Locked out of your Digital Ocean server?  Here's how to get back in.  This short article is for anyone that has lost access to the SSH key used to setup their Digital Ocean droplet.

This article will not help you, if you do not know the username and password used to setup your server.  In that case, you will have to instead reset your root password per the Digital Ocean docs.

Finally, we assume that you have some basic knowledge of Ubuntu, SSH keys, command line editors (if not, just google it).

Basic overview of the following steps:

  • Access the Digital Ocean online terminal
  • Update the SSH config file to allow username and password login
  • Setup new SSH key
  • Revert your SSH config file

Step 1: Access the Digital Ocean online terminal

Log into your Digital Ocean account, select your droplet, and click Access > Launch Console.

This will get you into your droplet through the online terminal.  

If you're brave enough, you can try to update your ssh key directly through this terminal, but the interface is a bit clunky and crashed on me. Hence, I recommend the next steps.

Step 2:  Allow username and password

Next, we'll update the droplet's config file to allow SSH by username and password. Note, the below will be a less secure setup, but we'll change it back afterward.

Using your favorite editor (nano below), open the file:

sudo nano /etc/ssh/sshd_config

We'll update this file to turn off PAM (Pluggable Authentication Modules).  Find this line and update to no:

UsePAM no

We'll also update this to allow password authentication:

PasswordAuthentication yes

Save and exit the file, and reload SSH on your droplet:

sudo systemctl restart ssh

Step 3: Setup your new SSH key

If you don't have one already on your local machine, set this up:

ssh-keygen -t rsa

Copy your key to the server, using your username and droplet IP address in place of the demo below:

ssh-copy-id username@droplet_IP

You should now be able to complete the above, and access your droplet with your original username and password.  Note, if you do not know your username and password, you will have to instead reset your root password per the Digital Ocean docs.

Step 4: Revert your SSH config file

Now that you are setup with SSH keys, you can reset your config file back to its original settings.  You can either use the Digital Ocean terminal, or SSH into your droplet ssh username@droplet_IP.

Using your favorite editor (nano below), open the file:

sudo nano /etc/ssh/sshd_config

Revert this file to turn PAM on:

UsePAM yes

Revert password authentication to off:

PasswordAuthentication no

Save and exit the file, and reload SSH on your droplet:

sudo systemctl restart ssh

Your droplet should now be good to go!