Question

Switching from password to SSH key

Posted on June 6, 2024
English
Asked by 4dd759e23d2c47eea8ca35430f6d07

If I selected the password option when creating my droplet, is it possible to change it to SSH? Thanks

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

alexdo

Site Moderator

• June 7, 2024

Heya,

Yes, as mentioned this is totally doable. On top of what’s already been mentioned I’ll include this article on how to add ssh-keys to existing droplets which you can use to add your key to the droplet.

https://docs.digitalocean.com/products/droplets/how-to/add-ssh-keys/

Hope that this helps!

KFSys

Site Moderator

• June 7, 2024

Heya,

Yes, you can do that and it’s even a more reliable method to keep your Droplet safe, so it’s a good choice to change it up!

What you’ll need to do is deploy your ssh public key to your Droplet and enable PubkeyAuthentication in your sshd config.

So, let’s begin

Once inside the Droplet, open the file /root/.ssh/authorized_keys and paste your public key there. If there isn’t a .ssh directory in your /root folder, you can create the structure like so:

mkdir -p ~/.ssh
echo "your_copied_public_key" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh

Once that is done, open your sshd config:

nano /etc/ssh/sshd_config

Inside you’ll need to find the line PubkeyAuthentication and uncomment it or you can just add it as a new line

PubkeyAuthentication Yes

Also, if you want to stop PasswordAuthentication, find the line and set it to No

PasswordAuthentication no

Once that is done, save the file, exit it and restart your SSHD service

service sshd restart

That’s it. You can now use your SSH key to enter your Droplet.

Bobby Iliev

Site Moderator

• June 6, 2024

Hey there!

Absolutely, you can switch from password authentication to SSH key authentication on your DigitalOcean Droplet. Here’s how you do it:

If you haven’t already, you need to generate an SSH key pair. Open your terminal and use the following command:
```
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
```
Follow the prompts to save the key and add a passphrase if desired.
Your public key will be saved in ~/.ssh/id_rsa.pub by default. Use this command to copy it:
```
cat ~/.ssh/id_rsa.pub
```
Copy the output to your clipboard.
Log in to your Droplet using the password you set up:
```
ssh root@your_droplet_ip
```

Once logged in, create a .ssh directory and an authorized_keys file if they don’t exist:

mkdir -p ~/.ssh
echo "your_copied_public_key" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh

Open the SSH configuration file:

nano /etc/ssh/sshd_config

Make sure the following lines are set:

PubkeyAuthentication yes
PasswordAuthentication no

To apply the changes, restart the SSH service:
```
systemctl restart sshd
```
Open a new terminal window and try logging in again with your SSH key:
```
ssh root@your_droplet_ip
```