3

I have an Ubuntu 14.04 droplet with PubkeyAuthentication set to yes and PermitRootLogin set to no. Since I created it, my pubkey has worked fine. For some unknown reason today it's not accepting my pubkey.

So I login via the droplet console to see what's going on (which worked fine with my root password).

I re-generated my pubkey first in hopes that I could just ssh-copy-id up to the server but I kept just getting permission denied (publickey).

When that didn't work I set /etc/ssh/sshd_config values PubkeyAuthentication set to no and PermitRootLogin to yes so I can get a prompt again on my client MacbookPro.

[Partial] Output of ssh jeitnier@[ip] -v:

debug1: Authentications that can continue: 
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/jeitnier/.ssh/jeitnier_aws
debug1: Authentications that can continue: 
debug1: Trying private key: /Users/jeitnier/.ssh/id_rsa
debug1: Trying private key: /Users/jeitnier/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: 
debug1: Next authentication method: password
jeitnier@[ip]'s password:

So I enter the exact same password that I did to enter the console and I get Permission denied, please try again.

I've checked that I'm not locked out with grep ^jeitnier /etc/shadow.

I've never run into this before. What can I try next?

Jared Eitnier
  • 223
  • Can you try it changing to these values PubkeyAuthentication set to yes and PermitRootLogin set to no and run ssh jeitnier@[ip] -v again? –  Sep 30 '14 at 14:37
  • I will add this to my question but I forgot to mention that I blew out my keys in hopes I could just generate a new one and move it up with ssh-copy-id. But then I just kept getting permission denied (publickey). – Jared Eitnier Sep 30 '14 at 14:41
  • Question updated... – Jared Eitnier Sep 30 '14 at 14:44
  • You connecting to server via IP address or via domain name? Can you print out ls -ahld ~/.ssh and ls -ahl ~/.ssh/authorized_keys – c0rp Sep 30 '14 at 16:52
  • IIRC console password and user password should be different. Try resetting your sudo user password, then try to log in with that via ssh. – Sergiy Kolodyazhnyy Jun 06 '18 at 23:51
  • It looks like you are missing PasswordAuthentication yes. – simlev Dec 30 '18 at 07:08

1 Answers1

0

Try this out:

Reset Password

Go to the control panel of your droplet and select "Access -> Reset Root Password". As the page says "This will shut down your droplet and a new root password will be set and emailed to you." Then ssh to root@ip with the new password. And don't forget to change it right away, as passwords sent via email cannot be considered to be secure.

Possible Messsage

If you receive a message about losing your work don't worry. You will not lose any work if you power off your droplet.

Allowing jeitnier

When you edited /etc/ssh/sshd_config, did you execute visudo and add jeitnier ALL=(ALL:ALL) ALL under the # User privilege specification? Also, make sure that you added AllowUsers jeitnier to the bottom of /etc/ssh/sshd_config.

If No Access Still (use only)

If there is still no access, add the root user to the AllowUsers line.