aloucas
aloucas
Devops

How to connect to your DigitalOcean Droplets with SSH for the first time

In this minipost you will be guided on how to connect to your DigitalOcean Droplet with SSH for the first time, how to change the droplet’s root password with a strong password and how to add your Public SSH key to the droplet to avoid password prompt on every SSH session.

This minipost assumes that you have already a DigitalOcean account and you have already created your first Droplet. If you have not done this so far, feel free to jump to How to create an Ubuntu droplet and create your first ubuntu-testground Droplet.

Upon the creation of the DigitalOcean droplet and when you do not specify any SSH keys to Digital Ocean Control Panel, you will receive an email containing all the important information required for accessing your Droplet, for the first time. An example of such an email is the following:

Your new Droplet is all set to go! You can access it using the following credentials:

Droplet Name: ubuntu-testground
IP Address: 138.68.91.226
Username: root
Password: 4649ec683421d35b724120a073

[For security reasons… ]

For security reasons you are required to change Droplet’s root password on your first login to the droplet asap. In order to do that,  in your ubuntu development machine, open the terminal and paste the following:

$ ssh [email protected]

The droplet will respond with the following prompting you to change the root password:

The authenticity of host '138.68.91.226 (138.68.91.226)' can't be established.
ECDSA key fingerprint is SHA256:xXXXxxXXXXXXxxxxxXXXXXXxXXXxxXXXXXXXXXxxxxx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '138.68.91.226' (ECDSA) to the list of known hosts.
[email protected]'s password:

Copy & paste the password that was send with the email you received from DigitalOcean and press enter. The droplet will now respond with the following:

[email protected]'s password: 
You are required to change your password immediately (root enforced)
Welcome to Ubuntu 18.10 (GNU/Linux 4.18.0-10-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Fri Jan 25 12:53:48 UTC 2019

  System load:  0.0               Processes:           84
  Usage of /:   4.5% of 24.06GB   Users logged in:     0
  Memory usage: 12%               IP address for ens3: 138.68.91.226
  Swap usage:   0%

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.



The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

Changing password for root.

At this point, before you enter a password of your choice it is very important to use a strong password. To achieve that, navigate to LastPass (afiliate link) and sign up for an account and download the LastPass plugin for Chrome. Login to your account with the Chrome plugin and navigate to Generate strong password. The following screenshot contains a good configuration for a strong Droplet password:

Use the password from DigitalOcean email and the LastPass generated password to change the Droplets password and secure it to your LastPass Vault.

Changing password for root.
(current) UNIX password: 
Enter new UNIX password: 
Retype new UNIX password: 
root@ubuntu-testground:~#

You are not logged in to the Droplet with your new strong password. Type exit to logout from the SSH connection with your droplet.

root@ubuntu-testground:~# exit
logout
Connection to 138.68.91.226 closed.

Your newly created Droplet has now an updated and more secure password that is required in the next SSH session.

Copy the Public Key of your development machine to DigitalOcean Droplet

The next time you will try to access your Droplet via SSH, the system will respond with a password prompt. Having a very strong password is hard to memorize and use it all the time. Therefore, you can use the public key of your development machine to get authenticated with SSH to your newly created droplet. Open your ubuntu terminal and type:

$ ssh-copy-id [email protected]

The server will respond with:

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password:

Enter your droplet’s password and press enter. You will get the following response:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

Your development machine public key is now added and you will have root access to the droplet the next time you will attempt to connect. To verify that just try:

$ ssh [email protected]

Welcome to Ubuntu 18.10 (GNU/Linux 4.18.0-10-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Fri Jan 25 13:19:11 UTC 2019

  System load:  0.0               Processes:           84
  Usage of /:   4.5% of 24.06GB   Users logged in:     0
  Memory usage: 13%               IP address for ens3: 138.68.91.226
  Swap usage:   0%

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.


Last login: Fri Jan 25 12:53:50 2019 from 2.84.175.234
root@ubuntu-testground:~#

There was no password prompt this time. You now have root access to the machine without a password prompt. However, for production deployment you need to create a deploy user and avoid using the root. Finally, in order to avoid completely the described process above you could set up your Public keys to your DigitalOcean Control Panel and gain SSH root access to the droplet upon creation.

 

Additional information:

Buy Me A Coffee

Read also the following