Question

After reset droplet root password. They have show some error public key permission denied by SSH

Hi,

We reset the root password and now the droplet is not booted, the website is down.

I can’t access the server via ssh?

Thanks.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

I was having the same issue. I tried logging in via the DigitalOcean console, but I had never set a password so I was unable to. After requesting a new root password via email, I was able to log in via the console but now logging in via ssh no longer worked.

The reason for this was that I had disabled password login in /etc/ssh/sshd_config as a security measure:

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

However, now that my root account had a password set, it never showed me the password prompt when logging in via ssh. Instead I’d be greeted by the Permission denied (publickey) error.

To solve this, you can either enable password authentication, simply comment out the PasswordAuthentication line in your sshd_config. But this will require you to enter your password every time you log in via ssh. Or you can remove your root password entirely using

sudo passwd -dl root

Note that you should only do this if you have public key authentication setup. Otherwise not having a password would naturally be very insecure. Tbh, I’m not 100% if not having a password is very secure, even with public key authentication. But I’ve been doing it like this without any issues for quite some time now.

Hello there,

You can check our article on How to Upload an SSH Public Key to an Existing Droplet

https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/to-existing-droplet/

You can access the droplet from the DigitalOcean console and then temporary enable the PasswordAuthentication on your droplet and access the droplet with a password to upload the ssh-key.

If you haven’t created new pair of keys you’ll need to do that first.

You can enable PasswordAuthentication for your Droplet by modifying your /etc/ssh/sshd_config file. Once set to Yes restart the SSH service and connect via an SSH client for a more stable connection. You can then modify your ~/.ssh/authorized_keys file to add the appropriate public key.

This change can be made from the DigitalOcean’s console. If you’re having issues accessing the console you can then reach to our amazing support team that can help you further with this.

To enable the PasswordAuthentication follow these steps:

  1. Login to the console on the DigitalOcean website.
  2. Type sudo nano /etc/ssh/sshd_config
  3. Change PasswordAuthentication from “no” to “yes” and save the file
  4. Open a terminal on your computer and type ssh username@[hostname or IP address] or if on a Windows box use PuTTY for password login making sure authentication parameters aren’t pointing to a private key
  5. Login with a password
  6. Type sudo nano ~/.ssh/authorized_keys
  7. Paste public key text here and save the file
  8. Type sudo nano /etc/ssh/sshd_config
  9. Change PasswordAuthentication from “yes” to “no” and save the file
  10. Log out and attempt to log back in (if using PuTTY make sure you set up auth parameters to point to your private key)

You can then upload the key using this command:

ssh-copy-id -i ~/.ssh/mykey user@droplet

Hope that this helps! Regards, Alex

Hi @alimustafakhan1,

In order to enter the DigitalOcean console, you need to use the root user and root user’s password. You can reset the password again from the Access menu I’ve mentioned earlier in your Control Panel. Once you receive the password there you can use it to connect to the DigitalOcean droplet Console.