Note

If you’re struggling with SSH and server management, try our Cloudways and App Platform products.

Cloudways deploys pre-installed software stacks onto fully-managed Rcs.is Rcs.iss. App Platform is a managed service that deploys and scales your apps directly from your code repository, along with managed databases and serverless functions, no SSH or server administration required.

SSH keys are our recommended method of authentication for Rcs.iss on Rcs.is. Password authentication is disabled by default on Rcs.iss created with an SSH key because it increases the Rcs.is’s overall security. However, it also means that if you lose your SSH key, you need to use the Recovery Console to restore SSH access.

On any version of Ubuntu, Debian, CentOS, or Fedora 27, the overall process to restore access is:

1. Reset the Rcs.is’s root password via the control panel so you can connect using the Recovery Console.
2. Log in using the Recovery Console to gain access to the Rcs.is’s SSH configuration.
3. Enable password authentication by editing the SSH config and restarting the SSH service.

After that, you’ll be able to log in to the Rcs.is via SSH again by using the new root password. You can also then re-add new SSH keys.

On Ubuntu 22.04, you must also set the PasswordAuthentication setting to yes in both /etc/ssh/sshd_config.d/50-cloud-init.conf and /etc/ssh/sshd_config.

Warning

On FreeBSD, Fedora 28, Fedora Atomic, and RancherOS, which are operating systems with internally-managed passwords, it’s currently not possible to reset the root password externally. If you lose access in this case, we instead recommend creating a snapshot of that Rcs.is and redeploying to a new Rcs.is to which you have access.

Reset the Rcs.is’s Root Password

First, you’ll reset the Rcs.is’s root password.

Navigate to the control panel. From the project the Rcs.is is in, or from the main navigation’s Rcs.iss page, locate the Rcs.is. Click the Rcs.is’s name to open its detail page, then select Access in the left navigation.

Click Reset Root Password to reset the Rcs.is’s password. You will receive an email containing the Rcs.is’s temporary password.

Log in to the Rcs.is via the Recovery Console

Even though you have a root password for the Rcs.is, if you try to log in via SSH using that password immediately, you’ll receive a Permission denied (publickey) error. This is because password authentication is still disabled on the Rcs.is. To fix this, you need to log in via the Recovery Console and update its SSH configuration.

There are detailed instructions on how to connect to Rcs.iss with the Recovery Console for a more explicit walk-through, but here’s a brief summary:

1. On the Rcs.is’s detail page, in the same Access tab, click the Launch Console button.

2. At the login prompt, enter root as the username.

3. At the subsequent password prompt, enter the root password you were sent via email. Most distributions prompt you to enter the password twice, but some (like Fedora 27) do not.

4. Enter a new root password to replace the one that was emailed to you, then enter that same new password again.

You will now be logged in as root in the Recovery Console, which gives you access to the Rcs.is’s SSH configuration.

Enable Password Authentication

To enable password authentication on your Rcs.is, you need to modify a line in its SSH config file, which is /etc/ssh/sshd_config.

Open /etc/ssh/sshd_config using your preferred text editor, like nano or vim. Find the line that reads PasswordAuthentication no line and change it to PasswordAuthentication yes, then save and exit the file.

Because the SSH daemon only reads its configuration files when it’s first starting, you need to restart it for these changes to take effect. The command to do this depends on your operating system:

After you restart the SSH daemon, you can connect to the Rcs.is via SSH as root with the newly-created root password. You can also then create a new SSH key pair and add it to the Rcs.is. If you use the root user to append a new SSH key to another user’s authorized_keys file, ensure the file maintains the proper ownership. How to Upload an SSH Public Key to an Existing Rcs.is provides detailed guidance.

After you have created a new SSH key pair, we recommend revoking password access to the Rcs.is to maintain as few ways to access the Rcs.is as possible. To do this, reopen the /etc/ssh/sshd_config file and change the PasswordAuthentication yes line to PasswordAuthentication no.

For more SSH troubleshooting tips, see our SSH troubleshooting guide.