DigitalOcean SSH Permission denied (publickey)

Hi everyone, currently trying to SSH into a Digital Ocean droplet and I’m getting this error "Permission denied (publickey). I’ve added the key to the SSH Keys section on DO, and I’ve ran “ssh-add” for the key but no dice so far.

Here are the steps I took to get here.

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa): digiocean
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in digiocean
Your public key has been saved in
The key fingerprint is:
SHA256:**** username@username

Afterwards I cat the public key and place it on DO’s ssh key section.
It proceeds to give me this error.

ssh root@ipaddress
root@ipaddress: Permission denied (publickey).

So I go back and check everything.

eval $(ssh-agent)

It is indeed running.

ssh-add ~/.ssh/digiocean


Identity added: /home/username/.ssh/digiocean (username@username)

I try again, same issue.

ssh root@ipaddress`

root@ipaddress: Permission denied (publickey).

I have also tried the following.

ssh -i ~/.ssh/digiocean root@ipaddress`

root@ipaddress: Permission denied (publickey).

[UPDATE] I am now getting this error.

ssh -i ~/.shh/digiocean root@ipaddress

Warning: Identity file /home/username/.shh/digiocean not accessible: No such file or directory.
root@1ipaddress: Permission denied (publickey).

Here is the output of file permissions

ls -la /home/username/.ssh/

total 36
drwx------ 2 username username 4096 Apr 13 06:57 .
drwx------ 59 username username 4096 Apr 13 07:18 …
-rw------- 1 username username 2610 Apr 13 06:52 digiocean
-rw-r–r-- 1 username username 577 Apr 13 06:52
-rw------- 1 username username 419 Feb 25 19:11 id_ed25519
-rw-r–r-- 1 username username 107 Feb 25 19:11
-rw------- 1 username username 4157 Apr 7 01:14 known_hosts
-rw-r–r-- 1 username username 2665 Apr 5 00:15 known_hosts.old

Any help would be greatly appreciated!

Typo. You have .shh instead of .ssh…

Did you properly copy the pubkey to OC (i assume they have some webinterface where you put it?) Maybe double-check.

Or try copying it manually: ssh-copy-id -i ~/.ssh/digiocean root@ipaddress

1 Like

Yeah I added the key through their web interface.

Ran your command below, got the following

ssh-copy-id -i ~/.ssh/digiocean root@ipaddress
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/home/username/.ssh/d”
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any
that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed – if you are prompted now it is to install the new keys
root@ipaddress: Permission denied (publickey).

sounds like you’re kind of locked out now.
Can you still get in via password authentication?

ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no root@ipaddress

I set the server up without one and required it to use ssh keys, well this sucks. I’ve had a similar issue with this in the past. Could it be possible there’s some root level accessibility issues with my ~/.ssh/ file?

Sorry, no clue how those droplets work.
So you say when you created the server / droplet, you had to put an ssh pubkey instead of providing a password? Can you still change the pubkey in the config somewhere?

Not sure what you mean by that. The permissions on the files look ok.

Yes there is, you can go to your security settings and add/remove ssh keys for droplets.

I’m going to remake it and try this again! Thanks for your help!

Apparently you can’t change it on an existing one machine.

I guess that’s your only option. Make sure they pubkey in your account is really matching the one on your machine, maybe some copy paste error happened before :man_shrugging:


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.