If you've lost your private SSH key, you can create a new SSH key, regain temporary access to your server via a passphrase, and authorise the new key on the server.
First, create a new SSH key and obtain its public key using 'Step 2 - Create an SSH key' of the original admin setup article.
Next, if you don't already have one, sign up for a free account at Github. Then, visit gist.github.com, paste your new public key in a new gist and click 'Create secret gist'.
Leave this tab open for now, then log into your DigitalOcean control panel, click on the 'Access' panel, then click 'Reset Root Password'. A root password will be emailed to you.
Copy the root password to your clipboard, then click on the 'Launch Console' button within the DigitalOcean panel above.
This web-based console may be sluggish, so have patience when typing. For the 'login', type root and hit enter.
When prompted for the password, right-click in the window and click paste. (Nothing will show as password fields are shown as blank.)
You'll be asked to enter this same password again as your 'current UNIX password':
Then it will prompt you to define a new root password. This password should be as random as possible and is temporary, as we'll be switching back to SSH key-based access instead.
Once that's entered and you're at the command prompt, switch back to the Gist tab you had open from before, then click on 'Raw':
Next, copy the resulting link from your browser's URL-bar:
With this now in your clipboard, turn back to the DigitalOcean console. Begin typing the following, but do not hit Enter:
curl -#Lo ~/.ssh/authorized_keys
Instead, put a space at the end, then right-click and click paste, to input the URL that you copied from the gist, then hit Enter:
If you see '100%', your new SSH key is added to the server and can now access it via the standard means of your Mac or Linux terminal or through PuTTY on Windows.
⚠️ IMPORTANT: For security reasons, we must now disable the password-based option, and thus allowing only your SSH key.
Log in to your server using your Mac or Linux terminal or PuTTY on Windows. Then run the following command:
sed -i -e 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config && systemctl restart ssh
After running in your server, it will go to the next line without output.
Your server will now permit only your new SSH key, and not previous SSH keys or passwords.
Comments
0 comments
Article is closed for comments.