Impossible to add ssh key to existing droplet

November 8, 2016 4.8k views
Security DigitalOcean Ubuntu

HOW do I add a ssh key from a NEW laptop to an existing droplet. I've added via the admin panel my ssh public key and when restarting the droplet it's not added. I've tried "ssh root@myip" and typing in the root password I set, I get permission denied. I've tried resetting the droplet password and "ssh root@myip" withthe newly sent password, I stil get permission denied. The console via the do website can get me logged in but it lacks copy paste so I cannot paste in the ssh key via that.

Running Ubuntu 14.04 both droplet and my computer.

HOW do I get my ssh key into the droplet?

3 Answers

Is this not a HUGE security hole? I've been using DO for years now and just now realized that deleting keys from the UI interface does not remove the keys from authorizedkeys. It appears brutally obvious right now, but I was under the impression that by removing the key from the UI I was removing the user's access. So, I've had old users in my authorizedkeys file. Yikes!!

SSH keys can only be added to Droplets on Droplet creation. You can add it to admin panel, but it's only to use it on Droplet creation, restart will not add it automatically.

Make sure you type password correctly. Don't paste it to terminal, type it yourself (you can paste it too but make sure you use right click if using Putty, or CTRL+SHIFT+V if using Linux/Mac terminal).
If you successfully changed password via Web Console, use that new password for login.

You can verify from Web Console is Password authentication and Permit root login enabled (for root password login).

Go to Console, login and open SSH config:

  • nano /etc/ssh/sshd_config

First locate PasswordAuthentication. Make sure it is not commented (it doesn't have # in front of line) and is set to yes:

/etc/ssh/sshd_config
PasswordAuthentication yes

Now locate PermitRootLogin and make sure it is not commented and is set to yes:

/etc/ssh/sshd_config
PermitRootLogin yes

Now we need to restart SSH so it reflects changes:

  • sudo service ssh restart

Exit console and try to log in from your computer using SSH.
From there, you can add new key. You can also use ssh-copy-id if you are using Linux. It'll add keys for you.
How To Configure SSH Key-Based Authentication on a Linux Server could help you with this.

SSH, or secure shell, is the most common way of administering remote Linux servers. Although the daemon allows password-based authentication, exposing a password-protected account to the network can open up your server to brute-force attacks. In this guide, we demonstrate how to configure your server with SSH keys, which is the recommended authentication method. These are much more difficult for attackers to work around, giving you a more secure login mechanism.
  • SSH keys can only be added to Droplets on Droplet creation.

    Is this true? If so, why does DO have tutorials on how to configure SSH keys on existing droplets?

    Tutorial

    by Pablo Carranza
    This tutorial runs through creating SSH keys with PuTTY to connect to your virtual server.
    • You can't add SSH keys to existing Droplet via Control Panel. Via Control Panel, you can only add on Droplet Creation.

      That doesn't mean you can't SSH keys to existing Droplet. You can but you need to do it from SSH or Web Console. Tutorial you linked should explain it to you.

      Guess I wrongly worded answer, sorry for that. I thought on Admin Panel.

When I do:

sudo service ssh restart

I get:

Redirecting to /bin/systemctl restart ssh.service
Failed to restart ssh.service: Unit not found.

Any ideas?

Have another answer? Share your knowledge.