How do I SSH into a droplet with my domain name instead of the IP address

June 15, 2016 7.3k views
DigitalOcean DNS LAMP Stack Ubuntu
beardyjaws
By:
beardyjaws

I asked for help on this on the most similar question in the forum, but no luck yet....

I want to SSH into my droplet using the domain name that I have set up instead of the the IP address of the droplet.

I don't have a complicated set up - just LAMP Ubuntu 14.04, but I do have CloudFlare set up managing the name servers for the domain.

If anyone can tell me if this is possible and the steps required to get it working, I'd be very grateful :)

2 comments
  • brass June 16, 2016

    what OS do you use to initiate the ssh session with your droplet?

  • beardyjaws July 1, 2016

    Hi brass, apologies for the delay in replying. I work from a Mac and the intention would be to use either command prompt from Terminal or - more closely related to my issue - access the droplet via some kind of FTP client like Cyberduck.

    Specifically, the situation I'm looking for would be the ability to log into the droplet in Cyberduck so I would be able to copy the URLs of hosted assets such as images. So, rather than having the IP of the droplet in the address, it would be the domain name of my website.

    After all the good advice provided on this thread, I'm afraid I'm not any closer to achieving this... Any ideas?

    Thanks for you time :)

Log In to Comment
2 Answers
IcyApril June 15, 2016

From a security perspective having subdomains that route around CloudFlare is a really bad idea.

You're far better off setting an SSH config file that allows you to connect to a given host using a custom alias whilst also being able to add additional configuration.

Reply
  • beardyjaws June 16, 2016

    Hi, thanks for your reply - it did occur to me that routing around CloudFlare defeats the point somewhat...

    You'll have to forgive me because I am total newbie with this, other than the most basic SSH stuff. I read the post you kindly provided on setting up an SSH config file but I am not sure how I would use it to solve my problem.

    To go into the problem a little further and explain why I would like to SSH with the domain instead of the IP - I want to be able to set up a file manager (Cyberduck in my case) so that I can get the URLs of documents on my site with the domain appended, rather than the IP address.

    Perhaps you could provide an example of how to set up an SSH config file to enable the domain to be resolved?

    Thanks very much for your insight so far :)

    • gparent June 18, 2016

      Routing around CloudFlare doesn't defeat the point at all. If you start distributing that domain name around then yes an attacker could use it, but as evidenced by the documentation linked above, it's perfectly fine (and even encouraged) to set up hostnames for your machines that you want to contact directly.

      It's not possible to have an SSH config that allows the domain to be resolve without making the domain resolve. Such a config would hard code IP addresses in it and is more error-prone and difficult to maintain.

Ian2015 June 15, 2016

you would have to add www.yourdomain.com in /etc/hosts of the server(or client) you use ssh from.

Reply
  • beardyjaws June 15, 2016

    Thanks for your reply! I just had a look in etc/hosts, and found this message:

    "Your system has configured 'manageetchosts' as True.
    As a result, if you wish for changes to this file to persist
    then you will need to either
    a.) make changes to the master file in /etc/cloud/templates/hosts.tmpl
    b.) change or remove the value of 'manageetchosts' in
    /etc/cloud/cloud.cfg or cloud-config from user-data"

    So I then took a look for /etc/cloud/templates/hosts.tmpl, but found a number of similar files - hosts.debian.tmpl, hosts.redhat.tmpl, hosts.suse.tmpl...

    I tried adding my domain to the etc/hosts file, and then also tried debian hosts file, but this did not work on either of them.

    In addition, I couldn't actually find the 'manageetchosts' value in /etc/cloud/cloud.cfg... Confusing given the message in the hosts file?!

    Also, should I be adding a hostname or anything in addition to www.yourdomain.com?

    Apologies for the brain-dump :)

    • gparent June 15, 2016

      Did you purchase a domain name? Because if you did there's no point in modifying the system's /etc/hosts file at all.

      • beardyjaws June 15, 2016

        I have purchased a domain name - but not from Digital Ocean...

        Does that have a bearing on this?

        • gparent June 15, 2016

          Yes, you don't need to mess around in /etc/hosts.

          What is the domain name (A record) associated with your droplet?

          • beardyjaws June 15, 2016

            If you're asking if I'ved created any DNS records in the droplet settings on DO, I haven't done that, I just have the IP of the droplet added in my Cloudflare account associated with my domain

          • Ian2015 June 15, 2016

            He needs to, as he wrote ... he's using CloudFlare.

          • gparent June 15, 2016

            You will need to go to CloudFlare and create another record that isn't protected by CloudFlare (using the cloud icon with an arrow). When you connect using that record, it will resolve to your droplet's IP instead of CloudFlare's server.

          • beardyjaws June 16, 2016

            Thanks for your replies gparent and Ian2015, I did actually try adding another record to my CloudFlare account to bypass, but this had no effect, but I think this would negate the point of having CloudFlare set up on my domain?

          • gparent June 16, 2016

            The idea is that the public domain is protected by cloudflare and the one you keep for yourself isn't. Therefore the one you keep for yourself accesses your IP directly and can use any of the services you host on that machine.

        • gparent June 16, 2016
          [deleted]
          • beardyjaws July 1, 2016

            Hi gparent, thanks for all your time and your input on this... I'm afraid I'm not much closer to achieving the goal.

            Is there any way you could provide a process to get this working, with the info I have provided on the setup?

            Or, do you think with that current set up as I have described, it's not possible to do this?

            Thanks again for your time :)

Have another answer? Share your knowledge.

Related Questions