Question

VestaCP SFTP Authentication Error

Posted July 28, 2017 5k views
CentOSNetworkingDevelopment

I’m trying to login and upload a file as another user of a domain created in VestaCP where I have SSH key in placed.

Error: Disconnected: No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)
Error: Could not connect to server

I got that error from Cyberduck whenever I try to login with a password. I can only login via SSH and SFTP if I use the private key, any other users and password doesn’t work. Almost the same if I use Filezilla. This is a custom install from VestaCP.com without Mail and Firewall support. I’m using DOs Cloud Firewall service and allowed all incoming that VestaCP requires.

Is there a configuration with SSH config file that I should change to allow login from other users aside from admin and accept passwords as well?

Update: The account package in VestaCP have SSH Access set to bash. Hope this helps.

1 comment
  • FTP works on this but SFTP still throws the same error even if I already set the account package SSH Access to Bash. This previously works on my other Droplet with the same installation but without SSH key authentication.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
3 answers

@aronjayvo

Edit your openssh server configuration file located at /etc/ssh/sshd_config and add this option

PasswordAuthentication yes

then restart ssh service with service ssh restart

Hope this helps.

  • Hi @Mohsen47

    Already made the changes after reading at serverfault.com

    Still, thank you for your help!

  • I know this is an old thread but isn’t changing PasswordAuthentication yes a security threat? Vesta already has its security foibles without adding this as an issue.

    Is there any other workaround where only public/private key are a thing and narrow the users in AllowUsers to disallow others?

    I realise the user is still in a chroot jail but still....best safe than sorry right?

Hello, @mickelodian

The ‘PasswordAuthentication’ can be enabled temporarily in order to add new key when the old one is lost or just when the ssh connection can not be established for some reason with the current key (although you should always first check the key’s file ownership/permissions)

You can enable PasswordAuthentication for your Droplet by modifying your /etc/ssh/sshd_config file. Once set to Yes restart the SSH service and connect via an SSH client for a more stable connection. You can then modify your ~/.ssh/authorized_keys file to add the appropriate public key.

This change can be made from DigitalOcean’s console. If you’re having issues accessing the console you can then reach to our amazing support team that can help you further with this.

To enable the PasswordAuthentication follow these steps:

  1. Log in to the console on the DigitalOcean website.
  2. Type sudo nano /etc/ssh/sshd_config
  3. Change PasswordAuthentication from “no” to “yes” and save the file
  4. Open a terminal on your computer and type ssh username@[hostname or IP address] or if on a Windows box use PuTTY for password login making sure authentication parameters aren’t pointing to a private key
  5. Login with a password
  6. Type sudo nano ~/.ssh/authorized_keys
  7. Paste public key text here and save the file
  8. Type sudo nano /etc/ssh/sshd_config
  9. Change PasswordAuthentication from “yes” to “no” and save the file
  10. Log out and attempt to log back in (if using PuTTY make sure you set up auth parameters to point to your private key)

You can then upload the key using this command:

  • ssh-copy-id -i ~/.ssh/mykey user@droplet

Hope that this helps!
Regards,
Alex

Hello,

You can double-check the configured settings in FileZilla and make sure that the ssh-key is added/present.

Configure FileZilla
After you install FileZilla, you need to configure it to connect to the Droplet.

Open FileZilla and then click Settings in the Edit drop-down menu.

In the Connection section, click SFTP. This is where you add your Droplet’s private SSH key. Click Add key file…, then locate your Droplet’s private SSH key on your local machine. If FileZilla prompts you to convert the file into a supported format, click Yes.

After you add the SSH key, open the File drop-down menu and click Site Manager. The site manager lets you add, remove, and manage servers and devices that you want to connect to using FileZilla.

Click New Site and enter the name of the Droplet. In the protocol field, select SFTP from the drop-down menu. Enter information for the following fields:

  • Host: The IP address of your Droplet.
  • Port: Enter the port you use to connect to the Droplet (port 22 is the default).
  • Logon Type: Select Interactive.
  • User: Enter the username you are connecting to the Droplet with (root is the default user on most Droplets).

Once you have entered your settings, click Connect. The status field in the top window displays the status of the connection.

You can check this article on How to Transfer Files to Droplets With FileZilla

and also this one How To Use Filezilla to Transfer and Manage Files Securely on your VPS

https://www.digitalocean.com/community/tutorials/how-to-use-filezilla-to-transfer-and-manage-files-securely-on-your-vps

https://docs.digitalocean.com/products/droplets/how-to/transfer-files/

Hope that this helps!
Regards,
Alex

by Pablo Carranza
This article will teach you how to use Filezilla to transfer and manage files securely on your VPS.