By Jesse Fagan
I wanted a fresh start for a project idea. I just rebuilt my droplet with the Ubuntu 16.04.1 x64 image. I received the root password in my email. I wanted to SSH into the server, so I removed the hostname from my known_hosts (in this case, I just deleted my known_hosts file). Every time I attempt to log in I get the message “Permission denied (publickey).”
I’ve tried to do some research on this message, and I don’t understand what I need to do to fix it. I found I can log in to the server using the console on the DO management page, but that console is very laggy. I’d prefer to use my native console. Any pointers?
jfagan@waxball:~/.ssh$ ssh root@mydomain.com
The authenticity of host 'mydomain.com (123.456.789.123)' can't be established.
ECDSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'mydomain.com,123.456.789.123' (ECDSA) to the list of known hosts.
Permission denied (publickey).
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
When spinning up a new machine there is a section called “Add your SSH Keys”. Click “New SSH key” and copy the contents of your public key. For example, if your key is named id_rsa then you need to copy the id_rsa.pub file contents into the SSH key content section. Then give the key a unique name you can use to identify it. Click the checkbox for that key and Digital Ocean will make sure that the root user has this key setup after the machine is started up.
NOTE: If you copy and paste the contents of this file from a GUI, it can sometimes copy invisible line breaks and this will break the functionality of your key. I find using the cat command from the command line interface can fix this.
If this doesn’t fix it for you then you may also need to check 1) if you have an ~/.ssh/config file on your local machine and 2) if your ~/.ssh/config file on your local machine has any references to the host you are trying to connect to.
If you received a root password via e-mail, then an SSH Key was not setup on the Droplet when you deployed it, thus you’d need to login as root and add the key after the fact by pasting in your public key to:
~/.ssh/authorized_keys
If this doesn’t exist, as root, you can run:
mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys
and then set proper permissions on the directory and file by running:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
You would then edit the authorized_keys file using:
nano ~/.ssh/authorized_keys
and then paste in your public SSH key (which should start with ssh-rsa in most cases).
Once your public key is in place, you should be able to login from your terminal (on a Mac) or PuTTy (on Windows) using:
ssh root@DROPLET_IP -i /path/to/private_key
Where DROPLET_IP = the public IP of your Droplet and -i defines the path to your private key file.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.