DEV Community

DigitalOcean Permission denied (publickey)

Sailesh Choyal on July 11, 2020

Trying to access your DigitalOcean droplet and can't get beyond Permission denied (publickey) ? This could be due to multiple reasons, having th...

Read full post

André Pena • Mar 1 '21

This article was very useful, but to help people coming from Google, this error (Permission denied (publickey)) also happens if your identity is not set correctly.

When you do ssh_keygen it will generate a new SSH key, which the default name is id_rsa. If your computer happens to have another key already, with another name, your identity might be set to that key.

You should edit ~/.ssh/config, and make sure IdentityFile is set to the correct private key

Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_rsa

Lauriano Elmiro Duarte • Aug 6 '23 • Edited

I lost my access to DigitalOcean,
this tip of yours was my salvation, change the file name to id_rsa

Thanks

Angelo Moroni • Mar 15 '21

I solved using this solutions

Tyler Butler • Apr 15 '21 • Edited

Thanks for the quick solution! If your on a mac you wanna make this edit here /private/etc/ssh/ssh_config

Jason Fukura • Feb 6 '21

i literally created an account just to say thank you.

Kevin Yancy • Feb 27 '21

Like other commenters, I also created an account just to say Thanks. Somehow I lost the ability to remote ssh into my droplet and your post gave me the fix I desperately needed in a clear and concise manner. Thank you again!

shin • May 30 '21 • Edited

Thanks for sharing this.
I usually change this:

PermitRootLogin no

I needed one more step.
Once you ssh to your server as a root, I need to copy my root ssh to /home/your-username/.ssh:
Run the following:

rsync --archive --chown=your-username:your-username ~/.ssh /home/your-username

Now you can ssh using your name.

Sharadhi N • Jun 8 '22

amazing! after sifting through 100s of pages talking about either solutions I already know or irrelevant ones, THIS IS THE ONLY THING THAT WORKED FOR ME.
DigitalOcean should include this in their docs. Thanks mate!

Ali Akman • Feb 10

Recovering SSH Access on DigitalOcean (Clean Method)

I solved this using a cleaner method.

First, save the SSH key(s) you want to add into a file named ssh.txt. Upload this file to a location you can access publicly (for example: https://abc.com/ssh.txt).

Then go to DigitalOcean → Recovery.

Select Power > Turn Off, then click Boot from Recovery ISO.

After that, turn the server back on with Power > Power On and open the Recovery Console.

Steps

From the options 1 to 7, press 1 and make sure the disk name /dev/vda1 is highlighted in green.
Press 5 for “Attempt to chroot”.
In the command line, run:

cd ~/.ssh

Back up the existing file:

cp authorized_keys authorized_keys.backup

Download your SSH key file:

wget -O ssh.txt https://abc.com/ssh.txt

Append the SSH keys to authorized_keys:

cat ssh.txt >> authorized_keys

Edit the SSH configuration:

nano /etc/ssh/sshd_config

Update the settings as follows:

PasswordAuthentication no     # Disable password authentication (temporarily)
PubkeyAuthentication yes     # Enable SSH key authentication
PermitRootLogin yes          # Enable root login

Restart the SSH service:
systemctl restart sshd
Verify the service status:
service ssh status

Close the console window.

Then select Power > Turn Off, switch to Boot from Hard Drive, and click Power > Power On.

Local SSH Configuration

On your local machine, make sure the key defined in ~/.ssh/config under IdentityFile matches the same SSH key:

Host tomserver
    Hostname 198.*.*.*
    User     tom
    Port     22777
    IdentityFile ~/.ssh/tom

Test Connection

To test the connection, open your local terminal and run:

ssh tomserver

That’s all.
Good luck!

WatcherMagic • Apr 18 '22

Had an issue with this at step 4, where the console still asked my user account for a password (not the root.) This means when I switched password authentication back to "no" I got the publickey error and was back to step 1. Solved it by: