Share

Question

I asked for help on this on the most similar question in the forum, but no luck yet....

I want to SSH into my droplet using the domain name that I have set up instead of the the IP address of the droplet.

I don’t have a complicated set up - just LAMP Ubuntu 14.04, but I do have CloudFlare set up managing the name servers for the domain.

If anyone can tell me if this is possible and the steps required to get it working, I’d be very grateful :)

Answer 1

IcyApril June 15, 2016

From a security perspective having subdomains that route around CloudFlare is a really bad idea.

You’re far better off setting an SSH config file that allows you to connect to a given host using a custom alias whilst also being able to add additional configuration.

Reply

beardyjaws June 16, 2016

Hi, thanks for your reply - it did occur to me that routing around CloudFlare defeats the point somewhat…

You’ll have to forgive me because I am total newbie with this, other than the most basic SSH stuff. I read the post you kindly provided on setting up an SSH config file but I am not sure how I would use it to solve my problem.

To go into the problem a little further and explain why I would like to SSH with the domain instead of the IP - I want to be able to set up a file manager (Cyberduck in my case) so that I can get the URLs of documents on my site with the domain appended, rather than the IP address.

Perhaps you could provide an example of how to set up an SSH config file to enable the domain to be resolved?

Thanks very much for your insight so far :)
- gparent June 18, 2016
  
  Routing around CloudFlare doesn’t defeat the point at all. If you start distributing that domain name around then yes an attacker could use it, but as evidenced by the documentation linked above, it’s perfectly fine (and even encouraged) to set up hostnames for your machines that you want to contact directly.
  
  It’s not possible to have an SSH config that allows the domain to be resolve without making the domain resolve. Such a config would hard code IP addresses in it and is more error-prone and difficult to maintain.

Answer 2

beardyjaws June 16, 2016

Hi, thanks for your reply - it did occur to me that routing around CloudFlare defeats the point somewhat…

You’ll have to forgive me because I am total newbie with this, other than the most basic SSH stuff. I read the post you kindly provided on setting up an SSH config file but I am not sure how I would use it to solve my problem.

To go into the problem a little further and explain why I would like to SSH with the domain instead of the IP - I want to be able to set up a file manager (Cyberduck in my case) so that I can get the URLs of documents on my site with the domain appended, rather than the IP address.

Perhaps you could provide an example of how to set up an SSH config file to enable the domain to be resolved?

Thanks very much for your insight so far :)
- gparent June 18, 2016
  
  Routing around CloudFlare doesn’t defeat the point at all. If you start distributing that domain name around then yes an attacker could use it, but as evidenced by the documentation linked above, it’s perfectly fine (and even encouraged) to set up hostnames for your machines that you want to contact directly.
  
  It’s not possible to have an SSH config that allows the domain to be resolve without making the domain resolve. Such a config would hard code IP addresses in it and is more error-prone and difficult to maintain.

Answer 3

Ian2015 June 15, 2016

you would have to add www.yourdomain.com in /etc/hosts of the server(or client) you use ssh from.

Reply

beardyjaws June 15, 2016

Thanks for your reply! I just had a look in etc/hosts, and found this message:

“Your system has configured ‘manageetchosts’ as True.
As a result, if you wish for changes to this file to persist
then you will need to either
a.) make changes to the master file in /etc/cloud/templates/hosts.tmpl
b.) change or remove the value of 'manageetchosts’ in
/etc/cloud/cloud.cfg or cloud-config from user-data”

So I then took a look for /etc/cloud/templates/hosts.tmpl, but found a number of similar files - hosts.debian.tmpl, hosts.redhat.tmpl, hosts.suse.tmpl…

I tried adding my domain to the etc/hosts file, and then also tried debian hosts file, but this did not work on either of them.

In addition, I couldn’t actually find the 'manageetchosts’ value in /etc/cloud/cloud.cfg… Confusing given the message in the hosts file?!

Also, should I be adding a hostname or anything in addition to www.yourdomain.com?

Apologies for the brain-dump :)
- gparent June 15, 2016
  
  Did you purchase a domain name? Because if you did there’s no point in modifying the system’s /etc/hosts file at all.
  
  beardyjaws June 15, 2016
  
  I have purchased a domain name - but not from Digital Ocean…
  
  Does that have a bearing on this?
  
  gparent June 15, 2016
  
  Yes, you don’t need to mess around in /etc/hosts.
  
