Trying to access your DigitalOcean droplet and can't get beyond
Permission denied (publickey) ?
This could be due to multiple reasons, having the wrong public_key entry in your droplet's
authorized_keys, or creating a new public key on your system which the droplet doesn't recognize yet.
After trying the usual things, this is what works:
- If you have created a new SSH public key, run:
cat ~/.ssh/id_rsa.pubon your local system, and copy the complete key it displays. [Skip to point 2] In case it doesn't display anything, you probably don't have a public SSH key or you could have one under a different name. Go to
cd .sshand see if you have any of the
*.pubfiles there, if you want to use any of those, just run
cat filename.puband copy the key. If you don't have any existing public SSH keys, you can generate one using:
ssh-keygen -o, then follow the instructions as shown.
Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Created directory '/home/user/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: d0:82:24:8e:d7:f1:bb:9b:33:53:96:93:49:da:9b:e3 email@example.com
Once the public key is generated, view it using
cat ~/.ssh/id_rsa.pub or replace
id_rsa.pub with whatever name you gave the file. Now copy that key.
Now head to your digitalocean web console. Go to Settings > Security > SSH Keys > Add SSH Key. Add the SSH key you copied and give it any name.
Note that if the key already exists, it won't be copied, so you can skip this step.
Now try connecting via SSH, if it works, you lucky (de)bugger you. If it doesn't work, that's what you're here for.
Head over to your droplet's dashboard and from the left-side options, select Access > Console Access > Launch Console.
Enter your username and password for the droplet, and it'll connect you to the droplet via SSH (using a web browser).
You'll need to enable password login to your droplet. To do so,
sudo nano /etc/ssh/sshd_config, scroll down and set these to
PermitRootLogin yes PasswordAuthentication yes
Save the file and run
service sshd restart to restart the sshd service and apply the changes.
Now some articles might suggest heading over to the
~/.ssh/authorized_keyson the droplet from the browser SSH console, but it has a bug which only copies the SSH key upto a certain characters, and because of that, it won't work. Therefore, we'll not do this step right now.
As you've enabled password authentication to the server, try SSH to it from the terminal, it'll prompt for the password, after which you should be able to connect. Well, problem solved, or at least most of it.
Now we're going to edit the
nano ~/.ssh/authorized_keysfile on the server, paste your SSH key here in a newline(which you had generated in Step 1). You can now restart the ssh service again using
service sshd restart.
Try SSH using your terminal and you should be able to connect without entering the password. As it's a good security practice to disable Password based login, head over to
sudo nano /etc/ssh/sshd_configagain on your server, and set
Save the file and restart sshd using
service sshd restart.
That's it, you should now be able to login to the server without any issues.