loading...
Cover image for DigitalOcean Permission denied (publickey)

DigitalOcean Permission denied (publickey)

gamebusterz profile image Sailesh Choyal Updated on ・3 min read

Trying to access your DigitalOcean droplet and can't get beyond Permission denied (publickey) ?

This could be due to multiple reasons, having the wrong public_key entry in your droplet's authorized_keys, or creating a new public key on your system which the droplet doesn't recognize yet.

After trying the usual things, this is what works:

  1. If you have created a new SSH public key, run: cat ~/.ssh/id_rsa.pub on your local system, and copy the complete key it displays. [Skip to point 2] In case it doesn't display anything, you probably don't have a public SSH key or you could have one under a different name. Go to cd .ssh and see if you have any of the *.pub files there, if you want to use any of those, just run cat filename.pub and copy the key. If you don't have any existing public SSH keys, you can generate one using: ssh-keygen -o, then follow the instructions as shown.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
d0:82:24:8e:d7:f1:bb:9b:33:53:96:93:49:da:9b:e3 user@mylaptop.local
Enter fullscreen mode Exit fullscreen mode

Once the public key is generated, view it using cat ~/.ssh/id_rsa.pub or replace id_rsa.pub with whatever name you gave the file. Now copy that key.

  1. Now head to your digitalocean web console. Go to Settings > Security > SSH Keys > Add SSH Key. Add the SSH key you copied and give it any name.
    Note that if the key already exists, it won't be copied, so you can skip this step.
    Now try connecting via SSH, if it works, you lucky (de)bugger you. If it doesn't work, that's what you're here for.

  2. Head over to your droplet's dashboard and from the left-side options, select Access > Console Access > Launch Console.
    Enter your username and password for the droplet, and it'll connect you to the droplet via SSH (using a web browser).

  3. You'll need to enable password login to your droplet. To do so, sudo nano /etc/ssh/sshd_config, scroll down and set these to yes

PermitRootLogin yes 
PasswordAuthentication yes
Enter fullscreen mode Exit fullscreen mode

​Save the file and run service sshd restart to restart the sshd service and apply the changes.

  1. Now some articles might suggest heading over to the ~/.ssh/authorized_keys on the droplet from the browser SSH console, but it has a bug which only copies the SSH key upto a certain characters, and because of that, it won't work. Therefore, we'll not do this step right now.

  2. As you've enabled password authentication to the server, try SSH to it from the terminal, it'll prompt for the password, after which you should be able to connect. Well, problem solved, or at least most of it.

  3. Now we're going to edit the nano ~/.ssh/authorized_keys file on the server, paste your SSH key here in a newline(which you had generated in Step 1). You can now restart the ssh service again using service sshd restart.

  4. Try SSH using your terminal and you should be able to connect without entering the password. As it's a good security practice to disable Password based login, head over to sudo nano /etc/ssh/sshd_config again on your server, and set

PasswordAuthentication no
Enter fullscreen mode Exit fullscreen mode

Save the file and restart sshd using service sshd restart.

That's it, you should now be able to login to the server without any issues.

Discussion

pic
Editor guide
Collapse
segaz2002 profile image
Kolawole O. Gabriel

Nice, breakdown. Helped 👍