SSH no longer working

September 3, 2019 256 views
Security Ubuntu 18.04

Out of the blue I can no longer SSH into any of my droplets:

user@mydomain.com: Permission denied (publickey).

Here is what I have tried:

  • Deleting and regenerating client keys, then ssh-copy-id to the new server after enabling PasswordAuthentication temporarily. I double-checked ~/.ssh/authorized_keys and the newly generated public key is there, as it should be. Yet I am still prompted for a password, and disabling PasswordAuthentication causes the above error to return.
  • Checked every folder and file permission I could, including the /home/myuser parent folder.
  • Creating a new account to SSH into: nothing works.

Here is the output of ssh me@mydomain.com -v:

OpenSSH_8.0p1, OpenSSL 1.1.1c  28 May 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to mydomain.com [redacted_ip] port 22.
debug1: Connection established.
debug1: identity file /my/username/.ssh/id_rsa type 0
debug1: identity file /my/username/.ssh/id_rsa-cert type -1
debug1: identity file /my/username/.ssh/id_dsa type -1
debug1: identity file /my/username/.ssh/id_dsa-cert type -1
debug1: identity file /my/username/.ssh/id_ecdsa type -1
debug1: identity file /my/username/.ssh/id_ecdsa-cert type -1
debug1: identity file /my/username/.ssh/id_ed25519 type -1
debug1: identity file /my/username/.ssh/id_ed25519-cert type -1
debug1: identity file /my/username/.ssh/id_xmss type -1
debug1: identity file /my/username/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version libssh-0.6.5
debug1: no match: libssh-0.6.5
debug1: Authenticating to mydomain.com:22 as 'me'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:redacted_hash
debug1: Host 'mydomain.com' is known and matches the RSA host key.
debug1: Found key in /my/username/.ssh/known_hosts:1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /my/username/.ssh/id_rsa RSA SHA256:redacted_hash
debug1: Will attempt key: /my/username/.ssh/id_dsa
debug1: Will attempt key: /my/username/.ssh/id_ecdsa
debug1: Will attempt key: /my/username/.ssh/id_ed25519
debug1: Will attempt key: /my/username/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /my/username/.ssh/id_rsa RSA SHA256:redacted_hash
debug1: Server accepts key: /my/username/.ssh/id_rsa RSA SHA256:redacted_hash
debug1: Authentications that can continue: publickey
debug1: Trying private key: /my/username/.ssh/id_dsa
debug1: Trying private key: /my/username/.ssh/id_ecdsa
debug1: Trying private key: /my/username/.ssh/id_ed25519
debug1: Trying private key: /my/username/.ssh/id_xmss
debug1: No more authentication methods to try.
me@mydomain.com: Permission denied (publickey).

As I mentioned before nothing has changed on the droplets (there are 3) and my keys stopped working at the same time on all servers.

1 Answer

Finally figured this out, so for anyone who has this issue please look into your firewall, we use SonicWall and when DPI-SSH is enabled it will break SSH connectivity. Disabling it at the firewall level fixed this issue.

Have another answer? Share your knowledge.