Question

Adding public key to an existing droplet failed

Posted September 28, 2015 2.4k views
CentOSGetting StartedDigitalOcean

I created a droplet and selected the “ssh key” option, without actually generating the key pair. After the droplet was created, I think I need to add a public key I locally generated on my Linux machine to the droplet, but I can’t make it work. I generate the key pair locally, and executed:

ssh-copy-id -i .ssh/idjenkinsrsa.pub root@my_ip_address.

Now I check on the authorized_keys on the droplet, and found there are two keys, one being the added one.

But when I tried to ssh the the server, I am still asked to enter a password. How can I make it work? Can I remove the .ssh/authorized_keys on the droplet and copy my local public key file to the remote droplet?

It has been very annoying. My machine is CentOS 7. Thanks.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers

Hello,

When you log in with SSH, do you identify the key with ssh -i /path/to/private/key? This will ensure you are using the right SSH key when logging in. Sometimes, if you have alot of key pairs; the system will fail due to too many keys being passed. Make sure with the above command you change /path/to/private/key to the actual path of your private key. I imagine it’s likely .ssh/idjenkinsrsa based on your public key path.

Specifying the private key you want to use, that matches the public key you added, will fix this.

As for if you can remove the keys and add them, sure! Just remove the 2 keys from the ~/.ssh/authorized_keys file on the droplet and then re-add your key. You can even add it manually if you want, but just copying it and pasting it into the file.

Hello there,

You can check our article on How to Upload an SSH Public Key to an Existing Droplet

https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/to-existing-droplet/

You can access the droplet from the DigitalOcean console and then temporary enable the PasswordAuthentication on your droplet and access the droplet with a password to upload the ssh-key.

If you haven’t created new pair of keys you’ll need to do that first.

You can enable PasswordAuthentication for your Droplet by modifying your /etc/ssh/sshd_config file. Once set to Yes restart the SSH service and connect via an SSH client for a more stable connection. You can then modify your ~/.ssh/authorized_keys file to add the appropriate public key.

This change can be made from the DigitalOcean’s console. If you’re having issues accessing the console you can then reach to our amazing support team that can help you further with this.

To enable the PasswordAuthentication follow these steps:

  1. Login to the console on the DigitalOcean website.
  2. Type sudo nano /etc/ssh/sshd_config
  3. Change PasswordAuthentication from “no” to “yes” and save the file
  4. Open a terminal on your computer and type ssh username@[hostname or IP address] or if on a Windows box use PuTTY for password login making sure authentication parameters aren’t pointing to a private key
  5. Login with a password
  6. Type sudo nano ~/.ssh/authorized_keys
  7. Paste public key text here and save the file
  8. Type sudo nano /etc/ssh/sshd_config
  9. Change PasswordAuthentication from “yes” to “no” and save the file
  10. Log out and attempt to log back in (if using PuTTY make sure you set up auth parameters to point to your private key)

You can then upload the key using this command:

ssh-copy-id -i ~/.ssh/mykey user@droplet

Hope that this helps!
Regards,
Alex