I’m about to pull my hair out. I’ve successfully changed the password for root and another user. I did this via the Recovery Console that Digital Ocean makes available.
Then I go right to my macOS terminal window and try to ssh into the droplet using the new password, and keep getting, “Permission denied, please try again.” I’ve tried typing the password, pasting it in using Command V on my iMac, and also using the paste option from the terminal’s Edit menu. None of them work. This is happening with both root and the other user account.
What is going on here? Is the hacker inside my droplet watching every move? As soon as I successfully change the password, does he change it again? I’ve been fighting this hacker for over a week. Apparently he is a cruel person.
Please help.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Nevermind, I figured out what happened. I had PasswordAuthentication set to no.
Heya @spendlove,
The default SSJ configuration for every Droplet is PasswordAuthentication set to “no”. This is a security measure to protect your server from unauthorized access.
SSH (Secure Shell) is a protocol used to securely log into remote systems. It can use either password-based authentication or key-based authentication. While password-based authentication is easier to set up, it is also more susceptible to brute-force attacks. In a brute-force attack, an attacker tries to gain access to your system by guessing your password.
Key-based authentication is generally considered to be more secure. When using key-based authentication, a private key file is used to authenticate to the server. This file must be kept secret and secure on your local machine. The corresponding public key is placed on the server. Without the private key, access to the server is denied, even if the attacker knows the password.
Setting PasswordAuthentication to “no” forces the use of key-based authentication, making your Droplet more secure against potential brute-force attacks. This is considered a best practice in managing secure remote servers.
How to Allow Password Authentication
First, you need to enter your Droplet. For that you can use the Droplet Console.
The Droplet Console is a browser-based way to connect to Droplets. Instead of using
ssh
in a local terminal, you can use the Droplet Console in your preferred web browser.The Droplet Console has a native-like terminal experience, so you can run commands on your Droplet from a familiar command-line interface. It also provides one-click SSH access to your Droplet without the need for a password or manual SSH key configuration.
More on that here:
https://docs.digitalocean.com/products/droplets/how-to/connect-with-console/
Once inside, you need to open the SSHD config file
/etc/ssh/sshd_config
, changePasswordAuthentication
toYes
and restart the serviceservice sshd restart
After that is done, you will be able to connect with a Password.