any of my droplets:

user@mydomain.com: Permission denied (publickey).

Here is what I have tried:

  • Deleting and regenerating client keys, then ssh-copy-id to the new server after enabling PasswordAuthentication temporarily. I double-checked ~/.ssh/authorized_keys and the newly generated public key is there, as it should be. Yet I am still prompted for a password, and disabling PasswordAuthentication causes the above error to return.
  • Checked every folder and file permission I could, including the /home/myuser parent folder.
  • Creating a new account to SSH into: nothing works.

Here is the output of ssh me@mydomain.com -v:

OpenSSH_8.0p1, OpenSSL 1.1.1c  28 May 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to mydomain.com [redacted_ip] port 22.
debug1: Connection established.
debug1: identity file /my/username/.ssh/id_rsa type 0
debug1: identity file /my/username/.ssh/id_rsa-cert type -1
debug1: identity file /my/username/.ssh/id_dsa type -1
debug1: identity file /my/username/.ssh/id_dsa-cert type -1
debug1: identity file /my/username/.ssh/id_ecdsa type -1
debug1: identity file /my/username/.ssh/id_ecdsa-cert type -1
debug1: identity file /my/username/.ssh/id_ed25519 type -1
debug1: identity file /my/username/.ssh/id_ed25519-cert type -1
debug1: identity file /my/username/.ssh/id_xmss type -1
debug1: identity file /my/username/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version libssh-0.6.5
debug1: no match: libssh-0.6.5
debug1: Authenticating to mydomain.com:22 as 'me'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:redacted_hash
debug1: Host 'mydomain.com' is known and matches the RSA host key.
debug1: Found key in /my/username/.ssh/known_hosts:1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /my/username/.ssh/id_rsa RSA SHA256:redacted_hash
debug1: Will attempt key: /my/username/.ssh/id_dsa
debug1: Will attempt key: /my/username/.ssh/id_ecdsa
debug1: Will attempt key: /my/username/.ssh/id_ed25519
debug1: Will attempt key: /my/username/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /my/username/.ssh/id_rsa RSA SHA256:redacted_hash
debug1: Server accepts key: /my/username/.ssh/id_rsa RSA SHA256:redacted_hash
debug1: Authentications that can continue: publickey
debug1: Trying private key: /my/username/.ssh/id_dsa
debug1: Trying private key: /my/username/.ssh/id_ecdsa
debug1: Trying private key: /my/username/.ssh/id_ed25519
debug1: Trying private key: /my/username/.ssh/id_xmss
debug1: No more authentication methods to try.
me@mydomain.com: Permission denied (publickey).

As I mentioned before nothing has changed on the droplets (there are 3) and my keys stopped working at the same time on all servers.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Finally figured this out, so for anyone who has this issue please look into your firewall, we use SonicWall and when DPI-SSH is enabled it will break SSH connectivity. Disabling it at the firewall level fixed this issue.

Submit an Answer