Question

How to change SSH Authorized Keys

I can’t connect through ssh or sftp. I’ve been hours around this and now I think I have found the problem. When I enter on the console of my droplet I type vi ~/.ssh/authorized_keys . I see an old key there. I would like to remove and paste the new one, but when I do paste the output is different from what I have copied. So I can’t update it. On my account I do have the correct ssh key inserted. I also have tried ssh-copy-id root@droplet.it I get Permission denied (publickey).

When I try to connect with SFTP (FileZilla): Status: Using username “root”. Status: Server refused our key Error: FATAL ERROR: No supported authentication methods available (server sent: publickey) Error: Could not connect to server

So my question is, if I can’t use the DigitalOcean Console to change the ssh/authorized_keys I will never be able to connect with ssh or sftp. How can I solve this ?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hello, @diogohenriques

The Copy/Paste functionality of our web console is a bit odd; the code backing it is custom due to the way the VNC window is implemented for accessing your Droplet. It isn’t a good idea, in my experience, to rely on the console for long copy/pasting like an SSH key.

My recommended method to get the key on the Droplet is over SSH itself. You can enable PasswordAuthentication for your Droplet by modifying your /etc/ssh/sshd_config file. Once set to Yes restart the SSH service and connect via an SSH client for a more stable connection. You can then modify your ~/.ssh/authorized_keys file to add the appropriate public key.

This should do the job for you as well.

The other option is to temporary enable the PasswordAuthentication from no to yes in order to access your droplet using password and then once you’ve entered your key to disable the PasswordAuthentication again. This way is considered more secure than uploading the key to a Dropbox in case you don’t have any other server to us.

  1. Login to the console on the DigitalOcean website.
  2. Type sudo nano /etc/ssh/sshd_config
  3. Change PasswordAuthentication from “no” to “yes” and save the file
  4. Open a terminal on your computer and type ssh username@[hostname or IP address] or if on a Windows box use PuTTY for password login making sure authentication parameters aren’t pointing to a private key
  5. Login with a password
  6. Type sudo nano ~/.ssh/authorized_keys
  7. Paste public key text here and save the file
  8. Type sudo nano /etc/ssh/sshd_config
  9. Change PasswordAuthentication from “yes” to “no” and save the file
  10. Log out and attempt to log back in (if using PuTTY make sure you set up auth parameters to point to your private key)

Another thing is to check this article when you’ve regained access to the droplet:

https://docs.digitalocean.com/products/droplets/how-to/add-ssh-keys/to-existing-droplet/

Hope that this helps! Regards, Alex