Question

ssh-copy-id from old VPS (ec2) to new droplet gives Permission denied (publickey) error

Hello,

I am trying to migrate my web application from my old vps (amazon EC2) to my new droplet, following this DO guide.

I am stuck at copying the SSH keys from the old VPS to the new one. I logged in as ‘ubuntu’ user to my EC2 instance (ubuntu 18.04 OS) and did ssh-keygen -t rsa -b 4096 -v. After trying to use the ssh-copy-id command the first time, I saw a Connection timed out error.

I then allowed traffic to port 22 on my droplet as explained in this DO comment by doing sudo ufw allow 22/tcp from the droplet.

However, I tried the ssh-copy-id command again but this time I got a Permission denied (publickey) error.

The exact command I run from the old VPS is (excluding my IP):

ssh-copy-id DROPLET_PUBLIC_IP

I also tried specifying a different user (as amazon EC2 comes with a “ubuntu” user while the droplet has “root”) but I got the same error.

ssh-copy-id root@DROPLET_PUBLIC_IP
Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

umbertofilippoAugust 7, 2019
Accepted Answer

I solved my problem by following the suggestions of @LindsayBSC with a slight change.

Here is what I did to solve the problem. If somebody could possibly explain why I had to do this I’d be thankful.

In the NEW droplet VPS

sudo nano /etc/ssh/sshd_config

Change UsePAM yes to UsePAM no and PasswordAuthentication no to PasswordAuthentication yes.

service ssh reload

In the OLD EC2 VPS

ssh-copy-id root@<DROPLET_PUBLIC_IP>

Check that you can connect to the NEW VPS from this (OLD) VPS:

ssh root@<DROPLET_PUBLIC_IP>

In the NEW droplet VPS

Repeat all the steps inverting the changes to UsePAM and PasswordAuthentication and reloading ssh.

umbertofilippoAugust 7, 2019

Hello @alexgeorgiev and thanks for the feedback. I tried with (excluding public IP)

cat ~/.ssh/id_rsa.pub | ssh root@<DROPLET_PUBLIC_IP> "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

, but I still got root@<DROPLET_PUBLIC_IP>: Permission denied (publickey).

It’s a problem of the droplet settings I suppose, as that is the one complaining about the permissions.

alexdoAugust 6, 2019

Hello,

You can follow this article:

https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2

The command you can use to copy the key to the new machine:

cat ~/.ssh/id_rsa.pub | ssh demo@198.51.100.0 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >>  ~/.ssh/authorized_keys"

This should do the work for you! Let me know how it goes.

Alex