How to regain access to droplet after losing public key and removing root ssh via password?

Posted November 28, 2016 8.8k views

So, for security reasons I’m planning on disabling SSH via password, and only accepting SSH login via my public key by adding the following to my /etc/ssh/sshd_config:

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

So my question is…how do I regain access if I lose my public key? Can I re-enable SSH login via root with password if I login to my Droplet’s Console? Or is there some other way to accomplish this?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
3 answers

Yes, you can regain access to Droplet even if you lose public key and don’t have SSH root access enabled.

In case that happens, you need to resort to Web Console.
Why does Web Console work even with SSH root disabled? Reason is because Web Console is not SSH, look at Console as interface that you would get if you attach keyboard and monitor directly to server (Droplet).
Things in sshd_config applies only to SSH session, so Console still works.

In Console you can use root user or non-root user if you created it in Initial Server Set Up.
If you have only root account and you used SSH key on Droplet Creation then you don’t have root password (because it’s not emailed when you use SSH key on Creation). In that case, first you need to Reset Root Password by going to Control Panel, Droplet, Access, Reset Root Password.
In case you have non-root account or you have root password use it as normal.

Then you can enable password root access or use Console to copy key. It can be hard to copy key in Console as copy and paste don’t work in it so a SSH (or ssh-copy-id if you have) it would be better.

To add a new SSH key, you need to add public key content to ~/.ssh/authorized_keys.

by Mitchell Anicas
When you start a new server, there are a few steps that you should take every time to add some basic security and give you a solid foundation. In this guide, we'll walk you through the basic steps necessary to hit the ground running with Ubuntu 16.04.

I was curious about this too, so I created a droplet (Ubuntu 16.04) and tested.

Even though I was locked out via ssh:
Permission denied (publickey).

I was still able to access the Droplet Console with the password.

I don’t know if this is the same for every OS though.

The 6th post in the comments on this article, from a MOD, would lead you to believe you can always do this, but… I dunno…