@sshjerk

To enable public key authentication you must do the following:

1- On your local machine, create a ssh key par with ssh-keygen.
2- Copy your public key to the server using ssh-copy-id <username>@<server ip>
3- Then you can login using ssh <username>@<server ip>

Hope this helps.

@sshjerk

You should only need to setup .ssh for individual users. The root user already has this directory on Ubuntu – ~/.ssh – and it’s permissions are already set.

So what you need to do depends on who you’re trying to set the SSH Key up for.

…

For root, you’d generate a key pair locally and add the public key to ~/.ssh/authorized_keys. You’d then use the private key to log in.

For example, I’m on MacOS, so I’d open up Terminal and run:

ssh-keygen -a 500 \
           -b 4096 \
           -C "" \
           -E sha256 \
           -o \
           -t rsa

From there, I’ll be prompted to set a location for storing the keys generated by the command, so I’ll provide a path and name. You’ll then be prompted for a passphrase and asked to confirm.

Once the key is saved locally, you can then cat it locally and then copy and paste it to the server or us the ssh-copy-id command. I normally copy and paste :-).

…

If you’re setting up SSH Keys for non-root users, you need to make sure the user is setup properly.

mkdir -p /home/mynewuser/.ssh

touch /home/mynewuser/.ssh/authorized_keys

useradd -d /home/mynewuser mynewuser

chmod 700 /home/mynewuser/.ssh

chmod 644 /home/mynewuser/.ssh/authorized_keys

chown -R /home/mynewuser

chown root:root /home/mynewuser

Now that the new user is setup, you can copy the public key to the users authorized_keys file.

…

The public key doesn’t need to exist anywhere other than in the authorized_keys file on the Droplet. The private key should not be uploaded at all, instead, only used locally to connect.

Hello there,

You can check our article on How to Upload an SSH Public Key to an Existing Droplet

https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/to-existing-droplet/

You can access the droplet from the DigitalOcean console and then temporary enable the PasswordAuthentication on your droplet and access the droplet with a password to upload the ssh-key.

If you haven’t created new pair of keys you’ll need to do that first.

You can enable PasswordAuthentication for your Droplet by modifying your /etc/ssh/sshd_config file. Once set to Yes restart the SSH service and connect via an SSH client for a more stable connection. You can then modify your ~/.ssh/authorized_keys file to add the appropriate public key.

This change can be made from the DigitalOcean’s console. If you’re having issues accessing the console you can then reach to our amazing support team that can help you further with this.

To enable the PasswordAuthentication follow these steps:

1. Login to the console on the DigitalOcean website.
2. Type sudo nano /etc/ssh/sshd_config
3. Change PasswordAuthentication from “no” to “yes” and save the file
4. Open a terminal on your computer and type ssh username@[hostname or IP address] or if on a Windows box use PuTTY for password login making sure authentication parameters aren’t pointing to a private key
5. Login with a password
6. Type sudo nano ~/.ssh/authorized_keys
7. Paste public key text here and save the file
8. Type sudo nano /etc/ssh/sshd_config
9. Change PasswordAuthentication from “yes” to “no” and save the file
10. Log out and attempt to log back in (if using PuTTY make sure you set up auth parameters to point to your private key)

You can then upload the key using this command:

ssh-copy-id -i ~/.ssh/mykey user@droplet

Hope that this helps!
Regards,
Alex