~4 min read|
I recently spun up a Digital Ocean droplet and almost immediately ran into problems logging into it.
For context - the steps I took were:
$ ssh -i ~/.ssh/mykey root@host
$ adduser $USERNAME
$ usermod -aG sudo $USERNAME
$ su $USERNAME
$ exit $ exit
Needed to exit twice because the first one exited the user to return to
root, the second exit is from
$ ssh $USERNAME@host
This was when things started not working correctly.
$ ssh $USERNAME@host $USERNAME@host: Permission denied (publickey).
I was expecting that I should be able to type in my password, my server seemed to be configured to only accept login via a public/private key exchange.
To enable logging into my server directly as a user (rather than
root - since my goal is to disable root eventually), I needed to be able to configure the user’s SSH key.
To do that I followed the following steps:
Modify (temporarily) the
sshd_config for the server:
PasswordAuthenticationsection and set it to
# Change to no to disable tunnelled clear text passwords PasswordAuthentication yes
$ service sshd reload
ssh-copy-id, a tool from OpenSSH, to copy your public key to the server for the user.3
$ ssh-copy-id -i ~/.ssh/mykey $USERNAME@host
If successful, you should see a printout that ends like:
Number of key(s) added: 1 Now try logging into the machine, with: "ssh ‘$USERNAME@host’” and check to make sure that only the key(s) you wanted were added.
ssh -i ~/.ssh/mykey $USERNAME@host Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-166-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage 0 packages can be updated. 0 updates are security updates. New release '18.04.3 LTS' available. Run 'do-release-upgrade' to upgrade to it. Last login: Sun Nov 3 15:55:34 2019 from xxx.xxx.xxx.xxx
The reason we couldn’t log into our user via
ssh was because we:
The solution was:
As a final step, I logged back into root for a moment to modify
sshd_config to once again not accept password authentication, but that’s a user preference decision.
hostis the IP address for the server. I also am specifying which key to use because I decided to not use the default key for my droplet.
$USERNAME- this is a placeholder. In my case, for example, I typed
stephenas the name of my user.
ssh-copy-idhere: Ssh-copy-id for copying SSH keys to servers | ssh.com . Digital Ocean also documented these approaches, including alternatives to
ssh-copy-idhere: How to Upload an SSH Public Key to an Existing Droplet | DigitalOcean.
Hi there and thanks for reading! My name's Stephen. I live in Chicago with my wife, Kate, and dog, Finn. Want more? See about and get in touch!