In order to work with droplets on Digital Ocean you will need to set up an SSH key. The steps below largely follow How To Use SSH Keys with DigitalOcean Droplets.
On your local machine, run:
cd ~/.ssh/
ssh-keygen -t rsa -f digitalocean_rsa
Enter passphrase if you like, or skip with enter. The result is something like:
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in digitalocean_rsa.
Your public key has been saved in digitalocean_rsa.pub.
The key fingerprint is:
SHA256:bataVEApB4taYPOqoF7ajWNZ2L15JY2XGhGdMMG317s xyz@xyz-xyz.local
The key's randomart image is:
+---[RSA 2048]----+
| + .o+=+ . |
| . + ...o+.+ |
| + .o + . . |
| + + . . . |
|. o o . S * o .|
|o. . o o = * . |
|o .o + B .|
|. ++o + + E |
| o.o....o |
+----[SHA256]-----+
Display the generated key:
cat digitalocean_rsa.pub
The result is something like:
ssh-rsa
AAAAB3NzaC1yc2EWdRAwwIbRGaYwcI4TFc8MYJhne4i9XK9mhBPY1LyXbkCMoixT79N
rbaDfT2ThsiLooksVeryLoremIpsumyToMeDeNBKhckUacQBhGIQaFYwh3K2v7xd/p0
hcca7fYk2mGOH8fnaRLj1Sep5hpnefR31tTBjqMdWhxRav3zVTsdAnRxwG2qQElMTsB
I3r3NXwVid+SmhkGrQsuJLIZeByCheCKThisOutaWoRDJ5Hv8QjlsF/7vOeYNKVTWgR
oRNhmPOBesTtUtoR1Al3V3RABAQDYsK8Tr4qtvBACcpq18yf052Z7a7N5Dra7dH2Lbo
VUHRUwBdOsBhCGRuHABiCmQCsqTLilgUtab0f
Navigate to Digital Ocean's security settings page and add the SSH key. Give it an name of your choosing and click on Create SSH Key.
Navigate to Digital Ocean's droplets page and choose to create a new droplet.
Ubuntu 16.04 x64 droplet.Additional Options choose private networking.codefoundries-c01-001.Create the droplet.
The steps below largely follow Initial Server Setup with Ubuntu 16.04.
You can login to root by running:
ssh -i ~/.ssh/digitalocean_rsa root@xyz.xyz.xyz.xyz
on your local machine. From that point on you will be logged in to the remote server.
xyz.xyz.xyz.xyz is the IP address of the remote server.
During the first login you will be asked to confirm that you want to connect to this server. Confirm with yes.
The authenticity of host 'xyz.xyz.xyz.xyz (xyz.xyz.xyz.xyz)' can't be established.
ECDSA key fingerprint is SHA256:LR/wuY8iet9hpQE1Q/Cml5e0NGjrcUU2bM3kgYng6UI.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xyz.xyz.xyz.xyz' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.4.0-22-generic x86_64)
* Documentation: https://help.ubuntu.com/
35 packages can be updated.
5 updates are security updates.
Last login: Sun Jun 5 03:59:42 2016 from abc.abc.abc.abc
root@codefoundries-c01-001:~#
abc.abc.abc.abc should be the IP of your local machine.
During following logins you will not be asked that question:
Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.4.0-22-generic x86_64)
* Documentation: https://help.ubuntu.com/
35 packages can be updated.
5 updates are security updates.
Last login: Sun Jun 5 03:59:42 2016 from abc.abc.abc.abc
root@codefoundries-c01-001:~#
In order to update the packages run:
sudo apt-get update && sudo apt-get upgrade
It is recommended to use a user different from root to perform day-to-day tasks on the server. The root user has lots of privileges. Because of the inherent power coming with the use of the root user, it is possible to make very destructive changes by mistake.
In our example we will set a user called butler. To set up the user use the following command and press enter when asked for user name and password. Notice, it is very important to later disable password authentication.
On the remote server execute:
adduser butler
The result will be something like:
Adding user `butler' ...
Adding new group `butler' (1000) ...
Adding new user `butler' (1000) with group `butler' ...
The home directory `/home/butler' already exists. Not copying from `/etc/skel'.
Enter new UNIX password:
Retype new UNIX password:
No password supplied
Enter new UNIX password:
Retype new UNIX password:
No password supplied
Enter new UNIX password:
Retype new UNIX password:
No password supplied
passwd: Authentication token manipulation error
passwd: password unchanged
Try again? [y/N] N
Changing the user information for butler
Enter the new value, or press ENTER for the default
Full Name []: Butler
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
Add privileges to be able to execute sudo to the newly created user:
usermod -aG sudo butler
On your local machine, run:
cd ~/.ssh/
ssh-keygen -t rsa -f digitalocean_butler_rsa
Similar to the creation of our first SSH key you can leave the passphrase blank.
Once the key is created, display the key:
Display the generated key:
cat digitalocean_butler_rsa.pub
On the remote server, temporarily switch the user to the one you created:
su - butler
You will notice the prompt change:
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
butler@codefoundries-c01-001:~$
Create a new directory called .ssh and set the permissions:
mkdir ~/.ssh && chmod 700 ~/.ssh
Use the vi text editor, or another text editor of your choice, to edit the file authorized_keys. Insert the public key you created into the file:
vi ~/.ssh/authorized_keys
i
<press ctrl+V to paste the ssh key you copied>
<press ESC>
:wq
Restrict the permissions of the authorized_keys file:
chmod 600 ~/.ssh/authorized_keys
You are done and you can exit:
exit
As superuser edit /etc/ssh/sshd_config:
vi /etc/ssh/sshd_config
Make the following change:
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
On your local machine log in to the user account you created:
ssh -i ~/.ssh/digitalocean_butler_rsa butler@xyz.xyz.xyz.xyz
TODO Set up firewall