ssh-copy-id not working Permission denied (publickey).

Posted February 6, 2017 160k views
DigitalOceanUbuntu 16.04

Each time I attempt to set up my new Droplet I get stuck right here. ssh-copy-id doesn’t work and so I can’t get my new user login to work. I’ve tried some fixes and just gotten more in the weeds. It seems I’m not the only one with this problem but there are different fixes so I’m just going to copy what I’m getting here. I’ve also tried to copy the key manually like it’s mentioned in this tutorial but still no dice… Please help!

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/Users/USERNAME/.ssh/”
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed – if you are prompted now it is to install the new keys
Permission denied (publickey).

Thanks for any help!


These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
10 answers

I had trouble using ssh-copy-id for a secondary (non-root) user. ssh-copy-id uses the user’s password to connect to the host. New droplets seem to have a setting that prohibits this. I’m not an expert so don’t take my word for it.

I fixed it like this:

Log in as root
Edit ssh config:
sudo nano /etc/ssh/sshd_config
Change this line:
PasswordAuthentication no
PasswordAuthentication yes
Restart daemon:
sudo systemctl restart sshd

Do ssh-copy-id:
ssh-copy-id someuser@<my-ip>

Revert changes to ssh_config if you are security conscious and restart daemon.

I gotta say I am disappointed in most of you turning on Password Authentication is a MISTAKE DONT DO IT!

Do this instead just create your user using root then sign in as the NON ROOT user using the su userhere command. Once your signed in change directory to your default directory with the command:


Then make a .ssh directory

mkdir .ssh

change to the .ssh directory

cd .ssh

Then make the file authorized_keys

nano authorized_keys

Now simply copy and past the contents of your public key to this file and save it with ctrl+w

restart ssh

sudo systemctl restart sshd

Now you can shh to your droplet with the new user

Just tested this on Ubuntu 16.04 works like a charm!

Not hard at all and you dont compromise your security! Hope I helped someone!

OH and before you forget best turn off ssh access to root to do so:

First confirm you can ssh using your new user. Then edit the /etc/ssh/sshd_config with whatever text editor you prefer and change the line PermitTootLogin yes to NO well actually just no.

sudo systemctl restart sshd

test ssh with root should fail

  • I know almost nothing about security and ssh but that seemed highly dubious. Glad I kept reading…

  • I respectfully disagree. Turning on password access for 1 minute to perform the ssh-copy-id is infinitely easier, faster and less error prone (therefor more secure). Of course you don’t leave it on!

  • Thank you, spot on solution! I can’t believe some people are actually turning on Password Authentication.

    This is to affirm that the above solution works on Ubuntu 20.04, and just for the record if you’re seeing this after 100 years, Coronavirus is real and we are fighting it now.

  • In case you’re not getting this right, please make sure you’re logged in as the root user. This gives you permission to write in any file (e.g. authorized_keys).

    If you’re logged in as a non-root user or a user without permission to write, you will keep getting the permission error thing.

    Happy Coding

I had the same issue.

I resolved it when I realized that I was still using root when doing the ssh-copy-id for another user.

For example, I was setting this up for an EC2 instance.
My bash prompt was [root@ip-xxx-xx-x-xxx ~] and I was attempting:
ssh-copy-id -i ~/.ssh/id_rsa
Permission denied (publickey).

OOPS! That was the mistake. I was trying to copy the root key for the ec2-user. Doh!

Solution was to exit from root elevation, confirm that I had a key defined for ec2-user, then I did the ssh-copy-id command again. This time it was successful! Yippee!

Test the key…
ssh ’
Tada! Success at last.

If wanna entry from starting point like no access at all to the server.

You can use access console from Droplet -> Access -> Launch Console.

Login: root
Password: Supposed to be emailed, or just use reset password and get new one.

Once you enter there follow up @mjmare method.

Log in as root
Edit ssh config:
sudo nano /etc/ssh/sshd_config
Change this line:
PasswordAuthentication no
PasswordAuthentication yes
Restart daemon:
sudo systemctl restart sshd

Do ssh-copy-id:
ssh-copy-id someuser@<my-ip>

For all the people that enabled PasswordAuthentication yes and it did not work.

Try to change ChallengeResponseAuthentication to yes and then ssh-copy-id user@host command.

Don’t forget to change the ChallengeResponseAuthentication to no after the public key is copied.

Is this issue fixed? Even am facing the same issue since a week. Unable to do ssh-copy-id for the new user created

I am facing the same issue and the solution provided above did not solve my problem…If anyone has fixed this issue with some other approach kindly help…

Oh, and another thing....
If you’re trying to establish root credentials into another server, then you’re violating a best practice. There is a valid security reason to not have root keys enabled. As it stands, a hacker would need to compromise the lower level access, then elevate privileges and bypass another layer of security.

That’s why the config change above would work if you were trying to establish root access from another server. Basically, you would have to violate your security policy to copy the key. Creating a bypass is not recommended.

It’s 2020 and I still ended up here. The problem still persists until now. The only bullet proof method that I use is.

  1. Create the droplet with password authentication (I know… you will complain… but read on)
  2. Open console, login as root and add a new user with password and added to ‘sudo’.
  3. Change to new user (su - newuser) and create the ~/.ssh
  4. Exit console. Exit root.
  5. From your local machine, copy the public id as same above.
  6. Check if you can login using the new id.
  7. If 6. Disable PasswordAuthentication.
  8. Restart sshd service.

(Make sure to double check you can login using the public key. Otherwise, you will be locked out.)

Hope this helps.

P.S. Don’t forget to disable password authentication. (so others will sh*t *p)

Cheers :)