ssh-copy-id from old VPS (ec2) to new droplet gives Permission denied (publickey) error

August 6, 2019 178 views
Networking Initial Server Setup Ubuntu 18.04

Hello,

I am trying to migrate my web application from my old vps (amazon EC2) to my new droplet, following this DO guide.

I am stuck at copying the SSH keys from the old VPS to the new one.
I logged in as ‘ubuntu’ user to my EC2 instance (ubuntu 18.04 OS) and did ssh-keygen -t rsa -b 4096 -v.
After trying to use the ssh-copy-id command the first time, I saw a Connection timed out error.

I then allowed traffic to port 22 on my droplet as explained in this DO comment by doing sudo ufw allow 22/tcp from the droplet.

However, I tried the ssh-copy-id command again but this time I got a Permission denied (publickey) error.

The exact command I run from the old VPS is (excluding my IP):

ssh-copy-id DROPLET_PUBLIC_IP

I also tried specifying a different user (as amazon EC2 comes with a “ubuntu” user while the droplet has “root”) but I got the same error.

ssh-copy-id root@DROPLET_PUBLIC_IP
3 Answers
umbertofilippo August 7, 2019
Accepted Answer

I solved my problem by following the suggestions of @LindsayBSC with a slight change.

Here is what I did to solve the problem. If somebody could possibly explain why I had to do this I’d be thankful.

In the NEW droplet VPS

sudo nano /etc/ssh/sshd_config

Change UsePAM yes to UsePAM no and PasswordAuthentication no to PasswordAuthentication yes.

service ssh reload

In the OLD EC2 VPS

ssh-copy-id root@<DROPLET_PUBLIC_IP>

Check that you can connect to the NEW VPS from this (OLD) VPS:

ssh root@<DROPLET_PUBLIC_IP>

In the NEW droplet VPS

Repeat all the steps inverting the changes to UsePAM and PasswordAuthentication and reloading ssh.

by Etel Sverdlov
SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, use, and upload an SSH Key Pair.

Hello,

You can follow this article:

https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys–2

The command you can use to copy the key to the new machine:

cat ~/.ssh/id_rsa.pub | ssh demo@198.51.100.0 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >>  ~/.ssh/authorized_keys"

This should do the work for you! Let me know how it goes.

Alex

by Etel Sverdlov
SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, use, and upload an SSH Key Pair.

Hello @alexgeorgiev and thanks for the feedback. I tried with (excluding public IP)

cat ~/.ssh/id_rsa.pub | ssh root@<DROPLET_PUBLIC_IP> "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

, but I still got root@<DROPLET_PUBLIC_IP>: Permission denied (publickey).

It’s a problem of the droplet settings I suppose, as that is the one complaining about the permissions.

Have another answer? Share your knowledge.