How to regain access to droplet after losing public key and removing root ssh via password?

So, for security reasons I’m planning on disabling SSH via password, and only accepting SSH login via my public key by adding the following to my /etc/ssh/sshd_config:

PasswordAuthentication no
UsePAM no```

So my question do I regain access if I lose my public key?  Can I re-enable SSH login via root with password if I login to my Droplet's Console? Or is there some other way to accomplish this?

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Yes, you can regain access to Droplet even if you lose public key and don’t have SSH root access enabled.

In case that happens, you need to resort to Web Console. Why does Web Console work even with SSH root disabled? Reason is because Web Console is not SSH, look at Console as interface that you would get if you attach keyboard and monitor directly to server (Droplet). Things in sshd_config applies only to SSH session, so Console still works.

In Console you can use root user or non-root user if you created it in Initial Server Set Up. If you have only root account and you used SSH key on Droplet Creation then you don’t have root password (because it’s not emailed when you use SSH key on Creation). In that case, first you need to Reset Root Password by going to Control Panel, Droplet, Access, Reset Root Password. In case you have non-root account or you have root password use it as normal.

Then you can enable password root access or use Console to copy key. It can be hard to copy key in Console as copy and paste don’t work in it so a SSH (or ssh-copy-id if you have) it would be better.

To add a new SSH key, you need to add public key content to ~/.ssh/authorized_keys.

I was curious about this too, so I created a droplet (Ubuntu 16.04) and tested.

Even though I was locked out via ssh: Permission denied (publickey).

I was still able to access the Droplet Console with the password.

I don’t know if this is the same for every OS though.

The 6th post in the comments on this article, from a MOD, would lead you to believe you can always do this, but… I dunno…