How to Recover Access After Lost SSH Keys (DigitalOcean)

Tutorials
2 min read

This guide will walk you through the process of restoring access to your Droplet if you no longer have your old SSH keys. This applies strictly to DigitalOcean and you must have access to your account.

If you had setup SSH-based login, chances are root user and password authentication are disabled.

Reset Root Password

Log into your DigitalOcean account. Select your Droplet > Access. From there, you will see Console Access and Reset root password.

Click on Reset root password. The new password will be sent to you via email.

Click on < Launch Console > under Console Access.

Type root on the login prompt and the password is the one you received via email.

You’ll be asked to enter this password one more time before you are allowed to change the password.

Choose something you’ll remember as this is temporary.

Enable Root and Password Authentication

You’ve gained access to your Droplet but any attempts to ssh into your server and you’ll receive Permission denied (publickey) error.

We need to modify 2 settings. Type the following :

nano /etc/ssh/sshd_config

# Change PermitRootLogin to Yes (if you don’t have any other users) and PasswordAuthentication to Yes

Press these keys simultaneously [CTRL][O] to write to the file and [CTRL][X] to Exit.

Restart the ssh daemon for changes to take effect.

systemctl restart ssh

Copy Existing SSH Key

Note: I’m using Ubuntu LTS 18.04

Do not ssh into your server. On your local machine, type the following command:

ssh-copy-id root@123.123.11.123

Note: Append correct username and server address.

You’ll be asked for the password.

You’ll receive an output such as 1 Key added.

Go ahead and ssh into your server with the following command:

ssh root@123.123.11.123

If the key was added successfully, no password will be necessary.

Delete Old Keys

If you no longer have access to the old ssh keys, it’s time to remove them.

Type the following command:

nano ~/.ssh/authorized_keys

The keys start with ssh-rsa and the last line will be the key you just added. You will need to figure out which are the old keys.

Press [CTRL][K] simultaneously to remove a particular line, making sure your cursor marks the start of your line.

Once all the old keys are removed, overwrite the file and exit.

Verify that you can ssh without a password before proceeding with the next step.

Disable Root Login and Password Authentication

nano /etc/ssh/sshd_config

# Change PermitRootLogin to No (If you have another user) and PasswordAuthentication to No.

Confirm and exit.

# Restart ssh daemon:

systemctl restart ssh

Exit out of your server and re-enter. You should be able to automatically ssh into your server.

If you try to ssh into your root account, you should get a permission denied error which is what we want.