SSH: How to login to DO with public key?

Posted January 6, 2022 127 views

I have a public key set up in DO. I can login using a password using root and a specific user. I have configured the SSH config, and did a restart

permitRootLogin Yes

PasswordAuthentication No

PubKeyAuthentication Yes

I will then get “ Permission denied (publickey).” on both root and a specific user.

The only way I can get back into my droplet is through the recovery console.

What am I doing wrong ??

Many thanks !

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hi there @vincej,

In order to log in using an SSH key, you need to use an SSH client like Putty for example.

Here are the steps on how to do that:

If you have a Mac or a Linux laptop, you could use the built-in terminals and follow the steps here:

The web console in your DigitalOcean control panel provides you with direct access to the Droplet which does not go over SSH.


  • Thanks for that. However, I have a key. I don’t need a key. My issue is that I can only access my droplet with a password, not using the public key.

    • Hi there,

      What is the SSH client that you are using? You need to add your private key to your SSH client in order for your SSH client to be able to use the key authentication.


      • HI again,

        I am using Windows 11. I have an ssh-rsa private and public key in Users/.ssh

        I can upload my key into my droplet, and I can access my droplet with the ssh username@ip_address but no matter how I configure the ssh config, it only lets me in with a pw. Indeed, if I turn off the pw access I will get locked out, and I then have to gain access through the control panel.

        I have read check with posts on DO, SO, and Ubuntu.

        • Hello,

          In this case it is quite possible that the SSH client on your Windows 11 is not looking at the correct key.

          What you could do is load a specific identity with:

          ssh-add /path/to/Users/.ssh/id_rsa

          Note: make sure to change the /path/to/Users/.ssh/id_rsa so that it matches the path to your private key.

          You can verify the path with the ls -l command to make sure that you are able to see the private key in there.

          Let me know how it goes.