Question

Can't access droplet, lost key of root, now ssh-copy-id not working Permission denied (publickey)

Posted January 13, 2020 1.5k views
DigitalOceanLinux CommandsUbuntu 18.04

I have lost root passphrase of an ssh key
now trying to set new key after changing root password from console

Also tried to copy in the console but it copy paste don’t work !!!

ssh-copy-id root@ipaddress
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/Users/jk/.ssh/id_rsa.pub”

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed – if you are prompted now it is to install the new keys

permission denied (publickey).

edited by bobbyiliev

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers

Hello,

I would recommend following the steps from the official documentation on how to recover from Lost SSH Keys:

https://www.digitalocean.com/docs/droplets/resources/lost-ssh-key/

Hope that this helps!
Regards,
Bobby

Hello, all

The Copy/Paste functionality of our web console is a bit odd; the code backing it is custom due to the way the VNC window is implemented for accessing your Droplet. It isn’t a good idea, in my experience, to rely on the console for long copy/pasting like an SSH key.

My recommended method to get the key on the Droplet is over SSH itself. You can enable PasswordAuthentication for your Droplet by modifying your /etc/ssh/sshdconfig file. Once set to Yes restart the SSH service and connect via an SSH client for a more stable connection. You can then modify your ~/.ssh/authorizedkeys file to add the appropriate public key.

This should do the job for you as well.

The other option is to temporary enable the PasswordAuthentication from no to yes in order to access your droplet using password and then once you’ve entered your key to disable the PasswordAuthentication again. This way is considered more secure than uploading the key to a Dropbox in case you don’t have any other server to us.

  1. Login to the console on DigitalOcean website.
  2. Type sudo nano /etc/ssh/sshd_config
  3. Change PasswordAuthentication from “no” to “yes” and save the file
  4. Open a terminal on your computer and type ssh username@[hostname or IP address] or if on a Windows box use PuTTY for password login making sure authentication parameters aren’t pointing to a private key
  5. Login with password
  6. Type sudo nano ~/.ssh/authorized_keys
  7. Paste public key text here and save the file
  8. Type sudo nano /etc/ssh/sshd_config
  9. Change PasswordAuthentication from “yes” to “no” and save the file
  10. Log out and attempt to log back in (if using PuTTY make sure you set up auth parameters to point to your private key)

Hope that this helps!
Regards,
Alex