Manually Copy SSH-key to server

September 05, 2020

Tags: ssh, digital ocean

I was recently in the situation where I needed to add an ssh-key to a Digital Ocean droplet. This happened because I had created the droplet without supplying the ssh-keys argument to the doctl command. It would be easier to simply recreate the droplet, but I had already updated the DNS records, and didn’t want to wait for them to propagate again.

$ doctl compute droplet create <name> \
    --region <region-slug> \
    --image <image-slug> \
    --size <size-slug> \
    --ssh-keys <ssh-key-fingerprint>

Also simply for posterity’s sake, this is what I needed to do to create an ssh key-pair, transfer the public key to the droplet and activate it in the Linux environment.

On the local machine, if none exists generate a key-pair:

$ ssh-keygen

Follow the instructions.

Once the key-pair has been generated, two files will appear in the ~/.ssh-directory. Transfer the public key to the droplet:

$ scp ~/.ssh/ root@$DROPLETIP:~

Notice the :~ at the end there. We need to specify where on the server we want to put the file. This tells scp to throw it in the home directory.

Now that the public key has been transferred, login to the droplet:

$ ssh root@$DROPLETIP

Move the file into the .ssh directory and rename it to authorized_keys.

$ mv .ssh/authorized_keys

According to what I have read, ssh can be a bit picky about permissions, so we are supposed to lock down the file like this:

$ chmod 644 .ssh/authorized_keys

And likewise for the .ssh directory:

$ ls -la .ssh

Lock down the directory:

$ chmod 755 .ssh/