ssh-copy-id from old VPS (ec2) to new droplet gives Permission denied (publickey) error

Posted August 6, 2019 1.2k views
NetworkingInitial Server SetupUbuntu 18.04


I am trying to migrate my web application from my old vps (amazon EC2) to my new droplet, following this DO guide.

I am stuck at copying the SSH keys from the old VPS to the new one.
I logged in as ‘ubuntu’ user to my EC2 instance (ubuntu 18.04 OS) and did ssh-keygen -t rsa -b 4096 -v.
After trying to use the ssh-copy-id command the first time, I saw a Connection timed out error.

I then allowed traffic to port 22 on my droplet as explained in this DO comment by doing sudo ufw allow 22/tcp from the droplet.

However, I tried the ssh-copy-id command again but this time I got a Permission denied (publickey) error.

The exact command I run from the old VPS is (excluding my IP):


I also tried specifying a different user (as amazon EC2 comes with a “ubuntu” user while the droplet has “root”) but I got the same error.

ssh-copy-id root@DROPLET_PUBLIC_IP

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
3 answers

I solved my problem by following the suggestions of @LindsayBSC with a slight change.

Here is what I did to solve the problem. If somebody could possibly explain why I had to do this I’d be thankful.

In the NEW droplet VPS

sudo nano /etc/ssh/sshd_config

Change UsePAM yes to UsePAM no and PasswordAuthentication no to PasswordAuthentication yes.

service ssh reload

In the OLD EC2 VPS

ssh-copy-id root@<DROPLET_PUBLIC_IP>

Check that you can connect to the NEW VPS from this (OLD) VPS:


In the NEW droplet VPS

Repeat all the steps inverting the changes to UsePAM and PasswordAuthentication and reloading ssh.


You can follow this article:–2

The command you can use to copy the key to the new machine:

cat ~/.ssh/ | ssh demo@ "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >>  ~/.ssh/authorized_keys"

This should do the work for you! Let me know how it goes.


Hello @alexgeorgiev and thanks for the feedback. I tried with (excluding public IP)

cat ~/.ssh/ | ssh root@<DROPLET_PUBLIC_IP> "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

, but I still got root@<DROPLET_PUBLIC_IP>: Permission denied (publickey).

It’s a problem of the droplet settings I suppose, as that is the one complaining about the permissions.