Question

Can't access droplet, lost key of root, now ssh-copy-id not working Permission denied (publickey)

I have lost root passphrase of an ssh key now trying to set new key after changing root password from console

Also tried to copy in the console but it copy paste don’t work !!!

ssh-copy-id root@ipaddress /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/Users/jk/.ssh/id_rsa.pub”

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed – if you are prompted now it is to install the new keys

permission denied (publickey).

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Hello,

I would recommend following the steps from the official documentation on how to recover from Lost SSH Keys:

https://www.digitalocean.com/docs/droplets/resources/lost-ssh-key/

Hope that this helps! Regards, Bobby

Hello, all

The Copy/Paste functionality of our web console is a bit odd; the code backing it is custom due to the way the VNC window is implemented for accessing your Droplet. It isn’t a good idea, in my experience, to rely on the console for long copy/pasting like an SSH key.

My recommended method to get the key on the Droplet is over SSH itself. You can enable PasswordAuthentication for your Droplet by modifying your /etc/ssh/sshd_config file. Once set to Yes restart the SSH service and connect via an SSH client for a more stable connection. You can then modify your ~/.ssh/authorized_keys file to add the appropriate public key.

This should do the job for you as well.

The other option is to temporary enable the PasswordAuthentication from no to yes in order to access your droplet using password and then once you’ve entered your key to disable the PasswordAuthentication again. This way is considered more secure than uploading the key to a Dropbox in case you don’t have any other server to us.

  1. Login to the console on DigitalOcean website.
  2. Type sudo nano /etc/ssh/sshd_config
  3. Change PasswordAuthentication from “no” to “yes” and save the file
  4. Open a terminal on your computer and type ssh username@[hostname or IP address] or if on a Windows box use PuTTY for password login making sure authentication parameters aren’t pointing to a private key
  5. Login with password
  6. Type sudo nano ~/.ssh/authorized_keys
  7. Paste public key text here and save the file
  8. Type sudo nano /etc/ssh/sshd_config
  9. Change PasswordAuthentication from “yes” to “no” and save the file
  10. Log out and attempt to log back in (if using PuTTY make sure you set up auth parameters to point to your private key)

Hope that this helps! Regards, Alex