In order to work with droplets on Digital Ocean you will need to set up an SSH key. The steps below largely follow How To Use SSH Keys with DigitalOcean Droplets.
On your local machine, run:
cd ~/.ssh/ ssh-keygen -t rsa -f digitalocean_rsa
Enter passphrase if you like, or skip with enter. The result is something like:
Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in digitalocean_rsa. Your public key has been saved in digitalocean_rsa.pub. The key fingerprint is: SHA256:bataVEApB4taYPOqoF7ajWNZ2L15JY2XGhGdMMG317s firstname.lastname@example.org The key's randomart image is: +---[RSA 2048]----+ | + .o+=+ . | | . + ...o+.+ | | + .o + . . | | + + . . . | |. o o . S * o .| |o. . o o = * . | |o .o + B .| |. ++o + + E | | o.o....o | +----[SHA256]-----+
Display the generated key:
The result is something like:
ssh-rsa AAAAB3NzaC1yc2EWdRAwwIbRGaYwcI4TFc8MYJhne4i9XK9mhBPY1LyXbkCMoixT79N rbaDfT2ThsiLooksVeryLoremIpsumyToMeDeNBKhckUacQBhGIQaFYwh3K2v7xd/p0 hcca7fYk2mGOH8fnaRLj1Sep5hpnefR31tTBjqMdWhxRav3zVTsdAnRxwG2qQElMTsB I3r3NXwVid+SmhkGrQsuJLIZeByCheCKThisOutaWoRDJ5Hv8QjlsF/7vOeYNKVTWgR oRNhmPOBesTtUtoR1Al3V3RABAQDYsK8Tr4qtvBACcpq18yf052Z7a7N5Dra7dH2Lbo VUHRUwBdOsBhCGRuHABiCmQCsqTLilgUtab0f
Navigate to Digital Ocean's security settings page and add the SSH key. Give it an name of your choosing and click on
Create SSH Key.
Navigate to Digital Ocean's droplets page and choose to create a new droplet.
Ubuntu 16.04 x64droplet.
Create the droplet.
The steps below largely follow Initial Server Setup with Ubuntu 16.04.
You can login to root by running:
ssh -i ~/.ssh/digitalocean_rsa email@example.com
on your local machine. From that point on you will be logged in to the remote server.
xyz.xyz.xyz.xyz is the IP address of the remote server.
During the first login you will be asked to confirm that you want to connect to this server. Confirm with
The authenticity of host 'xyz.xyz.xyz.xyz (xyz.xyz.xyz.xyz)' can't be established. ECDSA key fingerprint is SHA256:LR/wuY8iet9hpQE1Q/Cml5e0NGjrcUU2bM3kgYng6UI. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'xyz.xyz.xyz.xyz' (ECDSA) to the list of known hosts. Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.4.0-22-generic x86_64) * Documentation: https://help.ubuntu.com/ 35 packages can be updated. 5 updates are security updates. Last login: Sun Jun 5 03:59:42 2016 from abc.abc.abc.abc root@codefoundries-c01-001:~#
abc.abc.abc.abc should be the IP of your local machine.
During following logins you will not be asked that question:
Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.4.0-22-generic x86_64) * Documentation: https://help.ubuntu.com/ 35 packages can be updated. 5 updates are security updates. Last login: Sun Jun 5 03:59:42 2016 from abc.abc.abc.abc root@codefoundries-c01-001:~#
In order to update the packages run:
sudo apt-get update && sudo apt-get upgrade
It is recommended to use a user different from
root to perform day-to-day tasks on the server. The
root user has lots of privileges. Because of the inherent power coming with the use of the
root user, it is possible to make very destructive changes by mistake.
In our example we will set a user called
butler. To set up the user use the following command and press enter when asked for user name and password. Notice, it is very important to later disable password authentication.
On the remote server execute:
The result will be something like:
Adding user `butler' ... Adding new group `butler' (1000) ... Adding new user `butler' (1000) with group `butler' ... The home directory `/home/butler' already exists. Not copying from `/etc/skel'. Enter new UNIX password: Retype new UNIX password: No password supplied Enter new UNIX password: Retype new UNIX password: No password supplied Enter new UNIX password: Retype new UNIX password: No password supplied passwd: Authentication token manipulation error passwd: password unchanged Try again? [y/N] N Changing the user information for butler Enter the new value, or press ENTER for the default Full Name : Butler Room Number : Work Phone : Home Phone : Other : Is the information correct? [Y/n] Y
Add privileges to be able to execute
sudo to the newly created user:
usermod -aG sudo butler
On your local machine, run:
cd ~/.ssh/ ssh-keygen -t rsa -f digitalocean_butler_rsa
Similar to the creation of our first SSH key you can leave the passphrase blank.
Once the key is created, display the key:
Display the generated key:
On the remote server, temporarily switch the user to the one you created:
su - butler
You will notice the prompt change:
To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details. butler@codefoundries-c01-001:~$
Create a new directory called .ssh and set the permissions:
mkdir ~/.ssh && chmod 700 ~/.ssh
Use the vi text editor, or another text editor of your choice, to edit the file
authorized_keys. Insert the public key you created into the file:
vi ~/.ssh/authorized_keys i <press ctrl+V to paste the ssh key you copied> <press ESC> :wq
Restrict the permissions of the
chmod 600 ~/.ssh/authorized_keys
You are done and you can exit:
As superuser edit
Make the following change:
# Change to no to disable tunnelled clear text passwords PasswordAuthentication no
On your local machine log in to the user account you created:
ssh -i ~/.ssh/digitalocean_butler_rsa firstname.lastname@example.org
TODO Set up firewall