Impossible to add ssh key to existing droplet

HOW do I add a ssh key from a NEW laptop to an existing droplet. I’ve added via the admin panel my ssh public key and when restarting the droplet it’s not added. I’ve tried “ssh root@myip” and typing in the root password I set, I get permission denied. I’ve tried resetting the droplet password and “ssh root@myip” withthe newly sent password, I stil get permission denied. The console via the do website can get me logged in but it lacks copy paste so I cannot paste in the ssh key via that.

Running Ubuntu 14.04 both droplet and my computer.

HOW do I get my ssh key into the droplet?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

SSH keys can only be added to Droplets on Droplet creation. You can add it to admin panel, but it’s only to use it on Droplet creation, restart will not add it automatically.

Make sure you type password correctly. Don’t paste it to terminal, type it yourself (you can paste it too but make sure you use right click if using Putty, or CTRL+SHIFT+V if using Linux/Mac terminal). If you successfully changed password via Web Console, use that new password for login.

You can verify from Web Console is Password authentication and Permit root login enabled (for root password login).

Go to Console, login and open SSH config:

  1. nano /etc/ssh/sshd_config

First locate PasswordAuthentication. Make sure it is not commented (it doesn’t have # in front of line) and is set to yes:

PasswordAuthentication yes

Now locate PermitRootLogin and make sure it is not commented and is set to yes:

PermitRootLogin yes

Now we need to restart SSH so it reflects changes:

  1. sudo service ssh restart

Exit console and try to log in from your computer using SSH. From there, you can add new key. You can also use ssh-copy-id if you are using Linux. It’ll add keys for you. How To Configure SSH Key-Based Authentication on a Linux Server could help you with this.

Is this not a HUGE security hole? I’ve been using DO for years now and just now realized that deleting keys from the UI interface does not remove the keys from authorized_keys. It appears brutally obvious right now, but I was under the impression that by removing the key from the UI I was removing the user’s access. So, I’ve had old users in my authorized_keys file. Yikes!!

Hello there,

You can check our article on How to Upload an SSH Public Key to an Existing Droplet

You can access the droplet from the DigitalOcean console and then temporary enable the PasswordAuthentication on your droplet and access the droplet with a password to upload the ssh-key.

If you haven’t created new pair of keys you’ll need to do that first.

You can enable PasswordAuthentication for your Droplet by modifying your /etc/ssh/sshd_config file. Once set to Yes restart the SSH service and connect via an SSH client for a more stable connection. You can then modify your ~/.ssh/authorized_keys file to add the appropriate public key.

This change can be made from the DigitalOcean’s console. If you’re having issues accessing the console you can then reach to our amazing support team that can help you further with this.

To enable the PasswordAuthentication follow these steps:

  1. Login to the console on the DigitalOcean website.
  2. Type sudo nano /etc/ssh/sshd_config
  3. Change PasswordAuthentication from “no” to “yes” and save the file
  4. Open a terminal on your computer and type ssh username@[hostname or IP address] or if on a Windows box use PuTTY for password login making sure authentication parameters aren’t pointing to a private key
  5. Login with a password
  6. Type sudo nano ~/.ssh/authorized_keys
  7. Paste public key text here and save the file
  8. Type sudo nano /etc/ssh/sshd_config
  9. Change PasswordAuthentication from “yes” to “no” and save the file
  10. Log out and attempt to log back in (if using PuTTY make sure you set up auth parameters to point to your private key)

You can then upload the key using this command:

ssh-copy-id -i ~/.ssh/mykey user@droplet

Hope that this helps! Regards, Alex