Add SSH key after creating a droplet

May 14, 2014 107.3k views
Hi There, I did not add the SSH key before creating the droplet. Now my server is all set and is about to go live. I cannot setup another one but really need to add an SSH key. Is there any way I could do that. Also I cannot se any droplet resize option available, any ideas why is that? I'm currently running LAMP on Ubuntu 12. 512 MB droplet. Thanks.
6 comments
12 Answers
To add a SSH key after the creation of the droplet, you need to add the contents of the public key to the file ~/.ssh/authorized_keys You can do that by running this on your local computer:


cat ~/.ssh/id_rsa.pub | ssh root@your.ip.address "cat >> ~/.ssh/authorized_keys"


You need to power down the droplet before you can resize it.
  • how do you do the adding shh? i mean please explain this command,, and where do i do this?

  • I get the following when entering the root password:

    WARNING: Your password has expired.
    Password change required but no TTY available.
    

    Nothing happens afterwards.

  • This worked perfectly for me. Thanks a million!

by Etel Sverdlov
SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, use, and upload an SSH Key Pair.

These answers are all great, accept whenever I try to connect to my digital ocean server I get, 'permission denied (publickey)' when using any username set up including root and therefore I cannot add the key?

Exactly! I had to add an SSH key to an existing droplet but couldn't log in via SSH because of "permission denied (publickey)" so all these instructions are not working if you disabled password login. I lost a lot of time trying to get access to my droplet from a new computer. The only solution was to get my old computer and log in from there with the old SSH key. The Digital Ocean console is completely non-functional. It just doesn't work. If I paste in my SSH key it gets altered, upper-case letters become lower-case letters, the string is cut off in the middle etc. and it's extremely slow and non-responsive. All in all a very frustrating experience!

  • totally agree. it's weird they haven't added on dashboard to add new ssh keys on a existing droplet. the web console is literally really bad, pasting the ssh key doesn't work...

  • Yes, I experienced the same thing today:

    " If I paste in my SSH key it gets altered, upper-case letters become lower-case letters, the string is cut off in the middle etc. and it's extremely slow and non-responsive."

    And even I updated the "authorized_keys" with my new public SSH key after enabled the passwordLogin and remoteLogin on using the DigitalOcean's frustrating terminal, still can't login with noPassword option.

  • We have had some users ask us about the exact situation at SimpleBackups.io where they needed to create a backup but did not have access to their droplet (locked out).

    A solution that works in this case to access your data is:

    1. Take a snapshot of your droplet from DigitalOcean
    2. Create a droplet from the snapshot taken - right here you will be given the option to add an SSH key, add your new one or even choose password auth.
    3. After the new droplet is created, you can SSH using your chosen key to the new droplet and access your old data.
    4. You may delete the old droplet and update your DNS and apps to use the new IP address - or if you are using a floating IP then just let it point to the new droplet!

    Hope this helps.

I would advise this guide here for the first part of your question:

https://www.digitalocean.com/community/articles/how-to-set-up-ssh-keys--2
by Etel Sverdlov
SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, use, and upload an SSH Key Pair.
You definitely can add an SSH key after creating a droplet. See How To Set Up SSH Keys.
Also I cannot se any droplet resize option available, any ideas why is that?
It could be that the physical server that your droplet is on does not have enough available space to resize your droplet -- can you post a screenshot of the resize page?
by Etel Sverdlov
SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, use, and upload an SSH Key Pair.
To resize the droplet, you're going to need to take a snapshot and then spin it up as a new droplet. A great guide can be found here.

https://www.digitalocean.com/community/articles/how-to-resize-droplets-using-snapshots
by Etel Sverdlov
This tutorial covers how to manually migrate droplets between hypervisors by taking a snapshot of the droplet and then spinning it up in a large or smaller size.

I didn't see this in the answers below.
But if you already have a public key that you want to reuse, you can just add it to ~/.ssh/authorized_keys file.

For anyone finding this via Google that found this answer: logging into your droplets via SSH on a Windows machine where you might be using a specialized client to generate your keys, the command asb uses in this comment thread doesn't work, and there really aren't any answers to tell you why.

Here's an explanation. For a quick command-line copy and paste answer, scroll to the bottom of this comment. Breaking down the command:

cat ~/.ssh/id_rsa.pub

On a *NIX machine, this would output your local public SSH key.

|

The pipe character is standard Shell-speak for "piping" data into the stdin (input console) of a program or file handle. An easy way to remember it is the output of the command on the left will be received as input for the command on the right.

ssh root@your.ip.address "cat >> ~/.ssh/authorized_keys"

This is standard use of the SSH command, except the part in quotes actually encloses a command to send to the server you're SSHing into.

What this adds up to mean is "output my local public key into the authorized_keys file on the server I'm SSHing into". Which, on Windows, unless you use a platform like Cygwin for all of your SSH, means it wouldn't work, because Windows isn't a *NIX-style platform.

Solution for Windows users using native SSH clients: Paste the following into a root shell on your droplet:

echo "YOUR_SSH_PUBKEY_GOES_HERE" >> ~/.ssh/authorized_keys

Your SSH key should now be authorized on the droplet.

Here is the working guide on how to add a SSH key to existing droplet (for Windows users)
http://geektnt.com/how-to-add-ssh-key-to-existing-digitalocean-droplet.html

How about when you already have an SSH key used with other droplets but start a new droplet without using it; how do you later implement SSH logins using that key?

This snippet/command from https://www.digitalocean.com/community/tutorials/how-to-use-ssh-keys-with-digitalocean-droplets did not work

"In order to add additional keys to pre-existing droplets, you can paste in the keys using SSH:

cat ~/.ssh/idrsa.pub | ssh root@[your.ip.address.here] "cat >> ~/.ssh/authorizedkeys" "

by Etel Sverdlov
This guide is for Mac OS X and Linux users. Learn how to use SSH Keys with DigitalOcean Droplets.
Have another answer? Share your knowledge.