ssh-copy-id not working Permission denied (publickey).

February 6, 2017 24.4k views
DigitalOcean Ubuntu 16.04

Each time I attempt to set up my new Droplet I get stuck right here. ssh-copy-id doesn't work and so I can't get my new user login to work. I've tried some fixes and just gotten more in the weeds. It seems I'm not the only one with this problem but there are different fixes so I'm just going to copy what I'm getting here. I've also tried to copy the key manually like it's mentioned in this tutorial but still no dice... Please help!

ssh-copy-id USERNAME@IP-ADDRESS
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/USERNAME/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Permission denied (publickey).

Thanks for any help!

6 comments
6 Answers

I had trouble using ssh-copy-id for a secondary (non-root) user. ssh-copy-id uses the user's password to connect to the host. New droplets seem to have a setting that prohibits this. I'm not an expert so don't take my word for it.

I fixed it like this:

Log in as root
Edit ssh config:
sudo nano /etc/ssh/sshd_config
Change this line:
PasswordAuthentication no
to
PasswordAuthentication yes
Restart daemon:
sudo systemctl restart sshd

Do ssh-copy-id:
ssh-copy-id someuser@<my-ip>

Revert changes to ssh_config if you are security conscious and restart daemon.

Is this issue fixed? Even am facing the same issue since a week. Unable to do ssh-copy-id for the new user created

I am facing the same issue and the solution provided above did not solve my problem...If anyone has fixed this issue with some other approach kindly help...

I had the same issue.

I resolved it when I realized that I was still using root when doing the ssh-copy-id for another user.

For example, I was setting this up for an EC2 instance.
My bash prompt was [root@ip-xxx-xx-x-xxx ~] and I was attempting:
ssh-copy-id -i ~/.ssh/id_rsa ec2-user@subdom.domain.com
Permission denied (publickey).

OOPS! That was the mistake. I was trying to copy the root key for the ec2-user. Doh!

Solution was to exit from root elevation, confirm that I had a key defined for ec2-user, then I did the ssh-copy-id command again. This time it was successful! Yippee!

Test the key...
ssh 'ec2-user@subdom.domain.com'
Tada! Success at last.

Oh, and another thing....
If you're trying to establish root credentials into another server, then you're violating a best practice. There is a valid security reason to not have root keys enabled. As it stands, a hacker would need to compromise the lower level access, then elevate privileges and bypass another layer of security.

That's why the config change above would work if you were trying to establish root access from another server. Basically, you would have to violate your security policy to copy the key. Creating a bypass is not recommended.

Have another answer? Share your knowledge.