Permission denied (publickey)

Posted January 2, 2020 2.6k views
Ubuntu 18.04

Yesterday i was connected to my droplet via SSH as usual, doing my work.
Then i has issues with zsh so i removed it to use the default console:

sudo apt-get --purge remove zsh

Then I exited and now I can’t connect anymore.

Via SSH I get the “permission denied” error.
Via web console it looks like the login worked (I see the welcome screen for a second), and then it goes back to the login screen again.

Right now i have no way to log in. I tried re-adding the SSH key via dashboard and it says that the SSH key is already installed, so that’s not the problem (but i knew it).

I believe that after removing zsh now i don’t have a default shell.

What could I do??

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

7 answers

Hey @stesvis just so I understand more, you deleted zsh from your machine (client)

If you readd a key via the dashboard, it does not add it to the server. You can make a snapshot, then start a new server from that snapshot and select your key. Or you can use recovery boot to add your SSH key to the file system. I can go into more details if you wish.

However, I don’t think you would have deleted your local key? Whats inside your client machines ~/.ssh folder?

If you ssh with -vvv you will see more details with what its attempting to do with authentication.


SnapShooter DigitalOcean Backups

@snapshooter yes please advise on how to recover.

In my client .ssh folder i have the idrsa public and private keys.
If I go to My Account, Security and click on Add SSH Key i can paste my public key from the local machine but then it says that the key is already registered on the authorized
keys file on the server.

And i am not surprised because i was connected 2 minutes before via SSH.

I had zsh installed on the server, but it had issues so i wanted to remove it and go back to the default bash.

I removed zsh from the server without setting the default bash first, and i believe this is the beginning of all my issues right now.

@snapshooter I ran ssh with the -vvv parameter and posted the response, but it was marked as spam.

@snapshooter why adding the SSH key again?
As the dashboard says, it’s already in the authorized_keys file.

Sorry, here’s the gist

@snapshooter so i did what you suggested:

  1. Created a snapshot of my droplet
  2. Created a droplet from that snapshot
  3. Imported my existing SSH Keys

The I tried to connect to that new droplet and I get the same result:

$ ssh root@
The authenticity of host ‘ (’ can’t be established.
ECDSA key fingerprint is SHA256:0aoXC4P69niNy1KVcmvEo/78Vx38Vwv7ki5yRL9+mwE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '’ (ECDSA) to the list of known hosts.

root@ Permission denied (publickey).

The I launched the web console and I got the login screen:

I entered the username and password.
For a second I saw this. I only had like 1 sec to take a screenshot:

And immediately it went back to here again:

I am out of options, I really don’t know how to recover this…

@snapshooter Now I created a new droplet (NOT from snapshot), and I can connect regularly with the same keys.

So there is not an issue with SSH keys. I don’t know how to troubleshoot that droplet now. I believe it’s because it does not have a default bash anymore.

  • @stesvis I think you’re going to have to boot into recovery mode.

    When you’re in recovery mode, mount the filesystem, then edit /mnt/etc/passwd
    Look for the root line and see what bash is setup.

    Should be something like


For those who face the same problem. It turns out, when I reset my through chsh, I accidentally set root sh to be bash instead of /bin/bash.

To fix this:

  • Got to Recovery tab in Digital Ocean.
  • Choose Boot From Recovery ISO
  • Restart the droplet and connect to it through ssh
  • Now you are booted from recovery OS, you need to mount your harddrive, run tmux and choose 1 to Mount your hard drives.
  • Go to interactive mode
  • Change the content of /mnt/etc/passwd, change line starting with “root” to this: root:x:0:0:root:/root:/bin/bash
  • Logout, switch back to Boot from Hard Drive
  • Restart the droplet and try to connect, if credentials are okey, you will successfully login.
Submit an Answer