ssh-copy-id from old VPS (ec2) to new droplet gives Permission denied (publickey) error


I am trying to migrate my web application from my old vps (amazon EC2) to my new droplet, following this DO guide.

I am stuck at copying the SSH keys from the old VPS to the new one. I logged in as ‘ubuntu’ user to my EC2 instance (ubuntu 18.04 OS) and did ssh-keygen -t rsa -b 4096 -v. After trying to use the ssh-copy-id command the first time, I saw a Connection timed out error.

I then allowed traffic to port 22 on my droplet as explained in this DO comment by doing sudo ufw allow 22/tcp from the droplet.

However, I tried the ssh-copy-id command again but this time I got a Permission denied (publickey) error.

The exact command I run from the old VPS is (excluding my IP):


I also tried specifying a different user (as amazon EC2 comes with a “ubuntu” user while the droplet has “root”) but I got the same error.

ssh-copy-id root@DROPLET_PUBLIC_IP

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

I solved my problem by following the suggestions of @LindsayBSC with a slight change.

Here is what I did to solve the problem. If somebody could possibly explain why I had to do this I’d be thankful.

In the NEW droplet VPS

sudo nano /etc/ssh/sshd_config

Change UsePAM yes to UsePAM no and PasswordAuthentication no to PasswordAuthentication yes.

service ssh reload

In the OLD EC2 VPS

ssh-copy-id root@<DROPLET_PUBLIC_IP>

Check that you can connect to the NEW VPS from this (OLD) VPS:


In the NEW droplet VPS

Repeat all the steps inverting the changes to UsePAM and PasswordAuthentication and reloading ssh.

Hello @alexgeorgiev and thanks for the feedback. I tried with (excluding public IP)

cat ~/.ssh/ | ssh root@<DROPLET_PUBLIC_IP> "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

, but I still got root@<DROPLET_PUBLIC_IP>: Permission denied (publickey).

It’s a problem of the droplet settings I suppose, as that is the one complaining about the permissions.

Site Moderator
Site Moderator badge
August 6, 2019


You can follow this article:

The command you can use to copy the key to the new machine:

cat ~/.ssh/ | ssh demo@ "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >>  ~/.ssh/authorized_keys"

This should do the work for you! Let me know how it goes.


Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel