Fresh install of Ubuntu 16.04. SSH error: Permission denied (publickey).

I wanted a fresh start for a project idea. I just rebuilt my droplet with the Ubuntu 16.04.1 x64 image. I received the root password in my email. I wanted to SSH into the server, so I removed the hostname from my known_hosts (in this case, I just deleted my known_hosts file). Every time I attempt to log in I get the message “Permission denied (publickey).”

I’ve tried to do some research on this message, and I don’t understand what I need to do to fix it. I found I can log in to the server using the console on the DO management page, but that console is very laggy. I’d prefer to use my native console. Any pointers?

jfagan@waxball:~/.ssh$ ssh
The authenticity of host ' (123.456.789.123)' can't be established.
ECDSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ',123.456.789.123' (ECDSA) to the list of known hosts.
Permission denied (publickey).

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.


If you received a root password via e-mail, then an SSH Key was not setup on the Droplet when you deployed it, thus you’d need to login as root and add the key after the fact by pasting in your public key to:


If this doesn’t exist, as root, you can run:

mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys

and then set proper permissions on the directory and file by running:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

You would then edit the authorized_keys file using:

nano ~/.ssh/authorized_keys

and then paste in your public SSH key (which should start with ssh-rsa in most cases).

Once your public key is in place, you should be able to login from your terminal (on a Mac) or PuTTy (on Windows) using:

ssh root@DROPLET_IP -i /path/to/private_key

Where DROPLET_IP = the public IP of your Droplet and -i defines the path to your private key file.

When spinning up a new machine there is a section called “Add your SSH Keys”. Click “New SSH key” and copy the contents of your public key. For example, if your key is named id_rsa then you need to copy the file contents into the SSH key content section. Then give the key a unique name you can use to identify it. Click the checkbox for that key and Digital Ocean will make sure that the root user has this key setup after the machine is started up.

NOTE: If you copy and paste the contents of this file from a GUI, it can sometimes copy invisible line breaks and this will break the functionality of your key. I find using the cat command from the command line interface can fix this.

If this doesn’t fix it for you then you may also need to check 1) if you have an ~/.ssh/config file on your local machine and 2) if your ~/.ssh/config file on your local machine has any references to the host you are trying to connect to.