Question

VestaCP SFTP Authentication Error

I’m trying to login and upload a file as another user of a domain created in VestaCP where I have SSH key in placed.

Error: Disconnected: No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)
Error: Could not connect to server

I got that error from Cyberduck whenever I try to login with a password. I can only login via SSH and SFTP if I use the private key, any other users and password doesn’t work. Almost the same if I use Filezilla. This is a custom install from VestaCP.com without Mail and Firewall support. I’m using DOs Cloud Firewall service and allowed all incoming that VestaCP requires.

Is there a configuration with SSH config file that I should change to allow login from other users aside from admin and accept passwords as well?

Update: The account package in VestaCP have SSH Access set to bash. Hope this helps.

Subscribe
Share

FTP works on this but SFTP still throws the same error even if I already set the account package SSH Access to Bash. This previously works on my other Droplet with the same installation but without SSH key authentication.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

@aronjayvo

Edit your openssh server configuration file located at /etc/ssh/sshd_config and add this option

PasswordAuthentication yes

then restart ssh service with service ssh restart

Hope this helps.

Hello,

You can double-check the configured settings in FileZilla and make sure that the ssh-key is added/present.

Configure FileZilla After you install FileZilla, you need to configure it to connect to the Droplet.

Open FileZilla and then click Settings in the Edit drop-down menu.

In the Connection section, click SFTP. This is where you add your Droplet’s private SSH key. Click Add key file…, then locate your Droplet’s private SSH key on your local machine. If FileZilla prompts you to convert the file into a supported format, click Yes.

After you add the SSH key, open the File drop-down menu and click Site Manager. The site manager lets you add, remove, and manage servers and devices that you want to connect to using FileZilla.

Click New Site and enter the name of the Droplet. In the protocol field, select SFTP from the drop-down menu. Enter information for the following fields:

  • Host: The IP address of your Droplet.
  • Port: Enter the port you use to connect to the Droplet (port 22 is the default).
  • Logon Type: Select Interactive.
  • User: Enter the username you are connecting to the Droplet with (root is the default user on most Droplets).

Once you have entered your settings, click Connect. The status field in the top window displays the status of the connection.

You can check this article on How to Transfer Files to Droplets With FileZilla

and also this one How To Use Filezilla to Transfer and Manage Files Securely on your VPS

https://www.digitalocean.com/community/tutorials/how-to-use-filezilla-to-transfer-and-manage-files-securely-on-your-vps

https://docs.digitalocean.com/products/droplets/how-to/transfer-files/

Hope that this helps! Regards, Alex

Hello, @mickelodian

The ‘PasswordAuthentication’ can be enabled temporarily in order to add new key when the old one is lost or just when the ssh connection can not be established for some reason with the current key (although you should always first check the key’s file ownership/permissions)

You can enable PasswordAuthentication for your Droplet by modifying your /etc/ssh/sshd_config file. Once set to Yes restart the SSH service and connect via an SSH client for a more stable connection. You can then modify your ~/.ssh/authorized_keys file to add the appropriate public key.

This change can be made from DigitalOcean’s console. If you’re having issues accessing the console you can then reach to our amazing support team that can help you further with this.

To enable the PasswordAuthentication follow these steps:

  1. Log in to the console on the DigitalOcean website.
  2. Type sudo nano /etc/ssh/sshd_config
  3. Change PasswordAuthentication from “no” to “yes” and save the file
  4. Open a terminal on your computer and type ssh username@[hostname or IP address] or if on a Windows box use PuTTY for password login making sure authentication parameters aren’t pointing to a private key
  5. Login with a password
  6. Type sudo nano ~/.ssh/authorized_keys
  7. Paste public key text here and save the file
  8. Type sudo nano /etc/ssh/sshd_config
  9. Change PasswordAuthentication from “yes” to “no” and save the file
  10. Log out and attempt to log back in (if using PuTTY make sure you set up auth parameters to point to your private key)

You can then upload the key using this command:

  1. ssh-copy-id -i ~/.ssh/mykey user@droplet

Hope that this helps! Regards, Alex