I could not connect to the server (permission denied)

[YvaGithub]

Hi everyone, Below is the message I have gotten when I tried to connect to the server. During troubleshooting, the IP address has changed but still would not connect.

yvalo@DESKTOP-D55L96N MINGW64 ~/.ssh $ ssh root@159.223.122.197 root@159.223.122.197: Permission denied (publickey).

yvalo@DESKTOP-D55L96N MINGW64 ~/.ssh $ ssh root@157.245.134.248 The authenticity of host '157.245.134.248 (157.245.134.248)' can't be established. ED25519 key fingerprint is SHA256:xAgwGUWa9JNuZb2sWeCe6hhBKrS54RThIarddegE/7w. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '157.245.134.248' (ED25519) to the list of known hosts. root@157.245.134.248: Permission denied (publickey).

I subsequently run the following code but I hard time interpreting the output. ssh -v root@159.223.122.197 OpenSSH_8.8p1, OpenSSL 1.1.1m 14 Dec 2021 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 159.223.122.197 [159.223.122.197] port 22. debug1: Connection established. debug1: identity file /c/Users/yvalo/.ssh/id_rsa type -1 debug1: identity file /c/Users/yvalo/.ssh/id_rsa-cert type -1 debug1: identity file /c/Users/yvalo/.ssh/id_dsa type -1 debug1: identity file /c/Users/yvalo/.ssh/id_dsa-cert type -1 debug1: identity file /c/Users/yvalo/.ssh/id_ecdsa type -1 debug1: identity file /c/Users/yvalo/.ssh/id_ecdsa-cert type -1 debug1: identity file /c/Users/yvalo/.ssh/id_ecdsa_sk type -1 debug1: identity file /c/Users/yvalo/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /c/Users/yvalo/.ssh/id_ed25519 type -1 debug1: identity file /c/Users/yvalo/.ssh/id_ed25519-cert type -1 debug1: identity file /c/Users/yvalo/.ssh/id_ed25519_sk type -1 debug1: identity file /c/Users/yvalo/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /c/Users/yvalo/.ssh/id_xmss type -1 debug1: identity file /c/Users/yvalo/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.8 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 159.223.122.197:22 as 'root' debug1: load_hostkeys: fopen /c/Users/yvalo/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: SSH2_MSG_KEX_ECDH_REPLY received debug1: Server host key: ssh-ed25519 SHA256:3PQN/8M+4n7ojikjB/YJwXyYCYVbEeI8zCCIhg+Iqzo debug1: load_hostkeys: fopen /c/Users/yvalo/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: Host '159.223.122.197' is known and matches the ED25519 host key. debug1: Found key in /c/Users/yvalo/.ssh/known_hosts:1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 134217728 blocks debug1: Will attempt key: /c/Users/yvalo/.ssh/id_rsa debug1: Will attempt key: /c/Users/yvalo/.ssh/id_dsa debug1: Will attempt key: /c/Users/yvalo/.ssh/id_ecdsa debug1: Will attempt key: /c/Users/yvalo/.ssh/id_ecdsa_sk debug1: Will attempt key: /c/Users/yvalo/.ssh/id_ed25519 debug1: Will attempt key: /c/Users/yvalo/.ssh/id_ed25519_sk debug1: Will attempt key: /c/Users/yvalo/.ssh/id_xmss debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /c/Users/yvalo/.ssh/id_rsa debug1: Trying private key: /c/Users/yvalo/.ssh/id_dsa debug1: Trying private key: /c/Users/yvalo/.ssh/id_ecdsa debug1: Trying private key: /c/Users/yvalo/.ssh/id_ecdsa_sk debug1: Trying private key: /c/Users/yvalo/.ssh/id_ed25519 debug1: Trying private key: /c/Users/yvalo/.ssh/id_ed25519_sk debug1: Trying private key: /c/Users/yvalo/.ssh/id_xmss debug1: No more authentication methods to try. root@159.223.122.197: Permission denied (publickey). Any help will greatly appreciated. Anticipated thanks, Yvaral

[susanBuck]

Hi @YvaGithub -

From the debug output you shared, I don't see that it attempted to use your hes key that should have been created.

Can you confirm you edited your SSH config file telling it to use that hes key?

Details here: https://hesweb.dev/e15/notes/infrastructure/ssh-keys#ssh-config-file

[susanBuck]

Related to my above suggestion, if you're having some issue with the SSH config file, you can always try and connect to the server by specifying exactly what key to use via this command:

> ssh -v -i ~/.ssh/hes root@157.245.134.248

[gkorodi]

Just checking the IP address from the outside of your internal network, it does not seem to be reachable.

> ping 159.223.122.197
PING 159.223.122.197 (159.223.122.197): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
^C
--- 159.223.122.197 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

Also, you will get more info if you use more -v in your ssh command.

For example, this will produce a LOT of output, but more is good when troubleshooting: > ssh -vvv -i ~/.ssh/hes root@159.223.122.197

If you don't specify the -i ~/.ssh/ONE_OF_YOUR_PRIVATE_KEY_FILENAME then the id_rsa gets used by default, and you just have to make sure, you created your droplet with the matching public key (id_rsa.pub).

[YvaGithub]

Thank you everyone, As I said, I skipped some steps while configuring the ssh. I went back over and corrected the mistake. Now it works. Again thank you for your inputs.