Question

(Bug) Create droplet with SSH then disable SSH for root

Posted December 28, 2015 3k views
UbuntuSecurity

I found a bug when I followed the first steps to creating a securing the server.

The problem :

You don’t know the password for root when creating a droplet with an ssh key

Reproduce the problem :

  1. Create a droplet with an ssh key
  2. Connect to server with ssh key
  3. Create a new user and add ssh connection
  4. Disable ssh for root (security measure)
  5. Try to do sudo with the new user

You’re asked to enter a password for root but DigitalOcean didn’t send the password by email because I created the droplet with an ssh key.

4 comments

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hey there,

That’s not really a bug: it works this way across pretty much every Linux distribution. “sudo” asks for the current user’s password (if a password at all), not the root password. “su” is what asks for the root password.

Generally, what we recommend is setting a password for the new user when you create the root user, but keeping passwords disabled over SSH. This way, you have a password you can use when sudo-ing and logging in through our VNC Console, but SSH remains secure. That’s how I set up most of my droplets, and it works quite nicely.

I hope that helps! :)

Best,
Eris
Platform Support Specialist

Submit an Answer