Question

How do I SSH into a droplet with my domain name instead of the IP address

Posted June 15, 2016 11k views
Ubuntu LAMP Stack DigitalOcean DNS

I asked for help on this on the most similar question in the forum, but no luck yet....

I want to SSH into my droplet using the domain name that I have set up instead of the the IP address of the droplet.

I don’t have a complicated set up - just LAMP Ubuntu 14.04, but I do have CloudFlare set up managing the name servers for the domain.

If anyone can tell me if this is possible and the steps required to get it working, I’d be very grateful :)

Add a comment
beardyjaws
By:
beardyjaws
Add a comment
2 comments
  • brass June 16, 2016
    Reply Report

    what OS do you use to initiate the ssh session with your droplet?

  • beardyjaws July 1, 2016
    Reply Report

    Hi brass, apologies for the delay in replying. I work from a Mac and the intention would be to use either command prompt from Terminal or - more closely related to my issue - access the droplet via some kind of FTP client like Cyberduck.

    Specifically, the situation I’m looking for would be the ability to log into the droplet in Cyberduck so I would be able to copy the URLs of hosted assets such as images. So, rather than having the IP of the droplet in the address, it would be the domain name of my website.

    After all the good advice provided on this thread, I’m afraid I’m not any closer to achieving this… Any ideas?

    Thanks for you time :)

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

2 answers
IcyApril June 15, 2016

From a security perspective having subdomains that route around CloudFlare is a really bad idea.

You’re far better off setting an SSH config file that allows you to connect to a given host using a custom alias whilst also being able to add additional configuration.

Reply Report
  • beardyjaws June 16, 2016

    Hi, thanks for your reply - it did occur to me that routing around CloudFlare defeats the point somewhat…

    You’ll have to forgive me because I am total newbie with this, other than the most basic SSH stuff. I read the post you kindly provided on setting up an SSH config file but I am not sure how I would use it to solve my problem.

    To go into the problem a little further and explain why I would like to SSH with the domain instead of the IP - I want to be able to set up a file manager (Cyberduck in my case) so that I can get the URLs of documents on my site with the domain appended, rather than the IP address.

    Perhaps you could provide an example of how to set up an SSH config file to enable the domain to be resolved?

    Thanks very much for your insight so far :)

    Reply Report
    • gparent June 18, 2016

      Routing around CloudFlare doesn’t defeat the point at all. If you start distributing that domain name around then yes an attacker could use it, but as evidenced by the documentation linked above, it’s perfectly fine (and even encouraged) to set up hostnames for your machines that you want to contact directly.

      It’s not possible to have an SSH config that allows the domain to be resolve without making the domain resolve. Such a config would hard code IP addresses in it and is more error-prone and difficult to maintain.

      Reply Report
Ian2015 June 15, 2016

you would have to add www.yourdomain.com in /etc/hosts of the server(or client) you use ssh from.

Reply Report
  • beardyjaws June 15, 2016

    Thanks for your reply! I just had a look in etc/hosts, and found this message:

    “Your system has configured ‘manageetchosts’ as True.
    As a result, if you wish for changes to this file to persist
    then you will need to either
    a.) make changes to the master file in /etc/cloud/templates/hosts.tmpl
    b.) change or remove the value of 'manageetchosts’ in
    /etc/cloud/cloud.cfg or cloud-config from user-data”

    So I then took a look for /etc/cloud/templates/hosts.tmpl, but found a number of similar files - hosts.debian.tmpl, hosts.redhat.tmpl, hosts.suse.tmpl…

    I tried adding my domain to the etc/hosts file, and then also tried debian hosts file, but this did not work on either of them.

    In addition, I couldn’t actually find the 'manageetchosts’ value in /etc/cloud/cloud.cfg… Confusing given the message in the hosts file?!

    Also, should I be adding a hostname or anything in addition to www.yourdomain.com?

    Apologies for the brain-dump :)

    Reply Report
    • gparent June 15, 2016

      Did you purchase a domain name? Because if you did there’s no point in modifying the system’s /etc/hosts file at all.

      Reply Report
      • beardyjaws June 15, 2016

        I have purchased a domain name - but not from Digital Ocean…

        Does that have a bearing on this?

        Reply Report
        • gparent June 15, 2016

          Yes, you don’t need to mess around in /etc/hosts.

          What is the domain name (A record) associated with your droplet?

          Reply Report
          • beardyjaws June 15, 2016

            If you’re asking if I'ved created any DNS records in the droplet settings on DO, I haven’t done that, I just have the IP of the droplet added in my Cloudflare account associated with my domain

            Reply Report
          • Ian2015 June 15, 2016

            He needs to, as he wrote … he’s using CloudFlare.

            Reply Report
          • gparent June 15, 2016

            You will need to go to CloudFlare and create another record that isn’t protected by CloudFlare (using the cloud icon with an arrow). When you connect using that record, it will resolve to your droplet’s IP instead of CloudFlare’s server.

            Reply Report
          • beardyjaws June 16, 2016

            Thanks for your replies gparent and Ian2015, I did actually try adding another record to my CloudFlare account to bypass, but this had no effect, but I think this would negate the point of having CloudFlare set up on my domain?

            Reply Report
          • gparent June 16, 2016

            The idea is that the public domain is protected by cloudflare and the one you keep for yourself isn’t. Therefore the one you keep for yourself accesses your IP directly and can use any of the services you host on that machine.

            Reply Report
        • gparent June 16, 2016
          [deleted]
          Reply Report
          • beardyjaws July 1, 2016

            Hi gparent, thanks for all your time and your input on this… I’m afraid I’m not much closer to achieving the goal.

            Is there any way you could provide a process to get this working, with the info I have provided on the setup?

            Or, do you think with that current set up as I have described, it’s not possible to do this?

            Thanks again for your time :)

            Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help