Question

ssh-copy-id from old VPS (ec2) to new droplet gives Permission denied (publickey) error

Hello,

I am trying to migrate my web application from my old vps (amazon EC2) to my new droplet, following this DO guide.

I am stuck at copying the SSH keys from the old VPS to the new one. I logged in as ‘ubuntu’ user to my EC2 instance (ubuntu 18.04 OS) and did ssh-keygen -t rsa -b 4096 -v. After trying to use the ssh-copy-id command the first time, I saw a Connection timed out error.

I then allowed traffic to port 22 on my droplet as explained in this DO comment by doing sudo ufw allow 22/tcp from the droplet.

However, I tried the ssh-copy-id command again but this time I got a Permission denied (publickey) error.

The exact command I run from the old VPS is (excluding my IP):

ssh-copy-id DROPLET_PUBLIC_IP

I also tried specifying a different user (as amazon EC2 comes with a “ubuntu” user while the droplet has “root”) but I got the same error.

ssh-copy-id root@DROPLET_PUBLIC_IP

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

I solved my problem by following the suggestions of @LindsayBSC with a slight change.

Here is what I did to solve the problem. If somebody could possibly explain why I had to do this I’d be thankful.

In the NEW droplet VPS

sudo nano /etc/ssh/sshd_config

Change UsePAM yes to UsePAM no and PasswordAuthentication no to PasswordAuthentication yes.

service ssh reload

In the OLD EC2 VPS

ssh-copy-id root@<DROPLET_PUBLIC_IP>

Check that you can connect to the NEW VPS from this (OLD) VPS:

ssh root@<DROPLET_PUBLIC_IP>

In the NEW droplet VPS

Repeat all the steps inverting the changes to UsePAM and PasswordAuthentication and reloading ssh.

Hello @alexgeorgiev and thanks for the feedback. I tried with (excluding public IP)

cat ~/.ssh/id_rsa.pub | ssh root@<DROPLET_PUBLIC_IP> "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

, but I still got root@<DROPLET_PUBLIC_IP>: Permission denied (publickey).

It’s a problem of the droplet settings I suppose, as that is the one complaining about the permissions.

alexdo
Site Moderator
Site Moderator badge
August 6, 2019

Hello,

You can follow this article:

https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2

The command you can use to copy the key to the new machine:

cat ~/.ssh/id_rsa.pub | ssh demo@198.51.100.0 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >>  ~/.ssh/authorized_keys"

This should do the work for you! Let me know how it goes.

Alex

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.