  What is the domain name (A record) associated with your droplet?
  
  beardyjaws June 15, 2016
  
  If you’re asking if I'ved created any DNS records in the droplet settings on DO, I haven’t done that, I just have the IP of the droplet added in my Cloudflare account associated with my domain
  
  Ian2015 June 15, 2016
  
  He needs to, as he wrote … he’s using CloudFlare.
  
  gparent June 15, 2016
  
  You will need to go to CloudFlare and create another record that isn’t protected by CloudFlare (using the cloud icon with an arrow). When you connect using that record, it will resolve to your droplet’s IP instead of CloudFlare’s server.
  
  beardyjaws June 16, 2016
  
  Thanks for your replies gparent and Ian2015, I did actually try adding another record to my CloudFlare account to bypass, but this had no effect, but I think this would negate the point of having CloudFlare set up on my domain?
  
  gparent June 16, 2016
  
  The idea is that the public domain is protected by cloudflare and the one you keep for yourself isn’t. Therefore the one you keep for yourself accesses your IP directly and can use any of the services you host on that machine.
  
  gparent June 16, 2016
  
  [deleted]
  
  beardyjaws July 1, 2016
  
  Hi gparent, thanks for all your time and your input on this… I’m afraid I’m not much closer to achieving the goal.
  
  Is there any way you could provide a process to get this working, with the info I have provided on the setup?
  
  Or, do you think with that current set up as I have described, it’s not possible to do this?
  
  Thanks again for your time :)

Answer 4

beardyjaws June 15, 2016

Thanks for your reply! I just had a look in etc/hosts, and found this message:

“Your system has configured ‘manageetchosts’ as True.
As a result, if you wish for changes to this file to persist
then you will need to either
a.) make changes to the master file in /etc/cloud/templates/hosts.tmpl
b.) change or remove the value of 'manageetchosts’ in
/etc/cloud/cloud.cfg or cloud-config from user-data”

So I then took a look for /etc/cloud/templates/hosts.tmpl, but found a number of similar files - hosts.debian.tmpl, hosts.redhat.tmpl, hosts.suse.tmpl…

I tried adding my domain to the etc/hosts file, and then also tried debian hosts file, but this did not work on either of them.

In addition, I couldn’t actually find the 'manageetchosts’ value in /etc/cloud/cloud.cfg… Confusing given the message in the hosts file?!

Also, should I be adding a hostname or anything in addition to www.yourdomain.com?

Apologies for the brain-dump :)
- gparent June 15, 2016
  
  Did you purchase a domain name? Because if you did there’s no point in modifying the system’s /etc/hosts file at all.
  
  beardyjaws June 15, 2016
  
  I have purchased a domain name - but not from Digital Ocean…
  
  Does that have a bearing on this?
  
  gparent June 15, 2016
  
  Yes, you don’t need to mess around in /etc/hosts.
  
  What is the domain name (A record) associated with your droplet?
  
  beardyjaws June 15, 2016
  
  If you’re asking if I'ved created any DNS records in the droplet settings on DO, I haven’t done that, I just have the IP of the droplet added in my Cloudflare account associated with my domain
  
  Ian2015 June 15, 2016
  
  He needs to, as he wrote … he’s using CloudFlare.
  
  gparent June 15, 2016
  
  You will need to go to CloudFlare and create another record that isn’t protected by CloudFlare (using the cloud icon with an arrow). When you connect using that record, it will resolve to your droplet’s IP instead of CloudFlare’s server.
  
  beardyjaws June 16, 2016
  
  Thanks for your replies gparent and Ian2015, I did actually try adding another record to my CloudFlare account to bypass, but this had no effect, but I think this would negate the point of having CloudFlare set up on my domain?
  
  gparent June 16, 2016
  
  The idea is that the public domain is protected by cloudflare and the one you keep for yourself isn’t. Therefore the one you keep for yourself accesses your IP directly and can use any of the services you host on that machine.
  
  gparent June 16, 2016
  
  [deleted]
  
  beardyjaws July 1, 2016
  
  Hi gparent, thanks for all your time and your input on this… I’m afraid I’m not much closer to achieving the goal.
  
  Is there any way you could provide a process to get this working, with the info I have provided on the setup?
  
  Or, do you think with that current set up as I have described, it’s not possible to do this?
  
  Thanks again for your time :)

How do I SSH into a droplet with my domain name instead of the IP address

Leave a Comment

Share

Share your Question

How do I SSH into a droplet with my domain name instead of the IP address

Leave a Comment

Related

question

How can I set my external DNS for a subdomain pointing to my Prosper202 installed on the Droplet?

question

Dynamic DO Droplets' creation and configuration of

question

About custom name server

question

SFTP working for Filezilla but not for for my Editor called Komodo Edit

Almost there!