• July 11, 2018

Recovering opc user SSH Key on Oracle Cloud Infrastructure

Gilson Melo
Senior Principal Product Manager

Imagine a situation in which you are trying to connect into your Oracle Cloud Infrastructure instance but either you forgot which key you used or, for some unknown reason, your opc user SSH key got corrupted or deleted. It might be scary at first, but the process to recover an opc user SSH key on Oracle Cloud Infrastructure is easier than you think.

So if you get a "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)" error when trying to connect via SSH, follow this process to recover your key.

You can also use Oracle Cloud Infrastructure Serial Console maintenance mode boot option as an alternative method to recover opc ssh key. See "Troubleshooting Instances from Instance Console Connectionspublic documentation section for more details.


  1. Stop the instance that you can't log in to. 
  2. Detach the boot volume.
  3. Attach the boot volume to a running Linux instance.
  4. Run the iSCSI commands to attach the device and make it visible to the local operating system.
  5. Fix the authorized_keys file.
  6. Unmount the device and detach it by running the iSCSI commands.
  7. Attach the boot volume to the original instance and start it.


  1. Stop the instance that you can’t connect to. In the Oracle Cloud Infrastructure Console, go to the details page for the instance and click Stop. More details in "the public documentation".

  2. Detach the boot volume. In the Boot Volume section, click the Actions icon and choose Detach. See "Detaching a Boot Volume" for additional details if needed.

  3. Attach the boot volume to another Linux instance by going to the details page of a different VM, clicking Attach Block Volume, and then selecting the boot volume that you just detached in the previous step. Be sure to select Read/Write access. For additional details see "Attaching a Boot Volume" option available in the public documentation portal.

  4. After the boot volume attachment is completed (the BV icon is green), connect through SSH in the running VM and run the iSCSI commands to make that new disk available and visible by the OS.

    Your boot-volume should appear as /dev/sdb.

  5. Make /dev/sdb3, which is the root (/) partition where you can recover the opc SSH key file, available to the local operating system using "mount" command. Be sure to use the -o nouuid option; otherwise, you will see the "mount: wrong fs type, bad option, bad superblock on /dev/sdb3" error message.
    $  sudo mount -o nouuid /dev/sdb3 /mnt
  6. Fix the opc SSH key by editing the /mnt/home/opc/.ssh/authorized_keys file and adding your SSH key public file.
    $  sudo vi /mnt/home/opc/.ssh/authorized_keys 

    After you add or change the SSH public key you need to use, save and exit it.

  7. Run umount /mnt.
    $  sudo umount /mnt
  8. Detach the iSCSI boot volume by running the detach iSCSI commands.

  9. Ensure that the /dev/sdb disk is no longer available or visible through the SSH connection, and then detach it.

  10. Reattach the boot volume to the instance where you wanted to recover the SSH key, wait for it to become operational (green icon) and start it.

That's it. You recovered your opc user SSH key and you can now log back in to the instance. You can also use this process for troubleshooting the root (/) partition.

Join the discussion

Comments ( 2 )
  • Muhammad Suhail Wednesday, July 11, 2018
    Gilson - thank you for sharing it. Indeed very helpful.

  • Cetin Ardal Tuesday, June 4, 2019

    There is also a third option : faster and with less downtime, but some instance metadata changes.

    You can clone the running instance's boot volume, (or restore it from a previous OCI boot volume backup), and provision a new instance with this new boot volume.

    Cloud provisioning will give you option to specify a new public key for OPC user during the creation wizard.

    This value will be appended to .ssh/authorized_keys.
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.