Recovering Access to my DigitalOcean Server
The other day, I reimaged my desktop at home, backing up all my files – supposedly… I had forgotten to back up one hidden folder which I had overlooked, my .ssh folder containing my
SSH keys.
Look, we all make mistakes, right?
What ensued was two hours of trying to recover access to my server.
Trying to SSH in
Obviously, without the proper SSH key, I couldn’t log in to my server.
$ ssh
[user]@brianlam.me
Permission denied (publickey).
So, I tried to SSH in with my password, forcing my SSH client to use a password instead of a key.
$ ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no
[user]@brianlam.me
Permission denied, please try again.
Close, but no cigar. I
had previously disabled password authentication on my server, opting for the more secure SSH key authentication.
Using Console Access
DigitalOcean allows users to access their account using a Virtual Network Computing console, so I gave that a shot.
This console lets me log in to my server using a password, since it doesn’t work over SSH. For some reason, my password wouldn’t work on here, and neither would the root password.
So, with nothing to lose, I reset the root password.
And voila, it worked. I kinda had access to my server, but I still couldn’t SSH into it, and this VNC Console isn’t a good long term solution. Keyboard inputs lag a couple seconds, it freezes often, and I couldn’t even copy-paste into the command line.
But hey, better than nothing, right?
(Temporarily) Allowing Password Authentication
I temporarily modified /etc/ssh/sshd_config to allow Password Authentication.
PasswordAuthentication yes
$ service ssh restart
This didn’t work, so I also had to disable PubKeyAuthentication. This took about 5 minutes to do, because keyboard input was so laggy and the screen didn’t seem to want to update whenever I scrolled through text in vim.
PubKeyAuthentication no
$ service ssh restart
Resetting Account Passwords
Thinking I had somehow forgotten my account password, I reset the password to my account on the server.
passwd
[user]
Things got Really Weird
I still couldn’t SSH in to my server.
Permission denied, please try again.
I definitely did not forget my password this time, since I had just reset it. But just in case I had the memory of a goldfish, I reset it once again. And again. And again.
I eventually tried the password “a”, which still didn’t work. I know for a fact that I did not forget “a”. Then I read this StackOverflow
page – which suggested the DigitalOcean console likely sent character encodings differently from my normal SSH client.
Really?
When Copy Paste isn’t an option
Unable to password authenticate into my server, I re-enabled PubkeyAuthentication and disabled PasswordAuthentication.
PubKeyAuthentication yes
PasswordAuthentication no
$ service ssh restart
Still, I had the issue of adding an SSH key to my server, without being able to copy paste. At this point, I was getting desperate. I almost considered carefully typing the SSH public key by hand.
And then I saw this
post in the DigitalOcean community, where someone had suggested uploading the key to Dropbox, and downloading it from the server.
So I uploaded the key to Dropbox, and grabbed the share link. This brings you to a download portal, but doesn’t give a direct file download, which the server needs. You can easily change the download link to a direct download link by replacing the “www.dropbox” part of the URL to “dl.dropboxusercontent”
curl 'https://dl.dropbox.....' > tempkey
cat tempkey >> .ssh/authorized_keys
And it worked. Who knew the curl command would be my savior?
Lesson Learned
Back up your SSH key.