Setting up SSH on DigitalOcean’s droplets

Created: Fri Aug 24 20:40:51 CEST 2018

Last mod­i­fied: Thu Apr 18 21:15:56 CEST 2019


DigitalOcean droplets sup­port pre­con­fig­u­ra­tion of SSH keys. The only is­sue is they are au­to­mat­i­cally added to the root user. I want ac­cess to a more re­stricted ac­count.

This tu­to­r­ial is a sum­mary of how I set up my servers re­gard­ing this.

First of all, gen­er­ate a new ssh key with ssh-keygen and copy-paste the pub­lic key to your DigitalOcean ac­count.

I as­sume your ssh pub­lic key is re­motely stored in ~/.ssh.

ssh root@ADDR

Depending on wether you chose Debian or Fedora, there ex­ist an­other user on you server, be­side root, which is named de­bian (or fe­dora). But you can’t use it di­rectly for now, be­cause your ssh key has been setup for the root ac­count.

The sim­ple way to change that:

cp -r ~/.ssh /home/debian/
chown -R debian:debian \
  /home/debian/.ssh

You can now lo­gin via ssh(1) us­ing the de­bian (or fe­dora) ac­count.

And you should. Exit your cur­rent ssh ses­sion and log in as de­bian.

Bonus

Edit /etc/ssh/sshd_config as root.

# PermitRootLogin yes
PermitRootLogin no

Run service sshd restart and its done.

source code