curve25519 | Highly efficient implementation of elliptic curve | Cryptography library

It depends on what you used for the $keyFile in your script.

A default name should be part of the /home/pi/.ssh/id_xxx names considered during an SSH session.
But a non-default name would need to be specified in an ~/.ssh/config: double-check if you have one.

Also, in your script, to be sure, don't use ~/.ssh, but /home/$USER/.ssh consistently, to avoid any mistake when the shell substitutes ~.

Your server/device seems to require some dummy keyboard interactive authentication:

Your server seems to issue two keyboard-interactive authentication challenges

• First, a prompt for a password
• Second, a banner with no prompts.

So you will have to do something like this:

TL;DR Your config file "github" entry should look like this:

I have been able to solve this and will explain how.

My issue was my password was not being accepted even after resetting the password in the droplet.

"Password not accepted in the console" info can be found here https://docs.digitalocean.com/products/droplets/resources/troubleshooting-ssh/authentication/

I followed the Boot into the Recovery process linked here: https://docs.digitalocean.com/products/droplets/resources/recovery-iso/#boot-into-the-recovery-iso

• Power down or stop droplet
• Select boot from recovery ISO
• Turned on the droplet again
• clicked the console

At this stage I was present with a list of options.

1. Mount your Disk Image [Not Mounted]
2. Check Filesystem
3. Reset Droplet Root Password
4. Configure Keyboard
5. Attempt to 'chroot' into installed system
6. Interactive Shell [/bin/bash] Choose (1-6) and press Enter to continue.

• I selected option 1, then 3, followed by 6.

• After this I powered off the droplet and selected boot from hard drive.

• Accessing the console I was able to login and enter the password which was accepted and the ghost install began and completed successfully.

I hope this helps anyone who is experiencing the same issue.

There are a few things you are doing wrong

1. You should not login from within the gerrit container as it will use the gerrit user and ssh key. There is no gerrit user in gerrit in such a way
2. You should create a new user, are you using LDAP?
3. Next, log in to gerrit using that users credentials and add the public ssh key from the user in the user profile. Depending on your server url: https://myserver.net/settings/#SSHKeys
4. Now you should be able to connect

If the private key format differs, that means, as I mentioned here that:

• one platform is using openssh prior to 7.8, with an old PEM 64-chars per line format.
• one is using a more recent OpenSSH format, 70-chars per line.

You can force a recent openSSH to generate the old format with:

The encoding defined by Bernstein et al for X25519 (and X448) keys both public and private is unsigned fixed-length little-endian, while the representation returned by BigInteger.toByteArray() and accepted by ctor BigInteger(byte[]) is twos-complement variable-length big-endian. Since 255 bits rounds up to 32 bytes with a spare bit that is always zero (for XDH) the signedness difference can be ignored there, but the others matter.

JCA did make the inteface class XECPrivateKey return, and the corresponding Spec accept, these forms, but for XECPublicKey[Spec] it uses BigInteger. It does use the Bernstein forms consistently for (both) the "X509" and "PKCS8" encodings (respectively) returned by Key.getEncoded() and accepted by a KeyFactory, but those have metadata that XDH-only (or Bernstein-only XDH-and-EdDSA) systems like X3DH don't use.

AFAICS your choices are

• byte-reverse and (zero-)pad when needed the JCA public values in your code, or
• use Key.getEncoded() and parse the algorithm-specific part or conversely build the algorithm-generic structure to pass as X509EncodedKeySpec to KeyFactory.getInstance("Xblah").

The second approach has been asked about in the past for other algorithms: 'traditional' (X9-style) EC -- especially secp256k1 for bitcoin and related coins, which generally use only the raw-X9/SECG data with no metadata -- and RSA where a few systems use the raw-PKCS1 formats (here more commonly for privatekey than publickey); if you want I can find some near-duplicates to illustrate the approach.

It can be found in the documentation below

HMSA doc